elasticsearch + kibana + x-pack + logstash_集羣部署安裝

時間 2019-12-04

標籤 elasticsearch kibana pack logstash 集羣部署安裝欄目日誌分析简体版

原文原文鏈接

elasticsearch 部分整體描述：html

1.elasticsearch 的概念及特色。
概念：elasticsearch 是一個基於 lucene 的搜索服務器。lucene 是全文搜索的一個框架。
特色：
- 分佈式，可擴展，高可用
- 可以實時搜索分析數據。
- 複雜的 RESTful API。
總結：是一個採用RESTful API 標準，實現分佈式，可擴展以及高可用的實時數據存儲分析的全文搜索工具。java

2.elasticsearch 涉及的相關概念。(關係菲關係對比)
相關概念：
-Node：裝有一個 elasticsearch 服務器的節點。
-Cluster：有一個貨多個 Node 組成的集羣，共同工做。
-Document：一個可被搜索的基礎信息單元。
-Index：擁有類似特徵的文檔集合。
-Type：一個索引中科院定義一種或多種類型。
-Filed：是 elasticsearch 的最小單位，至關於數據的某一列。
-Shards：索引分紅若干份，每一份就是一個 shard。默認5份。
-Replicas：是索引的一份或者多份拷貝資料。

3.關係型與非關係型的對比：
databases ----> Index
table ----> Type
row ----> Document
column ----> filednode

4.內置字段和字段類型：
-內置字段：
_uid,_id,_type,_source,_all,_analyzer,_boost,_parent,_routing,_index,_size,_timestamp,_ttllinux

-字段類型：
staing,integer/long,float/double,boolean,null,date

5.elasticsearch 架構詳情。
-------待補充-------chrome

6.什麼是倒排索引。
概念：倒排索引(英語：Inverted index),也常被稱爲反向索引,置入檔案或反向檔案。
是一種索引方法,被用來存儲在全文索引下某個單詞在一個文檔或者一組文檔中的存儲位置的映射。
它是文檔檢索的系統中最經常使用的數據結構。
正向索引和倒排索引對比：
內容 -- 正向 --> 關鍵字/詞
內容 <--倒排 -- 關鍵字/詞shell

7.RESTful API 以及 curl。
概念：RESTful 表現層狀態轉化。
- 表現層：圖片,文件,視頻等。
- 轉化後：資源
API：應用程序接口。
RESTful API：一種資源操做的應用程序接口。bootstrap

curl：一個利用 URL 語法在命令行下工做的文件傳輸工具,支持文件上傳和下載。
curl經常使用參數：
- I 獲取頭部信息
- v 獲取握手過程
- o 保存文件
curl -o baidu.html www.baidu.com
curl -I -v www.baidu.comswift

【聲明個人是阿里雲服務器-有公網和內網，訪問網站用外網。部署配置文件用內網切記阿里雲鬚要到安全組添加對應的訪問端口，否則怎麼都訪問不了外網！】
【本文中應用的是本地虛擬機作出來的。雲服務器能夠這麼操做】
【若有不懂加我QQ：1322734677】
【安裝 elasticsearch + kibana + x-pack + logstash】 // 【kibana 安裝在後面】
8.elasticsearch 單機/集羣安裝配置。單機安裝(elasticsearch)vim

【注意】防火牆和selinux 都是關閉的api

【1】添加用戶（啓動elasticsearch使用）以及_解析集羣配置。我這裏是 4 臺
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# useradd -m elastic
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# passwd elastic
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# vim /etc/hosts
192.168.191.1.110 iZuf6j20vqe3q83v5tjwd0Z node-1
192.168.191.1.120 iZuf6j20vqe3q83v5tjwd1Z node-2
192.168.191.1.130 iZuf6j20vqe3q83v5tjwd2Z node-3
192.168.191.1.140 iZuf6j20vqe3q83v5tjwd2Z node-4

【1.2】編輯解析 node1 節點每一個集羣節點都配置下就行了
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node-1

【2】新建目錄/var/log/elasticsearch/和/var/lib/elasticsearch/用於存放日誌和數據更改目錄屬組和屬主
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# mkdir -p /var/log/elasticsearch
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# mkdir -p /var/lib/elasticsearch
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# chown elastic:elastic /var/log/elasticsearch/
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# chown elastic:elastic /var/lib/elasticsearch/

【3】編輯 sysctl.conf
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# vim /etc/sysctl.conf
vm.max_map_count=262144 約等於=26M 最低要求

