Inicio Explorar Axuda
Iniciar sesión
wigust
/
dotfiles
Seguir 2
Destacar 1
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: 3a6ed2cdb7
Ramas Etiquetas
dotfiles
/
dot_local
/
bin
/
executable_opensearch

executable_opensearch 2.5 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 
  1. #!/usr/bin/env bash
    2. 

  2. 

  3. # Run example:
    4. 

  4. # OPENSEARCH_ENDPOINT="https://opensearch.corp1.majordomo.ru" OPENSEARCH_PASSWORD="$(pass show majordomo/public/opensearch-dashboards/admin)" OPENSEARCH_QUERY_SIZE=5 OPENSEARCH_QUERY_NAMESPACE=opensearch OPENSEARCH_QUERY_MINUTES=5 /home/oleg/.local/share/chezmoi/dot_local/bin/executable_opensearch search
    5. 

  5. 

  6. OPENSEARCH_ARGS=(
    7. 

  7.     --user "admin:${OPENSEARCH_PASSWORD}"
    8. 

  8. )
    9. 

  9. 

  10. case "$1" in
    11. 

  11.     search)
    12. 

  12.         opensearch_query()
    13. 

  13.         {
    14. 

  14.             cat <<EOF
    15. 

  15. {
    16. 

  16.   "version": true,
    17. 

  17.   "size": ${OPENSEARCH_QUERY_SIZE:-1000},
    18. 

  18.   "sort": [
    19. 

  19.     {
    20. 

  20.       "@timestamp": {
    21. 

  21.         "order": "desc",
    22. 

  22.         "unmapped_type": "boolean"
    23. 

  23.       }
    24. 

  24.     }
    25. 

  25.   ],
    26. 

  26.   "aggs": {
    27. 

  27.     "2": {
    28. 

  28.       "date_histogram": {
    29. 

  29.         "field": "@timestamp",
    30. 

  30.         "calendar_interval": "1m",
    31. 

  31.         "time_zone": "Europe/Moscow",
    32. 

  32.         "min_doc_count": 1
    33. 

  33.       }
    34. 

  34.     }
    35. 

  35.   },
    36. 

  36.   "stored_fields": [
    37. 

  37.     "*"
    38. 

  38.   ],
    39. 

  39.   "script_fields": {},
    40. 

  40.   "docvalue_fields": [
    41. 

  41.     {
    42. 

  42.       "field": "@timestamp",
    43. 

  43.       "format": "date_time"
    44. 

  44.     },
    45. 

  45.     {
    46. 

  46.       "field": "time",
    47. 

  47.       "format": "date_time"
    48. 

  48.     }
    49. 

  49.   ],
    50. 

  50.   "_source": {
    51. 

  51.     "excludes": []
    52. 

  52.   },
    53. 

  53.   "query": {
    54. 

  54.     "bool": {
    55. 

  55.       "must": [],
    56. 

  56.       "filter": [
    57. 

  57.         {
    58. 

  58.           "match_all": {}
    59. 

  59.         },
    60. 

  60.         {
    61. 

  61.           "match_phrase": {
    62. 

  62.             "kubernetes.namespace_name.keyword": "${OPENSEARCH_QUERY_NAMESPACE}"
    63. 

  63.           }
    64. 

  64.         },
    65. 

  65.         {
    66. 

  66.           "range": {
    67. 

  67.             "@timestamp": {
    68. 

  68.               "gte": "$(date -u -d "-${OPENSEARCH_QUERY_MINUTES:-60} minutes" +"%Y-%m-%dT%H:%M:%S.%3NZ")",
    69. 

  69.               "lte": "$(date -u +"%Y-%m-%dT%H:%M:%S.%3NZ")",
    70. 

  70.               "format": "strict_date_optional_time"
    71. 

  71.             }
    72. 

  72.           }
    73. 

  73.         }
    74. 

  74.       ],
    75. 

  75.       "should": [],
    76. 

  76.       "must_not": []
    77. 

  77.     }
    78. 

  78.   },
    79. 

  79.   "highlight": {
    80. 

  80.     "pre_tags": [
    81. 

  81.       "@opensearch-dashboards-highlighted-field@"
    82. 

  82.     ],
    83. 

  83.     "post_tags": [
    84. 

  84.       "@/opensearch-dashboards-highlighted-field@"
    85. 

  85.     ],
    86. 

  86.     "fields": {
    87. 

  87.       "*": {}
    88. 

  88.     },
    89. 

  89.     "fragment_size": 2147483647
    90. 

  90.   }
    91. 

  91. }
    92. 

  92. EOF
    93. 

  93.         }
    94. 

  94.         echo "$(opensearch_query)" \
    95. 

  95.             | curl --max-time 5 \
    96. 

  96.                    --insecure \
    97. 

  97.                    --silent "${OPENSEARCH_ARGS[@]}" \
    98. 

  98.                    --header 'Content-Type: application/json' \
    99. 

  99.                    --data @- \
    100. 

  100.                    "${OPENSEARCH_ENDPOINT}/logstash-*/_search" \
    101. 

  101.             | jq --raw-output '.hits.hits | group_by(._source.kubernetes.pod_name)[][] | [._source.kubernetes.pod_name, ._source.log] | @tsv' \
    102. 

  102.             | sort --version-sort
    103. 

  103.         ;;
    104. 

  104. esac
    105. 

  105.