Elasticsearch-安裝kibana和logstash

先下載安裝包,也是須要安裝jdk和logstash。

[root@node6 ~]#wget http://192.168.137.53/yum/Elasticsearch/jdk-8u191-linux-x64.rpm
[root@node6 ~]#wget http://172.20.7.53/yum/Elasticsearch/logstash-6.4.3.rpm

安裝jdk、logstash

[root@node6 ~]#yum -y install logstash-6.4.3.rpm jdk-8u191-linux-x64.rpm

檢查logstash是否正常，只要能正常顯示幫助信息便可。

[root@node7 ~]#/usr/share/logstash/bin/logstash --help
     -n  指定當前節點的名稱
     -f  指定配置文件的路徑
     -e  標準輸入的方式來配置
     -t  測試語法

測試logstash

[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}} output {stdout{}}'
# 看到最後這句話說明已經成功啓動，在後續輸入字符後格式化以後輸出顯示結果
[INFO ] 2018-11-29 12:56:06.194 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
# 手動輸入
hello world 
{
              "host" => "node7.dklwj.com",
          "@version" => "1",
        "@timestamp" => 2018-11-29T04:58:26.160Z,
           "message" => "hello world"
}
    [INFO ] 2018-11-29 12:56:06.194
{
              "host" => "node7.dklwj.com",
          "@version" => "1",
        "@timestamp" => 2018-11-29T04:59:10.752Z,
           "message" => "[INFO ] 2018-11-29 12:56:06.194"
}

輸出到文件裏面，須要手動輸入字符纔會生成相對應的文件

[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}}  output {file { path => "/tmp/output.txt" }}'
[INFO ] 2018-11-29 13:11:42.870 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
1
1
1[INFO ] 2018-11-29 13:12:10.300 [Ruby-0-Thread-6: :1] file - Opening file {:path=>"/tmp/output.txt"}
fdfd
dfd
dfa
dfa
fa
dfa

# 新打開一個終端用tail -f 動態加載這個文件而後在另外一端繼續輸入文字
[root@node7 ~]#tail -f /tmp/output.txt 
{"message":"1","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:10.094Z"}
{"message":"1","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:09.843Z"}
{"message":"1","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:10.365Z"}
{"message":"fdfd","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:24.298Z"}
{"message":"dfd","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:25.027Z"}
{"message":"dfa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:25.412Z"}
{"message":"dfa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:25.749Z"}
{"message":"fa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:26.097Z"}
{"message":"dfa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:26.394Z"}

輸出到elk服務器上去

啓動以後在後面輸入一些測試內容，而後它是不會在當前終端上顯示出來，須要用瀏覽器打開elk服務器的地址+9100端口

[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}}  output {elasticsearch { hosts => ["172.20.7.50:9200"] index => "test-%{+YYYY.MM.dd}"}}'  
[INFO ] 2018-11-29 13:23:15.698 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
hello world

接下來開始安裝前端展現kibana圖形

仍是跟elk-head安裝同樣，跑在docker裏面
先下載打包好的kibana鏡像文件

[root@node1 ~]#wget http://192.168.3.53/yum/Elasticsearch/kibana_docker-image_6.4.3.tar.gz

把下載好的鏡像文件導入到docker images裏面去

[root@node1 ~]#docker load -i kibana_docker-image_6.4.3.tar.gz
f972d139738d: Loading layer  208.8MB/208.8MB
bf4884a66d65: Loading layer  27.92MB/27.92MB
fd1a35685127: Loading layer   2.56kB/2.56kB
24d0eaf4a529: Loading layer  559.9MB/559.9MB
96d0c6a3b847: Loading layer  4.096kB/4.096kB
a55297057152: Loading layer  9.216kB/9.216kB
d80d8e5025ea: Loading layer   7.68kB/7.68kB
17579ca9208b: Loading layer  8.704kB/8.704kB
3c3df3ec2abb: Loading layer  306.7kB/306.7kB
Loaded image: kibana:6.4.3

在宿主機上建立一個配置文件，用於後續起容器時綁定配置文件

[root@node1 ~]#vim kibana.yml
---
#Default Kibana configuration from kibana-docker.
server.name: kibana
server.host: "0"
elasticsearch.url: http://192.168.3.50:9200
xpack.monitoring.ui.container.elasticsearch.enabled: true

啓動kibana容器，綁定配置文件、把kibana的5601端口號暴露出來

[root@node1 ~]#docker run --name kibana -d  -p 15601:5601 -v /root/kibana.yml:/usr/share/kibana/config/kibana.yml  kibana:6.4.3 
087da7310c1fc722bd932a904987922d177374f2b7a03c4568ddd5f571564d52

查看已有的容器

經過瀏覽器訪問 宿主機的IP+容器暴露時使用的端口來訪問kibana的默認界面