【3.1】查看添加的變量
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# grep vm.max_map_count /etc/sysctl.conf
vm.max_map_count=262144

【3.2】使環境變量當即生效
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# sysctl -p

【4】編輯 limits.conf 修改用戶最大文件數等限制
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# vim /etc/security/limits.conf
elastic soft nofile 65535
elastic hard nofile 65535
elastic soft memlock unlimited
elastic hard memlock unlimited

【5】安裝 jdk1.8.181
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# mkdir -p /usr/java
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# mkdir software
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# cd software/

【5.1】下載 java-1.8 JDK 如下是百度網盤的下載地址：
連接：https://pan.baidu.com/s/1J_Wo42a0CEnC2Bn8f-sS0Q 提取碼：5vvd

[root@iZuf6j20vqe3q83v5tjwd2Z software]# tar -zxvf jdk-8u181-linux-x64.tar.gz -C /usr/java/

【5.2】查看安裝的 java 環境
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

【5.3】添加 java-1.8 JDK 環境變量
[root@iZuf6j20vqe3q83v5tjwd2Z software]# vim /etc/profile
JAVA_HOME=/usr/java/jdk1.8.0_181/
PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/BIN:$PATH
CLASSPATH=$CLASSPATH:.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib
export JAVA_HOME CLASSPATH PATH

【5.4】使環境變量當即生效
[root@iZuf6j20vqe3q83v5tjwd0Z software]# source /etc/profile

【6】下載安裝 elasticsearch。
[root@iZuf6j20vqe3q83v5tjwd0Z software]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.1.1-linux-x86_64.tar.gz
[root@iZuf6j20vqe3q83v5tjwd0Z software]# tar -zxvf elasticsearch-7.1.1-linux-x86_64.tar.gz -C /opt/
[root@iZuf6j20vqe3q83v5tjwd0Z software]# mv /opt/elasticsearch-7.1.1 /opt/elasticsearch
[root@iZuf6j20vqe3q83v5tjwd0Z software]# chown -R elastic:elastic /opt/elasticsearch/*
[root@iZuf6j20vqe3q83v5tjwd0Z software]# vim /opt/elasticsearch/config/elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-es 集羣名各個節點必須統一
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1 節點名
#
# Add custom attributes to the node:
#mi
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch 數據路徑
#
# Path to log files:
#
path.logs: /var/log/elasticsearch 日誌路徑
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 192.168.1.110 綁定ip
#
# Set a custom port for HTTP:
#
http.port: 9200 http端口
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.1.110", "192.168.1.120", "192.168.1.130", "192.168.1.140"] 發現集羣 ip
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1", "node-2", "node-3", "node-4"] 指定那些節點能夠競選 master
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
gateway.recover_after_nodes: 1 // 集羣節點最少是幾臺，這裏是 1 也就是說其餘兩臺掛了還能夠用集羣！固然也能夠不開放這個。根據我的需求
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

【7】查看配置文件的參數
[root@iZuf6j20vqe3q83v5tjwd0Z software]# grep -Ev "^#|^$" /opt/elasticsearch/config/elasticsearch.yml
cluster.name: my-es
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.110
discovery.seed_hosts: ["192.168.1.110", "192.168.1.120", "192.168.1.130", "192.168.1.140"]
cluster.initial_master_nodes: ["node-1", "node-2", "node-3", "node-4"]
gateway.recover_after_nodes: 1

【7.1】複製/opt/elasticsearch整個目錄到另外兩個節點，elasticsearch.yml文件內容大部分都同樣只須要修改如下兩個參數
節點2
node.name: node-2
network.host: 192.168.1.120

節點3
node.name: node-3
network.host: 192.168.1.130

節點4
node.name: node-3
network.host: 192.168.1.140

【7.2】啓動程序命令不支持 root 用戶啓動，必須切換到普通用戶下去啓動，咱們須要在後臺啓動，這樣當咱們退出時，應用仍在後臺運行
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# su - elastic
[elastic@iZuf6j20vqe3q83v5tjwd0Z ~]$ /opt/elasticsearch/bin/elasticsearch -d 後臺啓動

【7.3】關閉程序須要殺進程查看進程
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# ps -ef | grep elasticsearch

【8】編輯 elasticsearch 啓動腳本
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# vim /etc/init.d/elasticsearch
#!/bin/bash
#chkconfig: 2345 80 05
#description: elasticsearch

case "$1" in
start)
su - elastic<<!
cd /opt/elasticsearch/
./bin/elasticsearch -d
!
echo "elasticsearch startup"
;;
stop)
elasticsearch_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
kill $elasticsearch_pid
echo "elasticsearch stopped"
;;
restart)
elasticsearch_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
kill $elasticsearch_pid
echo "elasticsearch stopped"
su - elastic<<!
cd /opt/elasticsearch/
./bin/elasticsearch -d
!
echo "elasticsearch startup"
;;
*)
echo "start|stop|restart"
;;
esac

exit $?

