ELK集羣搭建(ElasticSearch Logstash Kinaba)
Logstash
1.1 安裝
注:安裝在須要收集日誌的機器上。java
cd /data/softs
sudo wget https://download.elastic.co/l...
sudo tar -zxf logstash-2.4.0.tar.gz
sudo mv logstash-2.4.0 /usr/local/logstashnode
1.2 建立配置
cd /usr/local/logstash
sudo vim logstash.conf
輸入:linux
input {nginx
file {
path => ["/data/logs/error/program.error.log"]
type => "error"
tags => ["error"]
start_position => "beginning"
#sincedb_path => "/dev/null"
codec => "json"
}
file {
path => ["/data/logs/error/program.warning.log"]
type => "warning"
tags => ["warning"]
start_position => "beginning"
#sincedb_path => "/dev/null"
codec => "json"
}
#file {
# path => ["/data/logs/access/nginx.access.log"]
# type => "access"
# tags => ["access"]
# start_position => "beginning"
# codec => "json"
#}
}
output {json
if "error" in [tags] {
elasticsearch {
hosts => "10.0.0.23:9200"
index => "error_log"
}
stdout { codec=> rubydebug }
}
if "warning" in [tags] {
elasticsearch {
hosts => "10.0.0.23:9200"
index => "warning_log"
}
stdout { codec=> rubydebug }
}
if "access" in [tags] {
elasticsearch {
hosts => "10.0.0.23:9200"
#index => "access_log"
index => "access_log_%{+YYYY.MM.dd}"
}
stdout { }
}
}vim
1.3 啓動
sudo /usr/local/logstash/bin/logstash agent -f /usr/local/logstash/logstash.conf 2>>/data/logs/error/logstash.error.log &ruby
ElasticSearch集羣(三臺)
2.1 安裝
# 安裝JDK
sudo yum -y install java-1.8.0-openjdk
# 下載ES RPM包
sudo wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.0.rpm
# 安裝
rpm -ivh elasticsearch-5.2.0.rpm
# 開機啓動
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
2.2 配置
2.2.1 elasticsearch01
# 更改配置
sudo vim /etc/elasticsearch/elasticsearch.yml
path.data: /data/components/elasticsearch
path.plugins: /data/components/elasticsearch/plugins
node.name: zt-elk01
path.logs: /data/logs/
network.host: 10.0.0.23
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.0.0.24","10.0.0.25"]
# 重啓
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
2.2.2 elasticsearch02
# 更改配置
sudo vim /etc/elasticsearch/elasticsearch.yml
path.data: /data/components/elasticsearch
path.plugins: /data/components/elasticsearch/plugins
cluster.name: zt-elk
node.name: zt-elk02
path.logs: /data/logs/
network.host: 10.0.0.24
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.0.0.23","10.0.0.25"]
# 重啓
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
2.2.3 elasticsearch03
# 更改配置
sudo vim /etc/elasticsearch/elasticsearch.yml
path.data: /data/components/elasticsearch
path.plugins: /data/components/elasticsearch/plugins
cluster.name: zt-elk
node.name: zt-elk03
path.logs: /data/logs/
network.host: 10.0.0.25
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.0.0.23","10.0.0.24"]
# 重啓
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
Kibana
3.1 安裝 注:安裝在能對外訪問的機器上。
cd /data/softs
sudo wget https://download.elastic.co/k...
sudo tar -zxf kibana-4.6.0-linux-x86_64.tar.gz
sudo mv kibana-4.6.0-linux-x86_64 /usr/local/kibanaapp
3.2 配置 更改相關配置:
cd /usr/local/kibana
vim config/kibana.ymlcurl
server.port: 5601 server.host: "127.0.0.1" elasticsearch.url: "http://10.0.0.23:9200" 3.3 啓動
sudo /usr/local/kibana/bin/kibanaelasticsearch
tips
4.1 刪除索引
curl -XDELETE 'http://127.0.0.1:9200/applog'
相關文章
- 1. 【ELK】ELK集羣搭建(ElasticSearch Logstash Kinaba)
- 2. Elasticsearch(ELK)集羣搭建
- 3. ELK之ELASTICSEARCH 集羣搭建
- 4. 【ELK】elasticsearch集羣搭建
- 5. ELK搭建(filebeat、elasticsearch、logstash、kibana)
- 6. ELK集羣搭建
- 7. 搭建ELK集羣
- 8. ELK集羣部署搭建
- 9. ELK集羣搭建(三)
- 10. elasticsearch集羣搭建
- 更多相關文章...
- • Swarm 集羣管理 - Docker教程
- • Swift 環境搭建 - Swift 教程
- • 適用於PHP初學者的學習線路和建議
- • ☆技術問答集錦(13)Java Instrument原理
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
