python拉取elk的数据

Catalogue

1. 获取elk的服务信息
1. 1.1. elk的版本是 7.5.0，所以elasticsearch 模块的大版本也要是7的版本
2. 1.2. 查看elasticsearch的版本
2. python连接elasticsearch失败

使用python中的elasticsearch模块拉取数据，注意elasticsearch模块的版本要与ekl的版本一致（大版本上）

获取elk的服务信息

[root@Fish ~]# curl 192.168.3.111:9200
{
  "name" : "elk-masterX",
  "cluster_name" : "XXX",
  "cluster_uuid" : "XXX",
  "version" : {
    "number" : "7.5.0",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "e9ccaed468e2fac2275a3761849",
    "build_date" : "2021-11-26T01:06:52.518XXXX",
    "build_snapshot" : false,
    "lucene_version" : "8.3.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

如果elk使用https证书认证

使用如下方法获取elk信息

1	curl --user user:pwd https://192.168.0.3:9200 -k

curl -k 可以跳过证书认证

elk的版本是 7.5.0，所以elasticsearch 模块的大版本也要是7的版本

1	pip3 install elasticsearch==7.13.0

查看elasticsearch的版本

1	pip3 list\|grep el

python连接elasticsearch失败

1
2

“URL must include a ‘scheme’, ‘host’, and ‘port’ component (ie ‘https://localhost:9200’)”
ValueError: URL must include a ‘scheme’, ‘host’, and ‘port’ component (ie ‘https://localhost:9200’)

1
2
3

pip3 uninstall elasticsearch

pip3 install elasticsearch==7.13.0