【8.1】給腳本添加權限目前腳本只能 start 與 stop
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# chmod -R +755 /etc/init.d/elasticsearch

【8.2】設置啓動項
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# chkconfig --add elasticsearch
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# /etc/init.d/elasticsearch start

【8.3】查看集羣狀態
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# curl -XGET 'http://192.168.1.110:9200/_cat/nodes?v' //根據本身定義的集羣 IP 看
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.1.130 22 23 0 0.00 0.01 0.05 mdi - node-3
192.168.1.120 21 23 4 0.00 0.05 0.05 mdi * node-2
192.168.1.110 9 42 1 0.04 0.08 0.11 mdi - node-1
192.168.1.140 10 31 3 0.01 0.04 0.09 mdi - node-4

【8.4】若是集羣起不來刪除文件就能夠起來啦
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# rm -rf /var/lib/elasticsearch/*
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# rm -rf /var/log/elasticsearch/*

【8.5】百度網頁進行訪問
http:本服務器IP:9200 這樣就能夠進行訪問了！

【kibana】安裝與部署下載安裝
【1】下載安裝
[root@iZuf6j20vqe3q83v5tjwd0Z ~]# cd software/
[root@iZuf6j20vqe3q83v5tjwd0Z software]# wget https://artifacts.elastic.co/downloads/kibana/kibana-7.1.1-linux-x86_64.tar.gz
[root@iZuf6j20vqe3q83v5tjwd0Z software]# shasum -a 512 kibana-7.1.1-linux-x86_64.tar.gz
[root@iZuf6j20vqe3q83v5tjwd0Z software]# tar -zxvf kibana-7.1.1-linux-x86_64.tar.gz -C /opt/
[root@iZuf6j20vqe3q83v5tjwd0Z software]# mv /opt/kibana-7.1.1-linux-x86_64/ /opt/kibana

【2】修改編譯 kibana 配置文件屬性
[root@iZuf6j20vqe3q83v5tjwd0Z config]# vim /opt/kibana/config/kibana.yml

【2.1】查看修改的文件配置參數
[root@iZuf6j20vqe3q83v5tjwd0Z config]# grep -Ev "^#|^$" /opt/kibana/config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.1.110:9200"]
kibana.index: ".newkibana"
pid.file: /var/run/kibana.pid

【2.2】啓動 kibana 使用）以及_解析
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# cd /opt/kibana/
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# ./bin/kibana //回車啓動

【3】啓動報錯排查錯誤
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# grep ERROR /opt/kibana/data/headless_shell-linux/chrome_debug.log //查看日誌
[0618/134738.048223:ERROR:egl_util.cc(59)] Failed to load GLES library: /opt/kibana/data/headless_shell-linux/swiftshader/libGLESv2.so: cannot open shared object file: No such file or directory
[0618/140029.258985:ERROR:egl_util.cc(59)] Failed to load GLES library: /opt/kibana/data/headless_shell-linux/swiftshader/libGLESv2.so: file too short
[0618/140717.891370:ERROR:egl_util.cc(59)] Failed to load GLES library: /opt/kibana/data/headless_shell-linux/swiftshader/libGLESv2.so: file too short
[0618/141002.924684:ERROR:egl_util.cc(59)] Failed to load GLES library: /opt/kibana/data/headless_shell-linux/swiftshader/libGLESv2.so: file too short
[0618/141002.929251:ERROR:viz_main_impl.cc(184)] Exiting GPU process due to errors during initialization

【3.1】解決啓動報錯
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# mkdir -p /opt/kibana/data/headless_shell-linux/swiftshader/
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# touch libGLESv2.so
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# chmod -R +755 /opt/kibana/data/headless_shell-linux/swiftshader/libGLESv2.so

【3.2】從新啓動
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# cd /opt/kibana/
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# nohup ./bin/kibana & //回車啓動放在後臺執行

