ELK 環境部署詳解
ELK簡介
核心組成
ELK由Elasticsearch、Logstash和Kibana三部分組件組成; Elasticsearch是個開源分佈式搜索引擎,它的特色有:分佈式,零配置,自動發現,索引自動分片,索引副本機制, restful風格接口,多數據源,自動搜索負載等。 Logstash是一個徹底開源的工具,它能夠對你的日誌進行收集、分析,並將其存儲供之後使用 kibana 是一個開源和免費的工具,它能夠爲 Logstash 和 ElasticSearch 提供的日誌分析友好的 Web 界面, 能夠幫助您彙總、分析和搜索重要數據日誌。
四大組件
Logstash: logstash server端用來蒐集日誌; Elasticsearch: 存儲各種日誌; Kibana: web化接口用做查尋和可視化日誌; Logstash Forwarder: logstash client端用來經過lumberjack 網絡協議發送日誌到logstash server;
ELK工做流程
在須要收集日誌的全部服務上部署logstash,做爲logstash agent(logstash shipper)用於監控並過濾收集日誌,將過濾後
的內容發送到Redis,而後logstash indexer將日誌收集在一塊兒交給全文搜索服務ElasticSearch,能夠用ElasticSearch進行
自定義搜索經過Kibana 來結合自定義 搜索進行頁面展現。
ELK的幫助手冊
ELK官網:https://www.elastic.co/ ELK官網文檔:https://www.elastic.co/guide/index.html ELK中文手冊:http://kibana.logstash.es/content/elasticsearch/monitor/logging.html 註釋:ELK有兩種安裝方式 (1)集成環境:Logstash有一個集成包,裏面包括了其全套的三個組件;也就是安裝一個集成包。 (2)獨立環境:三個組件分別單獨安裝、運行、各司其職。(比較經常使用)
ELK環境搭建
logstash部署與配置
logstash安裝
註釋:logstash依賴JDK環境 首先 java -version 檢查服務器java環境 如發現環境未安裝 則先安裝java環境 wget https://download.elastic.co/logstash/logstash/logstash-1.5.4.tar.gz tar zxf logstash-1.5.4.tar.gz -C /usr/local/ 配置logstash的環境變量 echo "export PATH=\$PATH:/usr/local/logstash-1.5.4/bin" > /etc/profile.d/logstash.sh . /etc/profile
logstash啓動
logstash經常使用參數 -e :指定logstash的配置信息,能夠用於快速測試; -f :指定logstash的配置文件;能夠用於生產環境;
logstash配置詳解
下面咱們使用 -e參數指定logstash的配置信息,用於快速測試,直接輸出到屏幕php
# logstash -e "input {stdin{}} output {stdout{}}"
my name is MikePeng. //手動輸入後回車,等待10秒後會有返回結果
Logstash startup completed
2016-12-26T13:55:50.660Z 0.0.0.0 my name is MikePeng.
這種輸出是直接原封不動的返回...
下面咱們經過-e參數指定logstash的配置信息,用於快速測試,以json格式輸出到屏幕。html
# logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
my name is MikePeng. //手動輸入後回車,等待10秒後會有返回結果
Logstash startup completed
{
"message" => "my name is MikePeng.",
"@version" => "1",
"@timestamp" => "2016-12-26T13:57:31.851Z",
"host" => "0.0.0.0"
}
logstash以配置文件方式啓動java
vim logstash-simple.conf
----------------------------logstash-simple.conf----------------
input { stdin {} }
output {
stdout { codec=> rubydebug }
}
----------------------------------------------------------------
logstash -f logstash-simple.conf //普通方式啓動
Logstash startup completed
logstash agent -f logstash-simple.conf --verbose //開啓debug模式
Pipeline started {:level=>:info}
Logstash startup completed
hello world. //手動輸入hello world.
{
"message" => "hello world.",
"@version" => "1",
"@timestamp" => "2016-12-26T14:01:43.724Z",
"host" => "0.0.0.0"
}
logstash輸出信息存儲到redispython
vim logstash_to_redis.conf
-------------------------- logstash_to_redis.conf ------------
input { stdin { } }
output {
stdout { codec => rubydebug }
redis {
host => '192.168.201.73:7351'
data_type => 'list'
key => 'logstash:redis'
}
}
---------------------------------------------------------------
注:若是提示Failed to send event to Redis,表示鏈接Redis失敗或者沒有安裝,請檢查...
