您好,登錄后才能下訂單哦!
工作原理如下如所示:
部署流程:
1、安裝logstash的JDK環(huán)境:
# tar zvxf jdk-8u73-linux-x64.tar.gz # mv jdk-8u73-linux-x64 /usr/local/java # vim /etc/profile export JAVA_HOME=/usr/local/java CLASSPATH=/usr/local/java/lib/dt.jar/usr/local/java/lib/tools.jar PATH=/usr/local/java/bin:$PATH export PATH JAVA_HOME CLASSPATH # source /etc/profile # java -version java version "1.8.0_73" Java(TM) SE Runtime Environment (build 1.8.0_73-b02) Java HotSpot(TM) 64-Bit Server VM (build 25.73-b02, mixed mode)
出來java的版本號(hào),JDK安裝成功;
2、安裝 logstash
下載并安裝 Logstash ,本次安裝 logstash 到/usr/local (安裝路徑自己定義);
# wget # tar zvxf logstash-1.5.2.tar.gz -C /usr/local/
安裝完成后執(zhí)行命令:
# /usr/local/logstash-1.5.2/bin/logstash -e 'input { stdin { } } output { stdout {} }' Logstash startup completed hello ELK 2016-09-29T09:28:57.992Z web10.gz.com hello ELK
-e :指定logstash的配置信息,可以用于快速測(cè)試;
-f :指定logstash的配置文件;可以用于生產(chǎn)環(huán)境;
在 logstash 安裝目錄下創(chuàng)建一個(gè)測(cè)試文件 logstash-test.conf, 文件內(nèi)容如下:
# vim logstash-simple.conf input { stdin { } } output { stdout { codec=> rubydebug } }
# echo "`date` hello ELK" Thu Sep 29 17:33:23 CST 2016 hello ELK # /usr/local/logstash-1.5.2/bin/logstash agent -f logstash-simple.conf Logstash startup completed Thu Sep 29 17:33:23 CST 2016 hello ELK { "message" => "Thu Sep 29 17:33:23 CST 2016 hello ELK", "@version" => "1", "@timestamp" => "2016-09-29T09:33:57.711Z", "host" => "web10.gz.com" } 安裝supervisor,管理logstash: #yum install -y install supervisor --enablerepo=epel #vim /etc/supervisord.conf 添加內(nèi)容 [program:elkpro_1] environment=LS_HEAP_SIZE=5000m directory=/usr/local/logstash-1.5.2 #logstash安裝目錄 command=/usr/local/logstash-1.5.2/bin/logstash -f /usr/local/logstash-1.5.2/logstash-simple.conf -w 10 -l /var/log/logstash/logstash-simple.log #logstash執(zhí)行的命令 pro1.conf #logstash指定運(yùn)行的配置文件 /var/log/logstash/pro1.log #指定logstash日志存放位置; 開啟關(guān)閉supervisord #service supervisord stop #service supervisord start 開機(jī)啟動(dòng) #chkconfig supervisord on 開啟關(guān)閉logstash #supervisorctl start elkpro_1 #supervisorctl stop elkpro_1
3、安裝 Elasticsearch
下載 Elasticsearch 后,解壓到/usr/local/;
# wget # tar zvxf elasticsearch-1.6.0.tar.gz -C /usr/local/
啟動(dòng) Elasticsearch
# /usr/local/elasticsearch-1.6.0/bin/elasticsearch
后臺(tái)運(yùn)行 elasticsearch:
# nohup /usr/local/elasticsearch-1.6.0/bin/elasticsearch >nohup &
# ps aux|grep logstash root 21154 1.6 5.0 3451732 196856 pts/0 Sl+ 17:33 0:10 /usr/local/java/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Xmx500m -Xss2048k -Djffi.boot.library.path=/usr/local/logstash-1.5.2/vendor/jruby/lib/jni -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Xbootclasspath/a:/usr/local/logstash-1.5.2/vendor/jruby/lib/jruby.jar -classpath :/usr/local/java/lib/dt.jar/usr/local/java/lib/tools.jar -Djruby.home=/usr/local/logstash-1.5.2/vendor/jruby -Djruby.lib=/usr/local/logstash-1.5.2/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /usr/local/logstash-1.5.2/lib/bootstrap/environment.rb logstash/runner.rb agent -f logstash-simple.conf
elasticsearch官方給的啟動(dòng)腳本: https://codeload.github.com/elastic/elasticsearch-servicewrapper/zip/master 上傳到服務(wù)器上 #unzip elasticsearch-servicewrapper-master.zip #mv elasticsearch-servicewrapper-master/service/ /usr/local/elasticsearch/bin/ #cd /usr/local/elasticsearch/bin/service #./elasticsearch install (在init.d下自動(dòng)創(chuàng)建服務(wù)腳本) #/etc/init.d/elasticsearch restart #curl -XGET 'http://elasticsearch_IP:9200/_count?pretty' -d ' #IP為 elasticsearch安裝的服務(wù)器IP > { > "query":{ > "match_all":{} > } > } > ' 返回值: { "count" : 710, "_shards" : { "total" : 6, "successful" : 6, "failed" : 0 }
在logstash安裝目錄下,創(chuàng)建測(cè)試文件logstash-es-simple.conf,查看結(jié)果顯示是否輸出到elastisearch中。
# vim logstash-es-simple.conf logstash-es-simple.confinput { stdin { } } output { elasticsearch {host => "localhost" } stdout { codec=> rubydebug } } 執(zhí)行: # /usr/local/logstash-1.5.2/bin/logstash agent -f logstash-es-simple.conf ...啟動(dòng)輸出... Logstash startup completed hello ELK { "message" => "hello ELK", "@version" => "1", "@timestamp" => "2016-09-29T09:52:21.426Z", "host" => "web10.gz.com" } 使用 curl 命令發(fā)送請(qǐng)求來查看elastisearch 是否接收到了數(shù)據(jù): # curl ' { "took" : 1, "timed_out" : false, "_shards" : { "total" : 6, "successful" : 6, "failed" : 0 }, .....
現(xiàn)在已成功可以使用 Elasticsearch 和 Logstash 來收集日志數(shù)據(jù)了。
4、安裝 elasticsearch 插件
在你安裝 Elasticsearch 的目錄中執(zhí)行以下命令;
# cd /usr/local/elasticsearch-1.6.0/ # ./bin/plugin -install lmenezes/elasticsearch-kopf 安裝完成后在 plugins 目錄下可以看到 kopf # ls plugins/kopf
在瀏覽器訪問 http://192.168.1.114:9200/_plugin/kopf 瀏覽保存在 Elasticsearch 中的數(shù)據(jù),如圖:
5、安裝 Kibana
下載 kibana 后,解壓到/usr/local/下
# wget # tar zvxf kibana-4.1.1-linux-x64.tar.gz 啟動(dòng) kibana
# /usr/local/kibana-4.1.1-linux-x64/bin/kibana
使用 http://kibanaServerIP:5601 訪問 Kibana ,登錄后,配置一個(gè)索引,默認(rèn)就可以, Kibana 的數(shù)據(jù)被指向 Elasticsearch ,使用默認(rèn)的 logstash-* 的索引名稱,并且是基于時(shí)間的,點(diǎn)擊“ Create ”即可。
看到如下界面說明索引創(chuàng)建完成。
點(diǎn)擊“ Discover ”,可以搜索和瀏覽 Elasticsearch 中的數(shù)據(jù);
到此, ELK 平臺(tái)部署已完成。
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。