Elasticsearch + logstash + kibana 配置_编程

 



Elasticsearch 配置

Elasticsearch不仅仅是Lucene和全文搜索,我们还能这样去描述它:

  • 分布式的实时文件存储,每个字段都被索引并可被搜索
  • 分布式的实时分析搜索引擎
  • 可以扩展到上百台服务器,处理PB级结构化或非结构化数据

 

 

 

Elastic Search

  1. 索引 基本单位是 文档  文档类型, ES 分片 横向扩展。 分片可以做备份,节点,一个es的实例就是一个节点(集群使用)

git clone https://github.com/elasticsearch/elasticsearch-servicewrapper.git  管理脚本

 

Elasticsearch  ⇒ 索引   ⇒ 类型  ⇒ 文档  ⇒ 字段(Fields)

 

本文基于elasticsearch最新版搭建的 下载地址.

开发环境:centos7 :

192.168.20.153 zookeeper1
192.168.20.154 zookeeper2
192.168.20.155 zookeeper3
192.168.20.206 kafka1
192.168.20.207 kafka2
192.168.20.208 kafka3
192.168.20.204 logstashserver
192.168.20.205 kibana
192.168.20.201 es1
192.168.20.202 es2
192.168.20.203 es3

 

路径位置:

/data/elasticsearch  

/data/java/

 

 

elasticsearch的集群搭建相当简单,不像solrcloud的搭建那么复杂(需要自己安装zookeeper),

在es1上操作:

下载elasticsearch:

wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.3.5/elasticsearch-2.3.5.tar.gz

解压:

tar -zxvf elasticsearch-2.3.5.tar.gz

mv elasticsearch-2.3.5 elasticsearch

 

接下来创建el用户,因为elasticsearch不允许以root运行(其实也可以运行,需要配置)。

  1. 设置虚拟 –Xms  -Xmx 内存大小

vim  /data/elasticsearch/bin/elasticsearch.in.sh

  1. 设置虚拟内存

echo “vm.max_map_count=262144” >> /etc/sysctl.conf

  1. 关闭swap分区

Swapoff –a

修改配置文件fstab

#/dev/mapper/centos-swap swap           swap    defaults        0 0

  1. 设置mlocall 为true

vim /data/elasticsearch/config/elasticsearch.yml

bootstrap.memory_lock: true

 

5.设置elastrisearch用户名密码

useradd el

passwd el

123456

chown -R el:el elasticsearch

su el

cd elasticsearch/conf/

修改配置文件:

vim elasticsearch.yml

cluster.name: feng

node.name: es1

network.host: 192.168.20.201

#####以下配置是防止脑裂###########

discovery.zen.ping.multicast.enabled: false

discovery.zen.ping_timeout:120s

client.transport.ping_timeout: 60s

discovery.zen.ping.unicast.hosts: [“es1”, “es2″,”es3”]

配置信息的具体讲解先放在后边:直接按上边配置即可

 

启动

su - el

/data/elasticsearch/bin/elasticsearch  -d

 

安装Marvel()

Marvel是Elasticsearch的管理和监控工具,在开发环境下免费使用。它包含了一个叫做Sense的交互式控制台,使用户方便的通过浏览器直接与Elasticsearch进行交互。

bin/plugin install license

bin/plugin install marvel-agent

 

接下来,我们安装head插件:

cd elasticsearch/bin/

通过如下命令安装head插件

./plugin install mobz/elasticsearch-head

如果下载失败,可以自己手动下载,下载地址:

 

并上传到elasticsearch所在目录:

使用如下方式进行安装:

./plugin install file:/java/elasticsearch-head-master.zip

安装中文分词插件:ik

ik是在github上,需要自己下载并使用maven编译:github地址如下:

 

 

git clone https://github.com/medcl/elasticsearch-analysis-ik
cd elasticsearch-analysis-ik
mvn clean
mvn compile
mvn package

 

 

需要对比elasticsearch 与 ik 的对应关系

 

 

