Ana içeriğe atla
Eğer log yönetimi Apinizer üzerinden yapılacaksa bu işlemlerin yapılmasına gerek yoktur, bu işlemler Apinizer tarafından otomatik olarak yapılmaktadır.

Değişkenler

İstekler yer alan dinamik değerler ve açıklamaları aşağıdaki tabloda görülmektedir.
DeğişkenAçıklaması
<ELASTICSEARCH_IP_ADDRESS>Elasticsearch cluster’ının host bilgisidir.
<ELASTICSEARCH_PORT>Elasticsearch cluster’ının port bilgisidir.

ILM Politikaları Oluşturma

apinizer-log-ilm-policy-default adlı ILM Politikası Oluşturma İsteği

curl -XPUT "http://<ELASTICSEARCH_IP_ADDRESS>:<ELASTICSEARCH_PORT>/_ilm/policy/apinizer-log-ilm-policy-<INDEX_KEY>" -H 'Content-Type: application/json' -d 
'{
  "policy": {
    "phases": {
      "hot": {
        "min_age": "0ms",
        "actions": {
          "rollover": {
            "max_age": "30d",
            "max_size": "30gb",
            "max_docs": 15000000
          },
          "set_priority": {
            "priority": null
          }
        }
      },
      "warm": {
        "actions": {
          "readonly": {},
          "allocate": {
            "number_of_replicas": 0,
            "include": {},
            "exclude": {}
          },
          "shrink": {
            "number_of_shards": 1
          },
          "forcemerge": {
            "max_num_segments": 1
          },
          "set_priority": {
            "priority": null
          }
        }
      },
      "cold": {
        "min_age": "90d",
        "actions": {
          "set_priority": {
            "priority": null
          }
        }
      }
    }
  }
}'

