ElasticStack的入門學習

Beats，Logstash負責數據收集與處理。至關於ETL（Extract Transform Load）。
Elasticsearch負責數據存儲、查詢、分析。
Kibana負責數據探索與可視化分析。

一、Elasticsearch 6.x版本的安裝，我這裏使用Elasticsearch 6.7.0版本的。

備註：以前安裝過5.4.3版本的，http://www.javashuo.com/article/p-ojobhgzk-bk.html

二、將下載好的安裝包上傳到服務器上面，或者你在線下載也能夠的哦。

注意：記得先安裝好jdk1.8版本及其以上的哦。因爲以前安裝出現了錯誤，有了一點經驗，這裏先建立用戶和所屬組。

 1 [root@slaver4 package]# groupadd elsearch  2 [root@slaver4 package]# useradd elsearch -g elsearch  3 [root@slaver4 package]# passwd elsearch  4 更改用戶 elsearch 的密碼 。  5 新的 密碼：  6 無效的密碼： 密碼少於 8 個字符  7 從新輸入新的 密碼：  8 passwd：全部的身份驗證令牌已經成功更新。  9 [root@slaver4 package]# tar -zxvf elasticsearch-6.7.0.tar.gz -C /home/hadoop/soft/
10 [root@slaver4 soft]# chown -R elsearch:elsearch elasticsearch-6.7.0/
11 [root@slaver4 soft]# ls 12 elasticsearch-6.7.0
13 [root@slaver4 soft]# ll 14 總用量 8
15 drwxr-xr-x. 8 elsearch elsearch 143 3月  21 2019 elasticsearch-6.7.0
16 [root@slaver4 soft]# 17 [root@slaver4 soft]# su elsearch 18 [elsearch@slaver4 soft]$ cd elasticsearch-6.7.0/
19 [elsearch@slaver4 elasticsearch-6.7.0]$ ls 20 bin config lib LICENSE.txt logs modules NOTICE.txt plugins README.textile 21 [elsearch@slaver4 elasticsearch-6.7.0]$ cd bin/
22 [elsearch@slaver4 bin]$ ls 23 elasticsearch               elasticsearch-cli.bat       elasticsearch-migrate            elasticsearch-service-mgr.exe      elasticsearch-sql-cli-6.7.0.jar  elasticsearch-users.bat  x-pack-watcher-env.bat 24 elasticsearch.bat           elasticsearch-croneval      elasticsearch-migrate.bat        elasticsearch-service-x64.exe      elasticsearch-sql-cli.bat        x-pack 25 elasticsearch-certgen       elasticsearch-croneval.bat  elasticsearch-plugin             elasticsearch-setup-passwords      elasticsearch-syskeygen          x-pack-env 26 elasticsearch-certgen.bat   elasticsearch-env           elasticsearch-plugin.bat         elasticsearch-setup-passwords.bat  elasticsearch-syskeygen.bat      x-pack-env.bat 27 elasticsearch-certutil      elasticsearch-env.bat       elasticsearch-saml-metadata      elasticsearch-shard                elasticsearch-translog           x-pack-security-env 28 elasticsearch-certutil.bat  elasticsearch-keystore      elasticsearch-saml-metadata.bat  elasticsearch-shard.bat            elasticsearch-translog.bat       x-pack-security-env.bat 29 elasticsearch-cli           elasticsearch-keystore.bat  elasticsearch-service.bat        elasticsearch-sql-cli              elasticsearch-users              x-pack-watcher-env 30 [elsearch@slaver4 bin]$ ./elasticsearch