查看logstash的監聽端口號
logstash agent -f logstash_to_redis.conf --verbose
netstat -tnlp |grep java
tcp 0 0 :::9301 :::* LISTEN 1326/java
logstash消費kafka消息並寫入elasticsearchlinux
vim kafka_logstash_elasticsearch.conf
-------------------------- kafka_logstash_elasticsearch.conf ----------------
input {
kafka {
zk_connect => "192.168.201.73:2181" #kafka border
group_id => "elk_consumer" #所屬消費組
topic_id => "boyaa" #消費的topic
reset_beginning => false
consumer_threads => 5
decorate_events => true
}
}
output {
elasticsearch {
host => "192.168.201.73"
codec => "json"
protocol => "http"
}
}
logstash agent -f kafka_logstash_elasticsearch.conf --verbose
-------------------------------------------------------------------------------
Elasticsearch 部署與配置
安裝Elasticsearch
wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.2.tar.gz tar zxf elasticsearch-1.7.2.tar.gz -C /usr/local/
修改elasticsearch配置文件elasticsearch.ymlc++
vim /usr/local/elasticsearch-1.7.2/config/elasticsearch.yml -------------------------------elasticsearch.yml----------------------------- discovery.zen.ping.multicast.enabled: false #關閉廣播,若是局域網有機器開9300 端口,服務會啓動不了 network.host: 192.168.201.73 #指定主機地址,實際上是可選的,可是最好指定由於後面跟kibana集成的時候會 #報http鏈接出錯(直觀體現好像是監聽了:::9200 而不是0.0.0.0:9200) http.cors.allow-origin: "/.*/" http.cors.enabled: true #這2項都是解決跟kibana集成的問題,錯誤體現是 你的 elasticsearch 版本太低,其實不是 -----------------------------------------------------------------------------
Elasticsearch 啓動
/usr/local/elasticsearch-1.7.2/bin/elasticsearch #日誌會輸出到stdout /usr/local/elasticsearch-1.7.2/bin/elasticsearch -d #表示以daemon的方式啓動 nohup /usr/local/elasticsearch-1.7.2/bin/elasticsearch > /var/log/logstash.log 2>&1 & netstat -tnlp |grep java #查看elasticsearch的監聽端口 tcp 0 0 :::9200 :::* LISTEN 7407/java tcp 0 0 :::9300 :::* LISTEN 7407/java
logstash+Elasticsearch整合
將logstash的信息輸出到elasticsearch中
vim logstash-elasticsearch.conf
----------------------------logstash-elasticsearch.conf-----------------------
input { stdin {} }
output {
elasticsearch { host => "192.168.201.73" }
stdout { codec=> rubydebug }
}
------------------------------------------------------------------------------
/usr/local/logstash-1.5.4/bin/logstash agent -f logstash-elasticsearch.conf #啓動logstash
Pipeline started {:level=>:info}
Logstash startup completed
python linux java c++ //手動輸入
{
"message" => "python linux java c++",
"@version" => "1",
"@timestamp" => "2016-12-26T14:51:56.899Z",
"host" => "0.0.0.0"
}
curl命令發送請求來查看elasticsearch是否接收到了數據git
curl http://192.168.201.73:9200/_search?pretty { "took" : 28, "timed_out" : false, "_shards" : { "total" : 5, "successful" : 5, "failed" : 0 }, "hits" : { "total" : 1, "max_score" : 1.0, "hits" : [ { "_index" : "logstash-2016.12.26", "_type" : "logs", "_id" : "AVBH7-6MOwimSJSPcXjb", "_score" : 1.0, "_source":{"message":"python linux java c++","@version":"1","@timestamp":"2016-12-26T14:51:56.899Z","host":"0.0.0.0"} } ] } }
redis+logstash+Elasticsearch整合
vim redis-logstash-Elasticsearch.conf
---------------------------------- redis-logstash-Elasticsearch.conf ---------------------
input {
redis {