Template Oluşturma

apinizer-log-apiproxy-template-default adlı Template Oluşturma İsteği

curl -XPUT "http://<ELASTICSEARCH_IP_ADDRESS>:<ELASTICSEARCH_PORT>/_index_template/apinizer-log-apiproxy-template-<INDEX_KEY>" -H 'Content-Type: application/json' -d
'{
  "index_patterns": ["apinizer-log-apiproxy-<INDEX_KEY>"],
  "data_stream": {},
  "template": {
    "settings": {
      "index": {
        "lifecycle": {
          "name": "apinizer-log-ilm-policy-<INDEX_KEY>"
        },
        "number_of_shards": "1",
        "number_of_replicas": "0",
        "refresh_interval":"5s"
      }
    },
    "mappings": {
      "properties": {
        "aprp": {
          "type": "keyword"
        },
        "fcrb": {
          "type": "text"
        },
        "hr1ru": {
          "type": "keyword"
        },
        "aci": {
          "type": "keyword"
        },
        "tapt": {
          "type": "integer"
        },
        "trqpt": {
          "type": "integer"
        },
        "trspt": {
          "type": "integer"
        },
        "hr1rp": {
          "type": "keyword"
        },
        "uok": {
          "ignore_above": 50,
          "type": "keyword"
        },
        "sr2t": {
          "type": "integer"
        },
        "fcrp": {
          "type": "nested",
          "properties": {
            "k": {
              "type": "keyword"
            },
            "v": {
              "type": "keyword"
            }
          }
        },
        "api": {
          "type": "keyword"
        },
        "appi": {
          "type": "keyword"
        },
        "appin": {
          "type": "keyword"
        },
        "fcrh": {
          "type": "nested",
          "properties": {
            "k": {
              "type": "keyword"
            },
            "v": {
              "type": "keyword"
            }
          }
        },
        "apn": {
          "type": "keyword"
        },
        "pet": {
          "ignore_above": 75,
          "type": "keyword"
        },
        "apr": {
          "type": "short"
        },
        "tbah": {
          "type": "nested",
          "properties": {
            "k": {
              "type": "keyword"
            },
            "v": {
              "type": "keyword"
            }
          }
        },
        "ei": {
          "type": "keyword"
        },
        "apmi": {
          "type": "keyword"
        },
        "hr1qs": {
          "type": "keyword"
        },
        "tbap": {
          "type": "nested",
          "properties": {
            "k": {
              "type": "keyword"
            },
            "v": {
              "type": "keyword"
            }
          }
        },
        "ra": {
          "type": "keyword"
        },
        "et": {
          "ignore_above": 75,
          "type": "keyword"
        },
        "tba": {
          "type": "text"
        },
        "hr1rh": {
          "type": "keyword"
        },
        "trt": {
          "type": "integer"
        },
        "rrc": {
          "type": "integer"
        },
        "rfc": {
          "type": "integer"
        },
        "sr1t": {
          "type": "integer"
        },
        "hr1ra": {
          "type": "text",
          "fields": {
            "keyword": {
              "type": "keyword"
            }
          }
        },
        "xff": {
          "type": "keyword"
        },
        "apmn": {
          "type": "keyword"
        },
        "hr1hm": {
          "ignore_above": 50,
          "type": "keyword"
        },
        "rt": {
          "ignore_above": 7,
          "type": "keyword"
        },
        "hr1lp": {
          "type": "keyword"
        },
        "hr1ln": {
          "type": "keyword"
        },
        "hr1pi": {
          "type": "keyword"
        },
        "sc": {
          "type": "short"
        },
        "fbarh": {
          "type": "nested",
          "properties": {
            "k": {
              "type": "keyword"
            },
            "v": {
              "type": "keyword"
            }
          }
        },
        "tcb": {
          "type": "text"
        },
        "hr1rsi": {
          "type": "keyword"
        },
        "tch": {
          "type": "nested",
          "properties": {
            "k": {
              "type": "keyword"
            },
            "v": {
              "type": "keyword"
            }
          }
        },
        "eat": {
          "type": "keyword"
        },
        "hr1r1u": {
          "type": "keyword"
        },
        "hr1p": {
          "type": "keyword"
        },
        "hr1s": {
          "type": "keyword"
        },
        "fbarb": {
          "type": "text"
        },
        "@timestamp": {
          "format": "yyyy-MM-dd'T'HH:mm:ss.S'Z'||yyyy-MM-dd'T'HH:mm:ss.SS'Z'||yyyy-MM-dd'T'HH:mm:ss.SSS'Z'",
          "type": "date"
        },
        "ch": {
          "type": "boolean"
        },
        "hr1ce": {
          "type": "keyword"
        },
        "hr1sp": {
          "type": "keyword"
        },
		"loc" : {
		  "type": "geo_point"
        },
        "hr1sn": {
          "type": "keyword"
        },
        "hr1la": {
          "type": "keyword"
        },
        "hr1ct": {
          "ignore_above": 50,
          "type": "keyword"
        },
        "pi": {
          "type": "keyword"
        },
        "hr1cp": {
          "type": "keyword"
        },
        "hr1cl": {
          "type": "keyword"
        }
      }
    }
  }
}'