此次竟然很順利，可是在瀏覽器使用http://192.168.110.133:9200/訪問是不行的，這裏修改一下配置文件，使用瀏覽器也能夠進行訪問。

 1 [elsearch@slaver4 bin]$ ./elasticsearch  2 OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N  3 [2019-10-25T15:09:46,963][INFO ][o.e.e.NodeEnvironment    ] [99_nTdv] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [10.5gb], net total_space [17.7gb], types [rootfs]  4 [2019-10-25T15:09:46,968][INFO ][o.e.e.NodeEnvironment    ] [99_nTdv] heap size [1015.6mb], compressed ordinary object pointers [true]  5 [2019-10-25T15:09:46,978][INFO ][o.e.n.Node               ] [99_nTdv] node name derived from node ID [99_nTdvNRUS0U0dJBpu7kA]; set [node.name] to override
 6 [2019-10-25T15:09:46,978][INFO ][o.e.n.Node               ] [99_nTdv] version[6.7.0], pid[8690], build[default/tar/8453f77/2019-03-21T15:32:29.844721Z], OS[Linux/3.10.0-957.el7.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_181/25.181-b13]  7 [2019-10-25T15:09:46,978][INFO ][o.e.n.Node               ] [99_nTdv] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch-8871744481955517150, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/home/hadoop/soft/elasticsearch-6.7.0, -Des.path.conf=/home/hadoop/soft/elasticsearch-6.7.0/config, -Des.distribution.flavor=default, -Des.distribution.type=tar]  8 [2019-10-25T15:09:58,240][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [aggs-matrix-stats]  9 [2019-10-25T15:09:58,241][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [analysis-common] 10 [2019-10-25T15:09:58,241][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [ingest-common] 11 [2019-10-25T15:09:58,241][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [ingest-geoip] 12 [2019-10-25T15:09:58,241][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [ingest-user-agent] 13 [2019-10-25T15:09:58,241][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [lang-expression] 14 [2019-10-25T15:09:58,242][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [lang-mustache] 15 [2019-10-25T15:09:58,242][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [lang-painless] 16 [2019-10-25T15:09:58,242][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [mapper-extras] 17 [2019-10-25T15:09:58,242][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [parent-join] 18 [2019-10-25T15:09:58,243][INFO ][o.e.p.PluginsService ] [99_nTdv] loaded module [percolator] 19 [2019-10-25T15:09:58,243][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [rank-eval] 20 [2019-10-25T15:09:58,243][INFO ][o.e.p.PluginsService ] [99_nTdv] loaded module [reindex] 21 [2019-10-25T15:09:58,243][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [repository-url] 22 [2019-10-25T15:09:58,243][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [transport-netty4] 23 [2019-10-25T15:09:58,243][INFO ][o.e.p.PluginsService ] [99_nTdv] loaded module [tribe] 24 [2019-10-25T15:09:58,243][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-ccr] 25 [2019-10-25T15:09:58,244][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-core] 26 [2019-10-25T15:09:58,244][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-deprecation] 27 [2019-10-25T15:09:58,244][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-graph] 28 [2019-10-25T15:09:58,245][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-ilm] 29 [2019-10-25T15:09:58,245][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-logstash] 30 [2019-10-25T15:09:58,245][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-ml] 31 [2019-10-25T15:09:58,245][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-monitoring] 32 [2019-10-25T15:09:58,245][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-rollup] 33 [2019-10-25T15:09:58,245][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-security] 34 [2019-10-25T15:09:58,245][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-sql] 35 [2019-10-25T15:09:58,246][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-upgrade] 