ELK搭建-創(chuàng)新互聯(lián)

ELK搭建

一、elasticsearch

環(huán)境安裝：
node1 和node2都裝上
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

成都創(chuàng)新互聯(lián)公司不只是一家網(wǎng)站建設(shè)的網(wǎng)絡(luò)公司；我們對(duì)營(yíng)銷、技術(shù)、服務(wù)都有自己獨(dú)特見解，公司采取“創(chuàng)意+綜合+營(yíng)銷”一體化的方式為您提供更專業(yè)的服務(wù)！我們經(jīng)歷的每一步也許不一定是最完美的，但每一步都有值得深思的意義。我們珍視每一份信任，關(guān)注我們的網(wǎng)站設(shè)計(jì)制作、成都網(wǎng)站建設(shè)質(zhì)量和服務(wù)品質(zhì)，在得到用戶滿意的同時(shí)，也能得到同行業(yè)的專業(yè)認(rèn)可，能夠?yàn)樾袠I(yè)創(chuàng)新發(fā)展助力。未來將繼續(xù)專注于技術(shù)創(chuàng)新，服務(wù)升級(jí)，滿足企業(yè)一站式成都全網(wǎng)營(yíng)銷推廣需求，讓再小的成都品牌網(wǎng)站建設(shè)也能產(chǎn)生價(jià)值！

#安裝yum源

cat  >> /etc/yum.repos.d/elaticsearch.repo  <<EOF
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF

#安裝

yum -y install elasticsearch redis nginx java

#生成緩存

yum makecache

#測(cè)試java

[root@elk_node1 ~]# java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)

[root@elk_node2 ~]# java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)

配置文件設(shè)置
修改/etc/elasticsearch/elasticsearch.yml配置文件
node1配置文件

[root@elk_node1 ~]# grep '^[a-Z]' /etc/elasticsearch/elasticsearch.yml
cluster.name: huanqiu               ##集群名字
node.name: elk_node1                ##節(jié)點(diǎn)名字
path.data: /data/es-data                ##儲(chǔ)存數(shù)據(jù)路徑
path.logs: /var/log/elasticsearch/      ##日志路徑
bootstrap.memory_lock: true         ##鎖定內(nèi)存，不被使用到交換分區(qū)去（通常內(nèi)存不足時(shí)，休眠程序內(nèi)存信息會(huì)交換到交換分區(qū)）
network.host: 0.0.0.0               ##所有網(wǎng)絡(luò)  
http.port: 9200                 ##端口

node2配置文件

[root@elk_node2 ~]# grep '^[a-z]' /etc/elasticsearch/elasticsearch.yml
cluster.name: huanqiu
node.name: elk_node2
path.data: /data/es-data
path.logs: /var/log/elasticsearch/
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["172.16.10.76", "172.16.10.63"]

mkdir -p /data/es-data                              #創(chuàng)建數(shù)據(jù)存放路徑
chown -R elasticsearch.elasticsearch /data/es-data      #授權(quán)
systemctl start elasticsearch                           #開啟服務(wù)
systemctl enable elasticsearch                      #設(shè)置開機(jī)自啟動(dòng)
ss -lntup|grep 9200                                 #查看端口
tcp    LISTEN     0      50       :::9200                 :::*                   users:(("java",pid=3216,fd=93))
ss -lntup|grep 9300
tcp    LISTEN     0      50       :::9300                 :::*                   users:(("java",pid=3216,fd=81))

測(cè)試

[root@elk_node1 ~]# curl -I 172.16.10.76:9200
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
[root@elk_node2 ~]# curl -I 172.16.10.63:9200
HTTP/1.1 200 OK
Content-Type: text/plain; charset=UTF-8
Content-Length: 0

web測(cè)試：

安裝插件

安裝head插件

[root@elk_node1 ~]# /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
-> Installing mobz/elasticsearch-head...
Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ...
Downloading ..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed head into /usr/share/elasticsearch/plugins/head

##授權(quán)

[root@elk_node1 ~]# chown -R elasticsearch.elasticsearch /usr/share/elasticsearch/plugins/

安裝kopf插件

[root@elk_node1 ~]#/usr/share/elasticsearch/bin/plugin Installing lmenezes/elasticsearch-kopf
-> Installing lmenezes/elasticsearch-kopf...
Trying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip ...
Downloading .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Verifying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed kopf into /usr/share/elasticsearch/plugins/kopf
[root@elk_node1 ~]# systemctl restart elasticsearch
[root@elk_node1 ~]# ll /usr/share/elasticsearch/plugins/
總用量 4
drwxr-xr-x 6 elasticsearch elasticsearch 4096 6月   9 12:47 head
drwxr-xr-x 8 root          root           230 6月   9 13:04 kopf

