Best practices for building real-time monitoring systems using php Elasticsearch

Best practices for building real-time monitoring systems using php Elasticsearch, including code examples

Introduction:
Real-time monitoring systems are becoming more and more popular in today's information age The more important it is. It helps us track and monitor the performance, health, logs and other information of applications or network services. php Elasticsearch, as a powerful search engine, can be used to build real-time monitoring systems. This article will introduce the best practices on how to use php Elasticsearch to build a real-time monitoring system and provide corresponding code examples.

1. Install Elasticsearch and PHP Elasticsearch client library
First, we need to install Elasticsearch and PHP Elasticsearch client library. You can install it with the following command:

curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.2-linux-x86_64.tar.gz
tar -xvf elasticsearch-7.9.2-linux-x86_64.tar.gz
cd elasticsearch-7.9.2/bin
./elasticsearch

Install the PHP Elasticsearch client library, and you can manage dependencies through Composer. Create a composer.json file in the project root directory with the following content:

{
  "require": {
    "elasticsearch/elasticsearch": "^7.0"
  }
}

Then run the following command to install the library:

composer install

2. Create Elasticsearch index and mapping
Before building a real-time monitoring system, we need to create Elasticsearch indexes and mappings. In this example, we will take the access log of a website as an example. It is assumed that each log entry contains the following fields: IP address, timestamp, HTTP request method, HTTP request path, and response time.

Use the PHP Elasticsearch client library to create indexes and mappings. The sample code is as follows:

<?php
require 'vendor/autoload.php';

use ElasticsearchClientBuilder;

$client = ClientBuilder::create()->build();

$params = [
    'index' => 'logs',
    'body' => [
        'mappings' => [
            'properties' => [
                'ip' => ['type' => 'ip'],
                'timestamp' => ['type' => 'date'],
                'request_method' => ['type' => 'keyword'],
                'request_path' => ['type' => 'keyword'],
                'response_time' => ['type' => 'float']
            ]
        ]
    ]
];

$response = $client->indices()->create($params);

if ($response['acknowledged']) {
    echo '索引和映射创建成功！';
} else {
    echo '索引和映射创建失败！';
}
?>

3. Record log data to Elasticsearch
After having the index and mapping, we need to log Data is logged into Elasticsearch. You can write a PHP script to read the log file and then insert each piece of log data into Elasticsearch.

The sample code is as follows:

<?php
require 'vendor/autoload.php';

use ElasticsearchClientBuilder;

$client = ClientBuilder::create()->build();

$logFile = 'access.log';

$file = fopen($logFile, 'r');

while ($line = fgets($file)) {
    $logData = explode('|', $line);

    $params = [
        'index' => 'logs',
        'body' => [
            'ip' => $logData[0],
            'timestamp' => date('Y-m-d H:i:s', strtotime($logData[1])),
            'request_method' => $logData[2],
            'request_path' => $logData[3],
            'response_time' => floatval($logData[4])
        ]
    ];

    $response = $client->index($params);

    if ($response['result'] == 'created') {
        echo '日志数据插入成功！';
    } else {
        echo '日志数据插入失败！';
    }
}

fclose($file);
?>

4. Query and analyze log data
In real-time monitoring systems, we usually need to query and analyze log data based on different conditions. You can use Elasticsearch's query API to achieve this functionality.

The sample code is as follows:

<?php
require 'vendor/autoload.php';

use ElasticsearchClientBuilder;

$client = ClientBuilder::create()->build();

$params = [
    'index' => 'logs',
    'body' => [
        'query' => [
            'bool' => [
                'filter' => [
                    'range' => [
                        'response_time' => ['gte' => 1000]
                    ]
                ]
            ]
        ],
        'aggs' => [
            'total_response_time' => [
                'sum' => ['field' => 'response_time']
            ],
            'avg_response_time' => [
                'avg' => ['field' => 'response_time']
            ]
        ]
    ]
];

$response = $client->search($params);

// 处理查询结果
?>

The above sample code uses a range query to find log entries with a response time greater than or equal to 1 second, and calculates the total response time and average response time.

Conclusion:
This article introduces the best practices for building a real-time monitoring system using php Elasticsearch and provides corresponding code examples. By following the above steps to install Elasticsearch and the PHP Elasticsearch client library, and creating indexes and mappings, you can record log data to Elasticsearch, query and analyze the data, thereby realizing a simple and fully functional real-time monitoring system. I hope this article can provide useful guidance and assistance to readers in building real-time monitoring systems.

The above is the detailed content of Best practices for building real-time monitoring systems using php Elasticsearch. For more information, please follow other related articles on the PHP Chinese website!