【3.3】或者後臺不啓動日誌啓動
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# nohup ./bin/kibana > /dev/null 2>&1 &

【3.4】kibana 設置開機啓動
[root@iZuf6j20vqe3q83v5tjwd0Z kibana]# cd /etc/init.d/
[root@iZuf6j20vqe3q83v5tjwd0Z init.d]# vim kibana
#!/bin/bash
# chkconfig: 2345 98 02
# description: kibana
KIBANA_HOME=/opt/kibana
case $1 in
start) $KIBANA_HOME/bin/kibana &;;
*) echo "require start";;
esac

[root@iZuf6j20vqe3q83v5tjwd0Z init.d]# chmod +x kibana
[root@iZuf6j20vqe3q83v5tjwd0Z init.d]# chkconfig --add kibana
[root@iZuf6j20vqe3q83v5tjwd0Z init.d]# /etc/init.d/kibana start

【4】百度網頁進行訪問
http:本服務器IP:5601 這樣就能夠進行訪問了！

【x-pack】安裝與部署
【1】安裝與部署因爲在elasticsearch在6.3版本以後x-pack是默認安裝好的，因此再也不須要用戶本身去安裝
【1.1】在任何一臺集羣節點上操做均可以
[root@iZuf6j20vqe3q83v5tjwd0Z software]# vim /opt/elasticsearch/config/elasticsearch.yml
xpack.security.enabled: true //最後添加一條記錄。有幾臺節點就重啓幾臺節點

[root@iZuf6j20vqe3q83v5tjwd0Z software]# grep -Ev "^#|^$" /opt/elasticsearch/config/elasticsearch.yml //遍歷查詢一下數據信息
cluster.name: my-es_tion
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.1.110
http.port: 9200
discovery.seed_hosts: ["192.168.1.110", "192.168.1.120", "192.168.1.130", "192.168.1.140"]
cluster.initial_master_nodes: ["node-1", "node-2", "node-3", "node-4"]
xpack.security.enabled: true //最後添加一條記錄。有幾臺節點就重啓幾臺節點

[root@iZuf6j20vqe3q83v5tjwd0Z software]# /etc/init.d/elasticsearch stop //關閉 elasticsearch 服務器的節點。有幾臺節點就重啓幾臺節點
[root@iZuf6j20vqe3q83v5tjwd0Z software]# /etc/init.d/elasticsearch start //啓動 elasticsearch 服務器的節點。有幾臺節點就重啓幾臺節點

[root@iZuf6j20vqe3q83v5tjwd0Z software]# cd /opt/elasticsearch //進入 elasticsearch 當前家目錄

[root@iZuf6j20vqe3q83v5tjwd0Z software]# ./bin/elasticsearch-setup-passwords -h //查看幫助
Sets the passwords for reserved users

Commands
--------
auto - Uses randomly generated passwords #主要命令選項，表示系統將使用隨機字符串設置密碼
interactive - Uses passwords entered by a user #主要命令選項，表示使用用戶輸入的字符串做爲密碼

Non-option arguments:
command

Option Description
------ -----------
-h, --help show help
-s, --silent show minimal output
-v, --verbose show verbose output
[elastic@es-node1 bin]$ ./elasticsearch-setup-passwords auto #爲了演示效果，這裏咱們使用系統自動建立
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system,beats_system.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y #選擇y

Changed password for user kibana #kibana角色和密碼
PASSWORD kibana = 4VXPRYIVibyAbjugK6Ok

Changed password for user logstash_system #logstash角色和密碼
PASSWORD logstash_system = 2m4uVdSzDzpt9OEmNin5

Changed password for user beats_system #beast角色和密碼
PASSWORD beats_system = O8VOzAaD3fO6bstCGDyQ

Changed password for user elastic #elasticsearch角色和密碼
PASSWORD elastic = 1TWVMeN8tiBy917thUxq

[root@iZuf6j20vqe3q83v5tjwd0Z software]# ./bin/elasticsearch-setup-passwords interactive //例如密碼安全驗證功能。輸入用戶爲 elastic 密碼爲 12345678

[root@iZuf6j20vqe3q83v5tjwd0Z bin]# vim /opt/kibana/config/kibana.yml //添加或者修改一下如下記錄
elasticsearch.username: "elastic"
elasticsearch.password: "12345678"
xpack.security.enabled: true
xpack.security.encryptionKey: "4297f44b13955235245b2497399d7a93"