Template Veri Yapısı Tablosu

Alan AdıAlanda Tutulan Veri/AçıklamasıJava Mapping TypeElastic Search Mapping Type
@timestampTime StampInstantdate format: yyyy-MM-dd’T’HH:mm:ss.S’Z’ yyyy-MM-dd’T’HH:mm:ss.SS’Z’ yyyy-MM-dd’T’HH:mm:ss.SSS’Z’
aciApinizer Correlation IDStringkeyword
eiEnvironment IDStringkeyword
piProject IDStringkeyword
apiAPI Proxy IDStringkeyword
appiApplication IDStringkeyword
appinApplication NameStringkeyword
apnAPI Proxy NameStringkeyword
eatAPI TypeEnumkeyword
aprAPI Proxy RevisionIntegershort
aprpAPI Proxy Relative PathStringkeyword
apmiAPI Proxy Method IDStringkeyword
apmnAPI Proxy Method NameStringkeyword
xffX Forwarded ForStringkeyword
hr1raHTTP Request Remote AddressStringtext, keyword
hr1hmHTTP Request HTTP MethodStringkeyword ignore_above: 50
hr1ctHTTP Request Content TypeStringkeyword ignore_above: 50
uokUsername or KeyStringkeyword ignore_above: 50
raRouting AddressStringkeyword
rrcRouting Retry CountIntegerinteger
rfcRouting Failover CountIntegerinteger
trqptTime Request Pipeline TotalIntegerinteger
trsptTime Response Pipeline TotalIntegerinteger
trtTime Routing TotalIntegerinteger
taptTime API Proxy TotalIntegerinteger
sr1tSize Request TotalIntegerinteger
sr2tSize Response TotalIntegerinteger
chCache HitBooleanboolean
scStatus Codeintshort
etError TypeEnumkeyword ignore_above: 75
petParent Error TypeEnumkeyword ignore_above: 75
rtResult TypeEnumkeyword ignore_above: 7
hr1piHTTP Request Path InfoStringkeyword
hr1cpHTTP Request Context PathStringkeyword
hr1qsHTTP Request Query StringStringkeyword
hr1ruHTTP Request Remote UserStringkeyword
hr1rsiHTTP Request Requested SessionIDStringkeyword
hr1r1uHTTP Request Request URIStringkeyword
hr1ceHTTP Request Character EncodingStringkeyword
hr1clHTTP Request Content LengthStringkeyword
hr1pHTTP Request ProtocolStringkeyword
hr1sHTTP Request SchemeStringkeyword
hr1snHTTP Request Server NameStringkeyword
hr1spHTTP Request Server PortStringkeyword
locLocationGeoLocation{ Double lat, Double lon }geo_point
hr1rhHTTP Request Remote HostStringkeyword
hr1rpHTTP Request Remote PortStringkeyword
hr1lnHTTP Request Local NameStringkeyword
hr1laHTTP Request Local AddrStringkeyword
hr1lpHTTP Request Local PortStringkeyword
fcrpFrom Client Read Only ParameterMap<String,String>nested k: keyword v: keyword
fcrhFrom Client Read Only HeaderMap<String,String>nested k: keyword v: keyword
fcrbFrom Client Read Only BodyStringtext
tbapTo Backend API ParameterMap<String,String>nested k: keyword v: keyword
tbahTo Backend API HeaderMap<String,String>nested k: keyword v: keyword
tbaTo Backend API BodyStringtext
fbarhFrom Backend API Read Only HeaderMap<String,String>nested k: keyword v: keyword
fbarbFrom Backend API Read Only BodyStringtext
tchTo Client HeaderMap<String,String>nested k: keyword v: keyword
tcbTo Client BodyStringtext
Bu veri yapısında oluşan veri örneğini API Trafiği Log Kaydı Veri Yapısı sayfasında inceleyebilirsiniz.

Indeks Oluşturma ve Sorgulama

Data stream ile indeks oluşurken ya da sorgulama yapılırken, istekler template’in içerisinde yer alan index_patterns meta verisi içerindeki değere gönderilir.

Indeks Oluşturma

curl -XPOST "http://<ELASTICSEARCH_IP_ADDRESS>:<ELASTICSEARCH_PORT>/apinizer-log-apiproxy-<INDEX_KEY>/_doc" -H 'Content-Type: application/json' -d'{"@timestamp": "2023-05-31T11:40:36.376Z"}'

Sorgu Çalıştırma

curl -XGET "http://<ELASTICSEARCH_IP_ADDRESS>:<ELASTICSEARCH_PORT>/apinizer-log-apiproxy-<INDEX_KEY>/_search" -H 'Content-Type: application/json' -d
'{
  "from": 0,
  "size": 10,
  "query": {
    "bool": {
      "filter": [
        {
          "range": {
            "@timestamp": {
              "from": "now-10m/m",
              "to": "now/m",
              "include_lower": true,
              "include_upper": true
            }
          }
        }
      ],
      "adjust_pure_negative": true,
      "boost": 1
    }
  }, 
  "sort": [
    {
      "@timestamp": {
        "order": "desc"
      }
    }
  ]
}'