測(cè)試驗(yàn)證head插件

測(cè)試kopf插件

二、logstash

環(huán)境安裝：

[root@elk_node1 ~]# vim /etc/yum.repos.d/logstash.repo
[logstash-2.1]
name=Logstash repository for 2.1.x packages
baseurl=http://packages.elastic.co/logstash/2.1/centos
gpgchech=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

yum -y install logstash

命令行輸入：
標(biāo)準(zhǔn)輸入，標(biāo)準(zhǔn)輸出

/opt/logstash/bin/logstash -e 'input{ stdin{} } output{ stdout{} }'

OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
aaa
bbb
ccc
Settings: Default filter workers: 1
Logstash startup completed
2019-06-09T08:42:01.876Z elk_node2 aaa
2019-06-09T08:42:01.877Z elk_node2 bbb
2019-06-09T08:42:01.878Z elk_node2 ccc

標(biāo)準(zhǔn)輸入，輸出rubydebug格式

/opt/logstash/bin/logstash -e 'input{ stdin{} } output{ stdout{ codec => rubydebug } }'

aaa
Settings: Default filter workers: 1
Logstash startup completed
{
       "message" => "aaa",
      "@version" => "1",
    "@timestamp" => "2019-06-09T08:49:48.841Z",
          "host" => "elk_node2"
}

標(biāo)準(zhǔn)輸入，在另一臺(tái)主機(jī)上輸出

/opt/logstash/bin/logstash -e 'input{ stdin{} } output{ elasticsearch{ hosts => ["172.16.10.76"]} }'

logstash配置文件模式

[root@elk_node1 ~]# vim /etc/logstash/conf.d/logstash.conf
input { stdin{} }
output { elasticsearch {hosts=> ["172.16.10.76:9200"]} }

#執(zhí)行命令

/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf

例2：

[root@elk_node1 ~]# vim /data/file.conf
input {
   file {
        path => "/var/log/messages"
        type => "system"
        start_position => "beginning"
}
}
output {
   elasticsearch {
        hosts => ["172.16.10.76:9200"]
        index => "system-%{+YYYY.MM.dd}"
}
}

例2：
[root@elk_node1 ~]# vim /data/file.conf
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
}

input {
file {
path => "/var/log/elasticsearch/huanqiu.log"
type => "es-error"
start_position => "beginning"
}
}
output {
if [type] == "system" {
elasticsearch {
hosts => ["172.16.10.76:9200"]
index => "system-%{+YYYY.MM.dd}"
}

三、kibana

環(huán)境安裝：

node1和node2安裝都一樣

官網(wǎng)地址：https://www.elastic.co/cn/downloads/past-releases#kibana

[root@elk_node2 tools]# wget https://www.elastic.co/downloads/past-releases/kibana-4-3-1

[root@elk_node2 tools]# ls
kibana-4.3.1-linux-x64.tar.gz  mongodb-linux-x86_64-3.6.12.tgz
[root@elk_node2 tools]# tar xf kibana-4.3.1-linux-x64.tar.gz 
[root@elk_node2 tools]# mv kibana-4.3.1-linux-x64 /usr/local/
[root@elk_node2 tools]# ln -s /usr/local/kibana-4.3.1-linux-x64/ /usr/local/kibana
[root@elk_node2 tools]# cd /usr/local/kibana
[root@elk_node2 kibana]# ls
bin     installedPlugins  node          optimize      README.txt  webpackShims
config  LICENSE.txt       node_modules  package.json  src
[root@elk_node2 kibana]# cp config/kibana.yml config/kibana.yml.bak

#修改kibana.yml配置

[root@elk_node2 kibana]# grep '^[a-z]' config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://172.16.10.76:9200"           #那個(gè)節(jié)點(diǎn)的IP都行
kibana.index: ".kibana"

##啟動(dòng)服務(wù)

[root@elk_node2 ~]# /usr/local/kibana/bin/kibana 
[root@elk_node2 ~]# screen -ls          #屏風(fēng)模式
There is a screen on:
        5480.pts-1.elk_node2    (Detached)
1 Socket in /var/run/screen/S-root.

[root@elk_node2 ~]# screen -r 5480
  log   [19:21:29.954] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready

添加索引


查看數(shù)據(jù)

添加可選項(xiàng)

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn，海內(nèi)外云服務(wù)器15元起步，三天無理由+7*72小時(shí)售后在線，公司持有idc許可證，提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案，具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì)，專為企業(yè)上云打造定制，能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。

分享文章：ELK搭建-創(chuàng)新互聯(lián)
分享網(wǎng)址：http://www.bm7419.com/article40/ihdeo.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供搜索引擎優(yōu)化、電子商務(wù)、關(guān)鍵詞優(yōu)化、面包屑導(dǎo)航、標(biāo)簽優(yōu)化、網(wǎng)站改版

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來源： 創(chuàng)新互聯(lián)