36 [2019-10-25T15:09:58,246][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-watcher] 37 [2019-10-25T15:09:58,246][INFO ][o.e.p.PluginsService ] [99_nTdv] no plugins loaded 38 [2019-10-25T15:10:17,907][INFO ][o.e.x.s.a.s.FileRolesStore] [99_nTdv] parsed [0] roles from file [/home/hadoop/soft/elasticsearch-6.7.0/config/roles.yml] 39 [2019-10-25T15:10:20,420][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [99_nTdv] [controller/8755] [Main.cc@109] controller (64 bit): Version 6.7.0 (Build d74ae2ac01b10d) Copyright (c) 2019 Elasticsearch BV 40 [2019-10-25T15:10:23,540][DEBUG][o.e.a.ActionModule       ] [99_nTdv] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security 41 [2019-10-25T15:10:24,562][INFO ][o.e.d.DiscoveryModule    ] [99_nTdv] using discovery type [zen] and host providers [settings] 42 [2019-10-25T15:10:28,665][INFO ][o.e.n.Node ] [99_nTdv] initialized 43 [2019-10-25T15:10:28,666][INFO ][o.e.n.Node ] [99_nTdv] starting ... 44 [2019-10-25T15:10:29,316][INFO ][o.e.t.TransportService   ] [99_nTdv] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300} 45 [2019-10-25T15:10:29,379][WARN ][o.e.b.BootstrapChecks    ] [99_nTdv] max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535] 46 [2019-10-25T15:10:29,380][WARN ][o.e.b.BootstrapChecks    ] [99_nTdv] max number of threads [3756] for user [elsearch] is too low, increase to at least [4096] 47 [2019-10-25T15:10:29,380][WARN ][o.e.b.BootstrapChecks    ] [99_nTdv] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 48 [2019-10-25T15:10:32,536][INFO ][o.e.c.s.MasterService    ] [99_nTdv] zen-disco-elected-as-master ([0] nodes joined), reason: new_master {99_nTdv}{99_nTdvNRUS0U0dJBpu7kA}{MMkMOY4eSzmE1qOyNEXang}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=1019797504, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} 49 [2019-10-25T15:10:32,545][INFO ][o.e.c.s.ClusterApplierService] [99_nTdv] new_master {99_nTdv}{99_nTdvNRUS0U0dJBpu7kA}{MMkMOY4eSzmE1qOyNEXang}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=1019797504, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {99_nTdv}{99_nTdvNRUS0U0dJBpu7kA}{MMkMOY4eSzmE1qOyNEXang}{127.0.0.1}{127.0.0.1:9300}{ml.machine_memory=1019797504, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]]) 50 [2019-10-25T15:10:32,902][INFO ][o.e.h.n.Netty4HttpServerTransport] [99_nTdv] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200} 51 [2019-10-25T15:10:32,903][INFO ][o.e.n.Node ] [99_nTdv] started 52 [2019-10-25T15:10:32,945][WARN ][o.e.x.s.a.s.m.NativeRoleMappingStore] [99_nTdv] Failed to clear cache for realms [[]] 53 [2019-10-25T15:10:33,180][INFO ][o.e.g.GatewayService     ] [99_nTdv] recovered [0] indices into cluster_state 54 [2019-10-25T15:10:34,414][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.triggered_watches] for index patterns [.triggered_watches*] 55 [2019-10-25T15:10:34,832][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.watch-history-9] for index patterns [.watcher-history-9*] 56 [2019-10-25T15:10:34,904][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.watches] for index patterns [.watches*] 57 [2019-10-25T15:10:35,020][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-6-*] 58 [2019-10-25T15:10:35,158][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.monitoring-es] for index patterns [.monitoring-es-6-*] 59 [2019-10-25T15:10:35,237][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.monitoring-beats] for index patterns [.monitoring-beats-6-*] 60 [2019-10-25T15:10:35,304][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.monitoring-alerts] for index patterns [.monitoring-alerts-6] 61 [2019-10-25T15:10:35,395][INFO ][o.e.c.m.MetaDataIndexTemplateService] [99_nTdv] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-6-*] 62 [2019-10-25T15:10:35,761][INFO ][o.e.l.LicenseService     ] [99_nTdv] license [3bf82dcc-622e-4a1e-ab9e-a2eb1a194bde] mode [basic] - valid

