ELK叢集搭建(ElasticSearch Logstash Kinaba)

禁止進入i發表於2017-05-18

Logstash

1.1 安裝

注:安裝在需要收集日誌的機器上。

cd /data/softs
sudo wget https://download.elastic.co/l…
sudo tar -zxf logstash-2.4.0.tar.gz
sudo mv logstash-2.4.0 /usr/local/logstash

1.2 建立配置

cd /usr/local/logstash
sudo vim logstash.conf
輸入:

input {

file {
    path => ["/data/logs/error/program.error.log"]
    type => "error"
    tags => ["error"]
    start_position => "beginning"
    #sincedb_path => "/dev/null"
    codec => "json"
}
file {
    path => ["/data/logs/error/program.warning.log"]
    type => "warning"
    tags => ["warning"]
    start_position => "beginning"
    #sincedb_path => "/dev/null"
    codec => "json"
}
#file {
#    path => ["/data/logs/access/nginx.access.log"]
#    type => "access"
#    tags => ["access"]
#    start_position => "beginning"
#    codec => "json"
#}

}
output {

if "error" in [tags] {
    elasticsearch {
        hosts  => "10.0.0.23:9200"
        index  => "error_log"
    }
    stdout { codec=> rubydebug }
}
if "warning" in [tags] {
    elasticsearch {
        hosts  => "10.0.0.23:9200"
        index  => "warning_log"
    }
    stdout { codec=> rubydebug }
}
if "access" in [tags] {
    elasticsearch {
        hosts  => "10.0.0.23:9200"
        #index  => "access_log"
        index => "access_log_%{+YYYY.MM.dd}"
    }
    stdout { }
}

}

1.3 啟動

sudo /usr/local/logstash/bin/logstash agent -f /usr/local/logstash/logstash.conf 2>>/data/logs/error/logstash.error.log &

ElasticSearch叢集(三臺)

2.1 安裝

# 安裝JDK
sudo yum -y install java-1.8.0-openjdk

# 下載ES RPM包
sudo wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.0.rpm
# 安裝
rpm -ivh elasticsearch-5.2.0.rpm

# 開機啟動
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
2.2 配置
    2.2.1 elasticsearch01


    # 更改配置 
sudo vim /etc/elasticsearch/elasticsearch.yml

path.data: /data/components/elasticsearch
path.plugins: /data/components/elasticsearch/plugins

node.name: zt-elk01
path.logs: /data/logs/
network.host: 10.0.0.23
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.0.0.24","10.0.0.25"]
 
    # 重啟
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
2.2.2 elasticsearch02

    # 更改配置 
sudo vim /etc/elasticsearch/elasticsearch.yml

path.data: /data/components/elasticsearch
path.plugins: /data/components/elasticsearch/plugins

cluster.name: zt-elk
node.name: zt-elk02
path.logs: /data/logs/
network.host: 10.0.0.24
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.0.0.23","10.0.0.25"]

    # 重啟
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
2.2.3 elasticsearch03
    # 更改配置 
sudo vim /etc/elasticsearch/elasticsearch.yml

path.data: /data/components/elasticsearch
path.plugins: /data/components/elasticsearch/plugins

cluster.name: zt-elk
node.name: zt-elk03
path.logs: /data/logs/
network.host: 10.0.0.25
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.0.0.23","10.0.0.24"]

    # 重啟
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

Kibana

3.1 安裝
注:安裝在能對外訪問的機器上。

cd /data/softs
sudo wget https://download.elastic.co/k…
sudo tar -zxf kibana-4.6.0-linux-x86_64.tar.gz
sudo mv kibana-4.6.0-linux-x86_64 /usr/local/kibana

3.2 配置
更改相關配置:

cd /usr/local/kibana
vim config/kibana.yml

server.port: 5601 
server.host: "127.0.0.1"
elasticsearch.url: "http://10.0.0.23:9200"

3.3 啟動

sudo /usr/local/kibana/bin/kibana

tips

4.1 刪除索引

curl -XDELETE `http://127.0.0.1:9200/applog`

相關文章