Elasticsearch2.4 与 ik没有找到对应关系, Elasticsearch5.00 的head的插件不支持,所以使用2.3.5

curl -L -O https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.3.5/elasticsearch-2.3.5.tar.gz

cd elasticsearch-analysis-ik

git  tag  -l   显示标记

git checkout –b dev1.9.5   v1.9.5  使用1.9.5版本

mvn  clean

mvn compile

mvn package

 

mkdir /data/elasticsearch/plugins/ik  -p

unzip /data/tools/elasticsearch-analysis-ik/target/releases/elasticsearch-analysis-ik-1.9.5.zip  -d /data/elasticsearch/plugins/ik

su root

给其他两台机器拷贝:

scp -r elasticsearch es2:/data/

scp -r elasticsearch es3:/data/

其他两台机器同样也需要创建新的用户el,并赋予相应的权限,这里不再赘述。

登录es2:

vim elasticsearch/config/elasticsearch.yml

node.name: es2

network.host: 192.168.20.202

discovery.zen.ping.multicast.enabled: false

discovery.zen.ping_timeout:120s

client.transport.ping_timeout: 60s

discovery.zen.ping.unicast.hosts: [“es1”, “es2″,”es3”]

登录es3:

vim elasticsearch/config/elasticsearch.yml

node.name: es3

network.host: 192.168.20.203

discovery.zen.ping.multicast.enabled: false

discovery.zen.ping_timeout:120s

client.transport.ping_timeout: 60s

discovery.zen.ping.unicast.hosts: [“es1”, “es2″,”es3”]

接下来,启动elasticsearch cluster

分别在es1,es2,es3上执行如下操作:

su el

./elasticsearch/bin/elasticsearch -d

到这里,集群已经成功启动:

通过如下地址可验证集群是否启动成功:

http://es1:9200/_plugin/head/

 

出现如下图所示,则说明,集群启动成功。

 

接下来,让我们通过如下方式建立并索引文档:

1.create a index

curl -XPUT http://localhost:9200/index

2.create a mapping

curl -XPOST http://localhost:9200/index/fulltext/_mapping -d'

{

    "fulltext": {

             "_all": {

            "analyzer": "ik_max_word",

            "search_analyzer": "ik_max_word",

            "term_vector": "no",

            "store": "false"

        },

        "properties": {

            "content": {

                "type": "text",

                "analyzer": "ik_max_word",

                "search_analyzer": "ik_max_word",

                "include_in_all": "true",

                "boost": 8

            }

        }

    }

}'

3.index some docs

curl -XPOST http://localhost:9200/index/fulltext/1 -d'

{"content":"美国留给伊拉克的是个烂摊子吗"}

'

curl -XPOST http://localhost:9200/index/fulltext/2 -d'

{"content":"公安部:各地校车将享最高路权"}

'

curl -XPOST http://localhost:9200/index/fulltext/3 -d'

{"content":"中韩渔警冲突调查:韩警平均每天扣1艘中国渔船"}

'

curl -XPOST http://localhost:9200/index/fulltext/4 -d'

{"content":"中国驻洛杉矶领事馆遭亚裔男子枪击 嫌犯已自首"}

'

4.query with highlighting

curl -XPOST http://localhost:9200/index/fulltext/_search  -d'

{

    "query" : { "match" : { "content" : "中国" }},

    "highlight" : {

        "pre_tags" : ["<tag1>", "<tag2>"],

        "post_tags" : ["</tag1>", "</tag2>"],

        "fields" : {

            "content" : {}

        }

    }

}

'

Result

{

    "took": 14,

    "timed_out": false,

    "_shards": {

        "total": 5,

        "successful": 5,

        "failed": 0

    },

    "hits": {

        "total": 2,

        "max_score": 2,

        "hits": [

            {

                "_index": "index",

                "_type": "fulltext",

                "_id": "4",

                "_score": 2,

                "_source": {

                    "content": "中国驻洛杉矶领事馆遭亚裔男子枪击 嫌犯已自首"

                },

                "highlight": {

                    "content": [

                        "<tag1>中国</tag1>驻洛杉矶领事馆遭亚裔男子枪击 嫌犯已自首 "

