Centos 7 安裝 ELK 5.6.8 及基礎的配置

時間  2019-12-13
標籤 centos 安裝 elk 5.6.8 基礎 配置 欄目 CentOS 简体版
原文   原文鏈接

下載

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.8.rpmjava

wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.8.rpmredis

wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.8-x86_64.rpmvim

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.6.8-x86_64.rpm瀏覽器

安裝

yum install ./*.rpm

再安裝一個redis做爲filebeat與logstash間的緩衝,這裏是從epel直接yum安裝的,版本是:3.2.10elasticsearch

yum install redis

另外還須要安裝好jdk8,這裏的路徑是:/mydata/jdk1.8.0_111測試

基礎配置

下文中藍色文字爲修改的內容,綠色爲註釋,其餘是命令url

redis

mkdir -p /mydata/redis
chown -R redis:redis /mydata/redis
vim /etc/redis.conf
 bind 0.0.0.0 dir /mydata/redis
systemctl start redis
systemctl enable redis

filebeat

vim /etc/filebeat/filebeat.yml
    先把該文件中預設的配置所有註釋掉,而後加上下面的
 filebeat.prospectors:     - input_type: log
      paths:
        - /root/test.log  從一個測試文件中獲取數據 output.redis:  輸出到redis隊列 enabled: true
        hosts: ["127.0.0.1:6379"]
        db: 1 key: "elk_test_list"
systemctl start filebeat
systemctl enable filebeat

logstash

logstash在安裝了rpm包後,還需再安裝一下:spa

vim /etc/logstash/startup.options
    JAVACMD=${JAVA_HOME}/bin/java
cd /usr/share/logstash/bin
./system-install

而後再進行基礎配置:3d

mkdir -p /mydata/logstash
chown -R logstash:logstash /mydata/logstash
vim /etc/logstash/logstash.yml
    path.data: /mydata/logstash
cd /etc/logstash/conf.d
vim test.conf
 input { redis {  從redis隊列讀數據,要與上面filebeat的配置一致 host => "127.0.0.1"
            port => 6379
            db => 1
            data_type => "list"
            key => "elk_test_list"
            threads => 3
        }
    }
    filter {  解析內容,這裏用一個IP和一個字符串做測試
        grok {
            match => { "message" => '^%{IP:myip} %{DATA:myname}$' }
        }
    }
    output {
        elasticsearch {  輸出到elasticsearch
            hosts => ["127.0.0.1:9200"]
            index => "test-log-%{+YYYY.MM.dd}" } }
systemctl start logstash
systemctl enable logstash

elasticsearch

vim /etc/sysconfig/elasticsearch
    JAVA_HOME=/mydata/jdk1.8.0_111
vim /etc/elasticsearch/elasticsearch.yml
    path.data: /mydata/elasticsearch network.host: 0.0.0.0
mkdir -p /mydata/elasticsearch
chown -R elasticsearch:elasticsearch /mydata/elasticsearch
systemctl start elasticsearch
systemctl enable elasticsearch

kibana

vim /etc/kibana/kibana.yml
    server.host: "0.0.0.0"
systemctl start kibana
systemctl enable kibana

進行測試

touch /root/test.log
echo '127.0.0.1 張三' >> /root/test.log
echo '127.0.0.2 李四' >> /root/test.log

瀏覽器訪問kibana(http://[your url]:5601),建立一個索引模板(test-log-*),進入Discover就能夠看到:code

over

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程