溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
[root@node1 ~]# vim /etc/hosts //配置解析名
192.168.80.128 node1
192.168.80.129 node2
[root@node1 ~]# java -version //查看是Java是否安裝
[root@node1 ~]# mount.cifs //192.168.80.2/LNMP-C7 /mnt/
Password for root@//192.168.80.2/LNMP-C7:
[root@node1 mnt]# cd /mnt/elk/
[root@node1 elk]# rpm -ivh elasticsearch-5.5.0.rpm //安裝
[root@node1 elk]# systemctl daemon-reload //重載守護進程
[root@node1 elk]# systemctl enable elasticsearch.service //開機自動啟動
[root@node1 elk]# cd /etc/elasticsearch/
[root@node1 elasticsearch]# cp elasticsearch.yml elasticsearch.yml.bak //備份
[root@node1 elasticsearch]# vim elasticsearch.yml //修改配置文件
cluster.name: my-elk-cluster //集群名
node.name: node1 //節點名,第二個節點為node2
path.data: /data/elk_data //數據存放位置
path.logs: /var/log/elasticsearch/ //日志存放位置
bootstrap.memory_lock: false //不在啟動時鎖定內存
network.host: 0.0.0.0 //提供服務綁定的IP地址,為所有地址
http.port: 9200 ##端口號為9200
discovery.zen.ping.unicast.hosts: ["node1", "node2"] //集群發現通過單播實現
[root@node1 elasticsearch]# mkdir -p /data/elk_data //創建數據存放點
[root@node1 elasticsearch]# chown elasticsearch.elasticsearch /data/elk_data/ //給權限
[root@node1 elasticsearch]# systemctl start elasticsearch.service //開啟服務
[root@node1 elasticsearch]# netstat -ntap | grep 9200 //查看開啟情況
tcp6 0 0 :::9200 :::* LISTEN 2166/java
[root@node1 elasticsearch]# yum install gcc gcc-c++ make -y //安裝編譯工具
[root@node1 elasticsearch]# cd /mnt/elk/
[root@node1 elk]# tar zxvf node-v8.2.1.tar.gz -C /opt/ //解壓插件
[root@node1 elk]# cd /opt/node-v8.2.1/
[root@node1 node-v8.2.1]# ./configure //配置
[root@node1 node-v8.2.1]# make && make install //編譯安裝[root@node1 elk]# tar jxvf phantomjs-2.1.1-linux-x86_64.tar.bz2 -C /usr/local/src/ //解壓到/usr/local/src下
[root@node1 elk]# cd /usr/local/src/phantomjs-2.1.1-linux-x86_64/bin/
[root@node1 bin]# cp phantomjs /usr/local/bin/ //編譯系統識別[root@node1 bin]# cd /mnt/elk/
[root@node1 elk]# tar zxvf elasticsearch-head.tar.gz -C /usr/local/src/ //解壓
[root@node1 elk]# cd /usr/local/src/elasticsearch-head/
[root@node1 elasticsearch-head]# npm install //安裝[root@node1 elasticsearch-head]# vim /etc/elasticsearch/elasticsearch.yml //末行加入
http.cors.enabled: true //開啟跨域訪問支持,默認為false
http.cors.allow-origin: "*" //跨域訪問允許的域名地址
[root@node1 elasticsearch-head]# systemctl restart elasticsearch.service //重啟
[root@node1 elasticsearch-head]# cd /usr/local/src/elasticsearch-head/
[root@node1 elasticsearch-head]# npm run start & //后臺運行數據可視化服務
[1] 82515
[root@node1 elasticsearch-head]# netstat -ntap | grep 9100
tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN 82525/grunt
[root@node1 elasticsearch-head]# netstat -ntap | grep 9200
tcp6 0 0 :::9200 :::* LISTEN 82981/java
[root@node2 ~]# curl -XPUT 'localhost:9200/index-demo/test/1?pretty&pretty' -H 'content-Type: application/json' -d '{"user":"zhangsan","mesg":"hello world"}'
[root@apache ~]# yum install httpd -y //安裝服務
[root@apache ~]# systemctl start httpd.service //啟動服務