                    ]

                }

            },

            {

                "_index": "index",

                "_type": "fulltext",

                "_id": "3",

                "_score": 2,

                "_source": {

                    "content": "中韩渔警冲突调查:韩警平均每天扣1艘中国渔船"

                },

                "highlight": {

                    "content": [

                        "均每天扣1艘<tag1>中国</tag1>渔船 "

                    ]

                }

            }

        ]

    }

}

 

看到如下图说明我们集群搭建成功并可正常使用:

 

 

 

 

删除索引:

curl -XDELETE 'http://localhost:9200/feng'

 

获取数据

curl –XGET    'http://localhost:9200/index/fulltext/2'

 

/index/fulltext/2

 索引/类型/id

 

删除数据

curl –XDELETE    'http://localhost:9200/index/fulltext/2'

 

例如:删除索引为 

[root@es1 nodes]# curl -XDELETE 'http://192.168.20.201:9200/test-system-messages-2016-09'
{"acknowledged":true}

[root@es1 nodes]# curl -XDELETE 'http://192.168.20.201:9200/test-system-messages-2016.09.270'
{"acknowledged":true}

[root@es1 nodes]# curl -XDELETE 'http://192.168.20.201:9200/test-system-messages-2016.09.271

{"acknowledged":true}

 

 

logstash 客户端安装(安装在应用服务器上)

1. 下载

wget  https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz

tar -zxvf logstash-2.4.0.tar.gz

mv logstash-2.4.0 /data/

ln  -s logstash-2.4.0/ logstash

cd /data/logstash

mkdir logs etc

2 提供logstash管理脚本,其中里面的配置路径可根据实际情况修改

#!/bin/bash

FILE='/data/logstash/etc/*.conf' #logstash配置文件
LOGBIN='/data/logstash/bin/logstash agent --verbose --config' #指定logstash配置文件的命令
LOCK='/data/logstash/locks' #用锁文件配合服务启动与关闭
LOGLOG='--log /data/logstash/logs/stdou.log' #日志
START() {
if [ -f $LOCK ];then
echo -e "Logstash is already \033[32mrunning\033[0m, do nothing."
else
echo -e "Start logstash service.\033[32mdone\033[m"
nohup ${LOGBIN} ${FILE} ${LOGLOG} &
touch $LOCK
fi
}
STOP() {
if [ ! -f $LOCK ];then
echo -e "Logstash is already stop, do nothing."
else
echo -e "Stop logstash serivce \033[32mdone\033[m"
rm -rf $LOCK
ps -ef | greplogstash | grep -v "grep" | awk '{print $2}' | xargskill -s 9 >/dev/null
fi
}
STATUS() {
psaux | greplogstash | grep -v "grep" >/dev/null
if [ -f $LOCK ] && [ $? -eq 0 ]; then
echo -e "Logstash is: \033[32mrunning\033[0m..."
else
echo -e "Logstash is: \033[31mstopped\033[0m..."
fi
}
TEST(){
${LOGBIN} ${FILE} --configtest
}
case "$1" in
start)
START
;;
stop)
STOP
;;
status)
STATUS
;;
restart)
STOP
sleep 2
START
;;
test)
TEST
;;
*)
echo "Usage: /etc/init.d/logstash (test|start|stop|status|restart)"
;;
esac

3. logstash 把日志写入到kafka集群

cat /data/logstash/etc/logstash.conf

 

input {            #这里的输入还是定义的是从日志文件输入
  file {
    type => "system-message" 
    path => "/var/log/messages"
    start_position => "beginning"
  }
}
output {
    #stdout { codec => rubydebug }   #这是标准输出到终端,可以用于调试看有没有输出,注意输出的方向可以有多个
    kafka {  #输出到kafka
      bootstrap_servers => "192.168.2.22:9092,192.168.2.23:9092,192.168.2.24:9092"  #他们就是生产者
      topic_id => "system-messages"  #这个将作为主题的名称,将会自动创建
      compression_type => "snappy"  #压缩类型
    }
}