[root@iZuf6j20vqe3q83v5tjwd0Z bin]# grep -Ev "^#|^$" /opt/kibana/config/kibana.yml //遍歷查詢一下數據信息
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.1.110:9200"]
kibana.index: ".newkibana"
elasticsearch.username: "elastic"
elasticsearch.password: "12345678"
xpack.security.enabled: true
xpack.security.encryptionKey: "4297f44b13955235245b2497399d7a93"

[root@iZuf6j20vqe3q83v5tjwd0Z bin]# ps -ef | grep kibana //查看 kibana 進程
[root@iZuf6j20vqe3q83v5tjwd0Z bin]# kill -9 kibana.id // kibana.id 是 kinaba 的進程號
[root@iZuf6j20vqe3q83v5tjwd0Z bin]# cd /opt/kibana // 進入 kibana 服務的當前家目錄
[root@iZuf6j20vqe3q83v5tjwd0Z bin]# nohup ./bin/kibana > /dev/null 2>&1 & // 回車啓動放在後臺執行

【2】破解 x-pack 30 天的期限
替換x-pack-core-7.1.1.jar文件已經作好的文件替換就行了下載地址是百度網盤

連接：https://pan.baidu.com/s/1yZajXMNUJqNhWJ8Ix5md8w 提取碼：5un1
注意：以上連接是 7.1.1 的版本別的版本沒有

【2.1】把對應下載下來的文件替換到你對應服務器目錄的文件下我把從百度網盤上下載的文件放在 /root/software 目錄下
[root@iZuf6j20vqe3q83v5tjwd0Z software]# find / -name x-pack-core-7.1.1.jar
/opt/elasticsearch/modules/x-pack-core/x-pack-core-7.1.1.jar

[root@iZuf6j20vqe3q83v5tjwd0Z software]# rm -rf /opt/elasticsearch/modules/x-pack-core/x-pack-core-7.1.1.jar
[root@iZuf6j20vqe3q83v5tjwd0Z software]# mv x-pack-core-7.1.1.jar /opt/elasticsearch/modules/x-pack-core/

【2.2】申請 License 能夠到官方網站去申請
https://www.elastic.co/guide/en/elastic-stack-overview/7.1/license-management.html

【2.3】若有不懂能夠訪問如下網站進行操做
https://www.ipyker.com/2019/03/13/elastic-x-pack.html

【logstash】安裝與部署
【1】下載安裝
[root@iZuf6j20vqe3q83v5tjwd0Z software]# pwd //查看當前所在目錄
/root/software

[root@iZuf6j20vqe3q83v5tjwd0Z software]# curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-7.1.1.tar.gz
[root@iZuf6j20vqe3q83v5tjwd0Z software]# tar -zxvf logstash-7.1.1.tar.gz -C /opt/

[root@iZuf6j20vqe3q83v5tjwd0Z software]# mv /opt/logstash-7.1.1 /opt/logstash
[root@iZuf6j20vqe3q83v5tjwd0Z software]# cd /opt/logstash/bin/
[root@iZuf6j20vqe3q83v5tjwd0Z bin]# ./logstash -e 'input { stdin{} } output { stdout{} }' //這條語句會執行的比較慢會卡好久_耐心等待
Sending Logstash logs to /opt/logstash/logs which is now configured via log4j2.properties
[2019-06-21T18:33:05,235][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/opt/logstash/data/queue"}
[2019-06-21T18:33:05,450][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/opt/logstash/data/dead_letter_queue"}
[2019-06-21T18:33:06,507][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-06-21T18:33:06,554][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.1.1"}
[2019-06-21T18:33:06,615][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"15ed32aa-f29a-4e2c-b218-980b547a0bd2", :path=>"/opt/logstash/data/uuid"}
[2019-06-21T18:33:24,662][INFO ][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>125, :thread=>"#<Thread:0x1e7a9630 run>"}
[2019-06-21T18:33:24,851][INFO ][logstash.javapipeline ] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2019-06-21T18:33:24,959][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-06-21T18:33:26,315][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-06-21T18:37:10,372][WARN ][logstash.runner ] SIGINT received. Shutting down.
[2019-06-21T18:37:10,608][FATAL][logstash.runner ] SIGINT received. Terminating immediately..

【2】因爲今天是週五，我着急回去，筆者就不寫了！可是分享了一個連接給大家！如下是連接地址！

【3】按照此連接操做就行了！安裝 logstash 日誌收集器https://www.cnblogs.com/dyh004/p/9638675.html