host => '192.168.201.73' # 我方便測試沒有指定password,最好指定password
data_type => 'list'
port => "6379"
key => 'logstash:redis' #自定義
type => 'redis-input' #自定義
}
}
output {
elasticsearch {
host => "192.168.201.73"
codec => "json"
protocol => "http" #版本1.0+ 必須指定協議http
}
}
------------------------------------------------------------------------------
/usr/local/logstash-1.5.4/bin/logstash agent -f redis-logstash-Elasticsearch.conf #啓動logstash
安裝elasticsearch插件
註釋:Elasticsearch-kopf插件能夠查詢Elasticsearch中的數據,安裝elasticsearch-kopf,只要在你安裝Elasticsearch的目錄中執行如下命令便可: cd /usr/local/elasticsearch-1.7.2/bin/ ./plugin install lmenezes/elasticsearch-kopf > Installing lmenezes/elasticsearch-kopf... Trying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip... Downloading ............................................................................................. Installed lmenezes/elasticsearch-kopf into /usr/local/elasticsearch-1.7.2/plugins/kopf 執行插件安裝後會提示失敗,頗有多是網絡等狀況... -> Installing lmenezes/elasticsearch-kopf... Trying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip... Failed to install lmenezes/elasticsearch-kopf, reason: failed to download out of all possible locations..., use --verbose to get detailed information 解決辦法就是手動下載該軟件,不經過插件安裝命令... cd /usr/local/elasticsearch-1.7.2/plugins wget https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip unzip master.zip mv elasticsearch-kopf-master kopf 以上操做就徹底等價於插件的安裝命令 netstat -tnlp |grep java tcp 0 0 :::9200 :::* LISTEN 7969/java tcp 0 0 :::9300 :::* LISTEN 7969/java tcp 0 0 :::9301 :::* LISTEN 8015/java
瀏覽器訪問kopf頁面訪問elasticsearch保存的數據github
安裝Kinaba
wget https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz tar zxf kibana-4.1.2-linux-x64.tar.gz -C /usr/local # vim /usr/local/kibana-4.1.2-linux-x64/config/kibana.yml elasticsearch_url: "http://192.168.201.73:9200"
/usr/local/kibana-4.1.2-linux-x64/bin/kibana #啓動kinaba
輸出如下信息,代表kinaba成功.
{"name":"Kibana","hostname":"localhost.localdomain","pid":1943,"level":30,"msg":"No existing kibana index found","time":"2016-12-26T00:39:21.617Z","v":0}
{"name":"Kibana","hostname":"localhost.localdomain","pid":1943,"level":30,"msg":"Listening on 0.0.0.0:5601","time":"2016-12-26T00:39:21.637Z","v":0}
kinaba默認監聽在本地的5601端口上
瀏覽器訪問kinaba http://192.168.201.73:5601/#/settings/indices/?_g=()
Kakfa+ELK 整合
相關文章
- 1. ELK部署詳解--filebeat
- 2. ELK部署詳解--elasticsearch
- 3. ELK部署詳解--kibana
- 4. 單機docker部署elk測試環境
- 5. 使用Docker1.13.1快速部署ELK環境
- 6. ELK環境部署(已踩坑)
- 7. 生產環境Elk Stack部署文檔
- 8. Flume 環境部署與配置詳解
- 9. Kafka 環境部署與配置詳解
- 10. ELK詳細安裝部署
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • C# 環境 - C#教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Duang!超快Wi-Fi來襲
- 2. 機器學習-補充03 神經網絡之**函數(Activation Function)
- 3. git上開源maven項目部署 多module maven項目(多module maven+redis+tomcat+mysql)後臺部署流程學習記錄
- 4. ecliple-tomcat部署maven項目方式之一
- 5. eclipse新導入的項目經常可以看到「XX cannot be resolved to a type」的報錯信息
- 6. Spark RDD的依賴於DAG的工作原理
- 7. VMware安裝CentOS-8教程詳解
- 8. YDOOK:Java 項目 Spring 項目導入基本四大 jar 包 導入依賴,怎樣在 IDEA 的項目結構中導入 jar 包 導入依賴
- 9. 簡單方法使得putty(windows10上)可以免密登錄樹莓派
- 10. idea怎麼用本地maven
歡迎關注本站公眾號,獲取更多信息
相關文章