 

4. 检查配置文件是否有语法错

/data/logstash/bin/logstash -f logstash.conf --configtest --verbose

 5. 启动logstash

/usr/local/logstash/bin/logstash -f logstash.conf

 

6. 测试

  [root@haproxy1 etc]# cat /etc/security/limits.conf >>/var/log/messages

 

7. 登陆kafka 消息队里服务器

[root@kafka1 ~]# /data/kafka/bin/kafka-topics.sh --list --zookeeper zookeeper1:2181
     system-messages   #显示topics 为: system-messages 

 

8. 查看system-messages 主题的详情。

[root@kafka1 ~]# /data/kafka/bin/kafka-topics.sh --describe --zookeeper zookeeper1:2181 --topic system-messages
Topic:system-messages PartitionCount:16 ReplicationFactor:1 Configs:
Topic: system-messages Partition: 0 Leader: 3 Replicas: 3 Isr: 3
Topic: system-messages Partition: 1 Leader: 1 Replicas: 1 Isr: 1
Topic: system-messages Partition: 2 Leader: 2 Replicas: 2 Isr: 2
Topic: system-messages Partition: 3 Leader: 3 Replicas: 3 Isr: 3
Topic: system-messages Partition: 4 Leader: 1 Replicas: 1 Isr: 1
Topic: system-messages Partition: 5 Leader: 2 Replicas: 2 Isr: 2
Topic: system-messages Partition: 6 Leader: 3 Replicas: 3 Isr: 3
Topic: system-messages Partition: 7 Leader: 1 Replicas: 1 Isr: 1
Topic: system-messages Partition: 8 Leader: 2 Replicas: 2 Isr: 2
Topic: system-messages Partition: 9 Leader: 3 Replicas: 3 Isr: 3
Topic: system-messages Partition: 10 Leader: 1 Replicas: 1 Isr: 1
Topic: system-messages Partition: 11 Leader: 2 Replicas: 2 Isr: 2
Topic: system-messages Partition: 12 Leader: 3 Replicas: 3 Isr: 3
Topic: system-messages Partition: 13 Leader: 1 Replicas: 1 Isr: 1
Topic: system-messages Partition: 14 Leader: 2 Replicas: 2 Isr: 2
Topic: system-messages Partition: 15 Leader: 3 Replicas: 3 Isr: 3

 

可以看出,这个主题生成了16个分区,每个分区都有对应自己的Leader,但是我想要有10个分区,3个副本如何办?还是跟我们上面一样命令行来创建主题就行,当然对于logstash输出的我们也可以提前先定义主题,然后启动logstash 直接往定义好的主题写数据就行啦,命令如下:

[root@kafka1 ~]# /usr/local/kafka/bin/kafka-topics.sh --create --zookeeper 192.168.2.22:2181 --replication-factor 3 --partitions 10 --topic system-messages

 

 

 

logstash 服务器端安装(单独服务器上)

1. 下载

wget  https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz

tar -zxvf logstash-2.4.0.tar.gz

mv logstash-2.4.0 /data/

ln  -s logstash-2.4.0/ logstash

cd /data/logstash

mkdir logs etc

 

[root@kafka1etc]# more logstash.conf
input {
    kafka {
        zk_connect => "zookeeper1:2181,zookeeper2:2181,zookeeper3:2181"  #消费者们
        topic_id => "system-messages"
        codec => plain
        reset_beginning => false
        consumer_threads => 5
        decorate_events => true
    }
}
output {
    elasticsearch {
      hosts => ["es1:9200","es2:9200","es3:9200"]
      index => "test-system-messages-%{+YYYY.MM.DD}"          #为了区分之前实验,我这里新生成的所以名字为“test-system-messages-%{+YYYY-MM}”
  }
  }

 2 . 启动 logstashserver 服务器进程

[root@logstashserver etc]#  /etc/init.d/logstash start

 

