ELK集群安装（1）elasticsearch logstash kibana安装

ELK

[root@localhost ~]# ll

total 906244

-rwxr-xr-x  1 root root 318821777 Nov 19 13:19 elasticsearch-7.10.0-x86_64.rpm

-rwxr-xr-x  1 root root 256869646 Nov 19 13:19 kibana-7.10.0-x86_64.rpm

-rwxr-xr-x  1 root root 352291768 Nov 19 13:19 logstash-7.10.0-x86_64.rpm

一、elasticsearch(帮助文档：https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html)

1、安装：

rpm -ivh elasticsearch-7.10.0-x86_64.rpm

2、启动：

systemctl start elasticsearch

3、检查进程：

systemctl status elasticsearch

4、检测可用性：

[root@localhost logstash]# curl http://127.0.0.1:9200

{

  "name" : "localhost.localdomain",

  "cluster_name" : "elasticsearch",

  "cluster_uuid" : "9O3KTKEkQxOfanixuWIMjA",

  "version" : {

    "number" : "7.10.0",

    "build_flavor" : "default",

    "build_type" : "rpm",

    "build_hash" : "51e9d6f22758d0374a0f3f5c6e8f3a7997850f96",

    "build_date" : "2020-11-09T21:30:33.964949Z",

    "build_snapshot" : false,

    "lucene_version" : "8.7.0",

    "minimum_wire_compatibility_version" : "6.8.0",

    "minimum_index_compatibility_version" : "6.0.0-beta1"

  },

  "tagline" : "You Know, for Search"

}

5、配置：

Elasticsearch具有三个配置文件：

elasticsearch.yml 用于配置Elasticsearch

jvm.options 用于配置Elasticsearch JVM设置

log4j2.properties 用于配置Elasticsearch日志记录

#主配置文件

vim /etc/elasticsearch/elasticsearch.yml

path.data: /var/lib/elasticsearch

path.logs: /var/log/elasticsearch

http.port: 9200

systemctl restart elasticsearch

二、logstash（帮助文档：https://www.elastic.co/guide/en/logstash/current/index.html）

1、安装：

rpm -ivh logstash-7.10.0-x86_64.rpm

# 2、启动：

# systemctl start logstash

# 3、检查进程：

# systemctl status logstash

# 4、检测可用性：

# [root@localhost logstash]# curl -XGET 'localhost:9600/?pretty'

# {

#   "host" : "logstash.baway.com",

#   "version" : "7.10.0",

#   "http_address" : "127.0.0.1:9600",

#   "id" : "0695ff61-aa7f-48ed-b2ea-2e2e5f238c8d",

#   "name" : "logstash.baway.com",

#   "ephemeral_id" : "d169cc62-8c42-4ee1-96fc-74680bb0a279",

#   "status" : "green",

#   "snapshot" : false,

#   "pipeline" : {

#     "workers" : 2,

#     "batch_size" : 125,

#     "batch_delay" : 50

#   },

#   "build_date" : "2020-11-09T23:35:06Z",

#   "build_sha" : "d7808a0a3727cc53abb7d7cbe4df8df928dc557f",

#   "build_snapshot" : false

5、logstash输入项支持

https://www.elastic.co/guide/en/logstash/current/input-plugins.html

例子：

# input {

#   file {

#     path => "/tmp/access_log"

#     start_position => "beginning"

#   }

# }

# filter {

#   if [path] =~ "access" {

#     mutate { replace => { "type" => "apache_access" } }

#     grok {

#       match => { "message" => "%{COMBINEDAPACHELOG}" }

#     }

#   }

#   date {

#     match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]

#   }

# }

# output {

#   elasticsearch {

#     hosts => ["localhost:9200"]

#   }

#   stdout { codec => rubydebug }

# }

vim /etc/logstash/logstash.conf

input {

  file {

    path => ["/var/log/nginx/access.log", "/var/log/nginx/error.log"]

    start_position => "beginning" #从什么位置开始读取文件数据, beginning和end, 默认是结束位置end

  }

}

output {

elasticsearch {

manage_template => false

hosts => "localhost:9200"

index => "nginx-%{+YYYY.MM.dd}"

}

stdout {

codec => "rubydebug"

}

}

/usr/share/logstash/bin/logstash -f /etc/logstash/logstash.conf

三、kibana（帮助文档：https://www.elastic.co/guide/en/kibana/current/index.html）

1、安装：

rpm -ivh kibana-7.10.0-x86_64.rpm

2、启动：

systemctl start kibana

3、检查进程：

systemctl status kibana

4、检测可用性：

http://10.211.55.200:5601

[root@localhost ]# vim /etc/kibana/kibana.yml 

server.port: 5601

server.host: "10.211.55.200"

elasticsearch.hosts: ["http://localhost:9200"]

i18n.locale: "zh-CN"

systemctl restart kibana

yum -y intall nginx

systemctl start nginx

for i in `seq 10000`;do curl "10.211.55.200";done

打开kibana

http://10.211.55.200:5601

# 四、beats插件 （https://www.elastic.co/cn/beats/）

# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.0-x86_64.rpm

# filebeat.inputs:

# - type: log 

#   paths:

#     - /var/log/system.log

#     - /var/log/wifi.log

# - type: log 

#   paths:

#     - "/var/log/apache2/*"

#   fields:

#     apache: true

#   fields_under_root: true

  

# output.elasticsearch:

#   hosts: ["http://localhost:9200"]

#   index: "%{[fields.log_type]}-%{[agent.version]}-%{+yyyy.MM.dd}" 

# output.elasticsearch:

#   hosts: ["http://localhost:9200"]

#   indices:

#     - index: "warning-%{[agent.version]}-%{+yyyy.MM.dd}"

#       when.contains:

#         message: "WARN"

#     - index: "error-%{[agent.version]}-%{+yyyy.MM.dd}"

#       when.contains:

#         message: "ERR"