[root@apache ~]# java -version
[root@apache ~]# mount.cifs //192.168.100.8/LNMP-C7 /mnt/ //掛載
Password for root@//192.168.100.8/LNMP-C7:
[root@apache ~]# cd /mnt/elk/
[root@apache elk]# rpm -ivh logstash-5.5.1.rpm //安裝logstash
[root@apache elk]# systemctl start logstash.service
[root@apache elk]# systemctl enable logstash.service //設置開機自啟
[root@apache elk]# ln -s /usr/share/logstash/bin/logstash /usr/local/bin/ //便于系統識別
[root@apache elk]# logstash -e 'input { stdin{} } output { stdout{} }' //標準輸入輸出
The stdin plugin is now waiting for input:
16:58:11.145 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com //輸入
2019-12-19T08:58:35.707Z apache www.baidu.com
www.sina.com.cn //輸入
2019-12-19T08:58:42.092Z apache www.sina.com.cn
[root@apache elk]# logstash -e 'input { stdin{} } output { stdout{ codec=>rubydebug } }' //使用rubydebug顯示詳細輸出,codec為一種編解碼器
The stdin plugin is now waiting for input:
17:03:08.226 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com //格式化的處理
{
"@timestamp" => 2019-12-19T09:03:80.267Z,
"@version" => "1",
"host" => "apache",
"message" => "www.baidu.com"
}
[root@apache elk]# logstash -e 'input { stdin{} } output { elasticsearch { hosts=>["192.168.80.129:9200"] } }'
##使用logstach將信息寫入elasticsearch中
The stdin plugin is now waiting for input:
17:06:46.846 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com //輸入信息
www.sina.com.cn
[root@apache elk]# chmod o+r /var/log/messages //給其他用戶讀權限
[root@apache elk]# vim /etc/logstash/conf.d/system.conf //創建文件
input {
file{
path => "/var/log/messages" //輸出目錄
type => "system"
start_position => "beginning"
}
}
output {
elasticsearch {
#輸入地址指向node1節點
hosts => ["192.168.80.129:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
[root@apache elk]# systemctl restart logstash.service //重啟服務
[root@node1 ~]# cd /mnt/elk/
[root@node1 elk]# rpm -ivh kibana-5.5.1-x86_64.rpm //安裝
[root@node1 elk]# cd /etc/kibana/
[root@node1 kibana]# cp kibana.yml kibana.yml.bak //備份
[root@node1 kibana]# vim kibana.yml //修改配置文件
server.port: 5601 //端口號
server.host: "0.0.0.0" //監聽任意網段
elasticsearch.url: "http://192.168.80.129:9200" //本機節點地址
kibana.index: ".kibana" //索引名稱
[root@node1 kibana]# systemctl start kibana.service //開啟服務
[root@node1 kibana]# systemctl enable kibana.service 
[root@apache elk]# vim /etc/logstash/conf.d/apache_log.conf //創建配置文件
input {
file{
path => "/etc/httpd/logs/access_log" //輸入信息
type => "access"
start_position => "beginning"
}
file{
path => "/etc/httpd/logs/error_log"
type => "error"
start_position => "beginning"
}
}
output {
if [type] == "access" { //根據條件判斷輸出信息
elasticsearch {
hosts => ["192.168.80.129:9200"]
index => "apache_access-%{+YYYY.MM.dd}"
}
}
if [type] == "error" {
elasticsearch {
hosts => ["192.168.80.129:9200"]
index => "apache_error-%{+YYYY.MM.dd}"
}
}
}
[root@apache elk]# logstash -f /etc/logstash/conf.d/apache_log.conf //根據配置文件配置logstach
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