##########################################################

使用redis 替换kafka

 

logstash 客户端配置文件

input { #这里的输入还是定义的是从日志文件输入
file {
type => "system-messages"
path => "/var/log/messages"
start_position => "beginning"
}
file {
type => "wx-cinyi-com"
path => "/root/wxcinyi.access.log"
start_position => "beginning"
}
}

output {

if [type] == "system-messages" {
redis {
host => "192.168.20.166"
port => "6379"
db => "1"
data_type => "list"
key => "system-messages"
}
}
if [type] == "wx-cinyi-com" {
redis {
host => "192.168.20.166"
port => "6379"
db => "2"
data_type => "list"
key => "wx-cinyi-com"
}
}
}

 

logstash 服务器端配置文件

input {
if [type] == "system-messages" {
redis {
host => "192.168.20.166"
port => "6379"
db => "1"
data_type => "list"
key => "system-messages"
}
}
if [type] == "wx-cinyi-com" {
redis {
host => "192.168.20.166"
port => "6379"
db => "2"
data_type => "list"
key => "wx-cinyi-com"
}
}
}

output {
if [type] == "system-messages" {
elasticsearch {
hosts => ["es1:9200","es2:9200","es3:9200"]
index => "test-system-messages-%{+YYYY-MM-DD}"
}
}
if [type] == "wx-cinyi-com" {
elasticsearch {
hosts => ["es1:9200","es2:9200","es3:9200"]
index => "wx-cinyi-com-%{+YYYY-MM-DD}"
}
}
}

 

 

 

 ###########################################################

kibana安装配置

wget https://download.elastic.co/kibana/kibana/kibana-4.6.1-linux-x86_64.tar.gz

[root@kibanai data]#  tar -zxvf  kibana-4.6.1-linux-x86_64.tar.gz

[root@kibanai data]#  mv  kibana-4.6.1-linux-x86_64  /data

[root@kibanai data]# ln -s  kibana-4.6.1-linux-x86_64 kibana

[root@kibanai data]#   /data/kibana/run/

[root@kibanai data]#   cd /data/kibana/config/

 

[root@kibanai config]# cat kibana.yml | grep -v "#" | sed '/^$/d'
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://es1:9200"
elasticsearch.username: "user"
elasticsearch.password: "pass"
elasticsearch.startupTimeout: 5000
pid.file: /data/kibana/run/kibana.pid

 

安装kibana marvel插件

bin/kibana plugin --install elasticsearch/marvel/latest

 

 

 

3. kibana 启动脚本

 

#!/bin/bash


KIBBIN='/data/kibana/bin/kibana'
LOCK='/data/kibana/locks'

START() {
if [ -f $LOCK ];then
echo -e "kibana is already \033[32mrunning\033[0m, do nothing."
else
echo -e "Start kibana service.\033[32mdone\033[m"
cd /data/kibana/bin
nohup ./kibana & >/dev/null
touch $LOCK
fi
}

STOP() {
if [ ! -f $LOCK ];then
echo -e "kibana is already stop, do nothing."
else
echo -e "Stop kibana serivce \033[32mdone\033[m"
rm -rf $LOCK
ps -ef | grep kibana | grep -v "grep" | awk '{print $2}' | xargs kill -s 9 >/dev/null
fi
}

STATUS() {
Port=$(netstat -tunl | grep ":5602")
if [ "$Port" != "" ] && [ -f $LOCK ];then
echo -e "kibana is: \033[32mrunning\033[0m..."
else
echo -e "kibana is: \033[31mstopped\033[0m..."
fi
}

case "$1" in
start)
START
;;
stop)
STOP
;;
status)
STATUS
;;
restart)
STOP
sleep 2
START
;;
*)
echo "Usage: /etc/init.d/kibana (|start|stop|status|restart)"
;;
esac

 

3. 添加权限

[root@kibanai config]# chmod +x /etc/init.d/kibana

 

4. 启动

[root@kibanai config]#  /etc/init.d/kibana start

 

5. 浏览器打开http://192.168.20.205:5601

 http://localhost:5601/app/marvel 浏览插件

Elasticsearch + logstash + kibana 配置_编程_02

 

Elasticsearch + logstash + kibana 配置_编程_03