使用命令curl http://127.0.0.1:9200/是正常的。

 1 [elsearch@slaver4 soft]$ curl http://127.0.0.1:9200/
 2 {  3   "name" : "99_nTdv",  4   "cluster_name" : "elasticsearch",  5   "cluster_uuid" : "6bArPJypRwGiWMARLwW0kg",  6   "version" : {  7     "number" : "6.7.0",  8     "build_flavor" : "default",  9     "build_type" : "tar", 10     "build_hash" : "8453f77", 11     "build_date" : "2019-03-21T15:32:29.844721Z", 12     "build_snapshot" : false, 13     "lucene_version" : "7.7.0", 14     "minimum_wire_compatibility_version" : "5.6.0", 15     "minimum_index_compatibility_version" : "5.0.0"
16  }, 17   "tagline" : "You Know, for Search"
18 }

在配置文件elasticsearch.yml中添加以下所示配置：

network.host: 192.168.110.133

1 [elsearch@slaver4 soft]$ cd elasticsearch-6.7.0/
2 [elsearch@slaver4 elasticsearch-6.7.0]$ ls 3 bin config data lib LICENSE.txt logs modules NOTICE.txt plugins README.textile 4 [elsearch@slaver4 elasticsearch-6.7.0]$ cd config/
5 [elsearch@slaver4 config]$ ls 6 elasticsearch.keystore elasticsearch.yml jvm.options log4j2.properties role_mapping.yml roles.yml users users_roles 7 [elsearch@slaver4 config]$ vim elasticsearch.yml

好吧，這個配置文件一修改就報錯了，錯誤和第一次基本一致，這裏也貼一下吧。

 1 [elsearch@slaver4 bin]$ ./elasticsearch  2 OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N  3 [2019-10-25T15:20:42,865][INFO ][o.e.e.NodeEnvironment    ] [99_nTdv] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [10.5gb], net total_space [17.7gb], types [rootfs]  4 [2019-10-25T15:20:42,901][INFO ][o.e.e.NodeEnvironment    ] [99_nTdv] heap size [1015.6mb], compressed ordinary object pointers [true]  5 [2019-10-25T15:20:42,911][INFO ][o.e.n.Node               ] [99_nTdv] node name derived from node ID [99_nTdvNRUS0U0dJBpu7kA]; set [node.name] to override
 6 [2019-10-25T15:20:42,911][INFO ][o.e.n.Node               ] [99_nTdv] version[6.7.0], pid[8990], build[default/tar/8453f77/2019-03-21T15:32:29.844721Z], OS[Linux/3.10.0-957.el7.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_181/25.181-b13]  7 [2019-10-25T15:20:42,912][INFO ][o.e.n.Node               ] [99_nTdv] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch-8887605790162217955, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/home/hadoop/soft/elasticsearch-6.7.0, -Des.path.conf=/home/hadoop/soft/elasticsearch-6.7.0/config, -Des.distribution.flavor=default, -Des.distribution.type=tar]  8 [2019-10-25T15:20:56,645][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [aggs-matrix-stats]  9 [2019-10-25T15:20:56,648][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [analysis-common] 10 [2019-10-25T15:20:56,650][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [ingest-common] 11 [2019-10-25T15:20:56,651][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [ingest-geoip] 12 [2019-10-25T15:20:56,652][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [ingest-user-agent] 13 [2019-10-25T15:20:56,653][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [lang-expression] 14 [2019-10-25T15:20:56,673][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [lang-mustache] 15 [2019-10-25T15:20:56,674][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [lang-painless] 16 [2019-10-25T15:20:56,675][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [mapper-extras] 17 [2019-10-25T15:20:56,675][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [parent-join] 18 [2019-10-25T15:20:56,677][INFO ][o.e.p.PluginsService ] [99_nTdv] loaded module [percolator] 19 [2019-10-25T15:20:56,677][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [rank-eval] 20 [2019-10-25T15:20:56,677][INFO ][o.e.p.PluginsService ] [99_nTdv] loaded module [reindex] 21 [2019-10-25T15:20:56,677][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [repository-url] 22 [2019-10-25T15:20:56,677][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [transport-netty4] 23 [2019-10-25T15:20:56,678][INFO ][o.e.p.PluginsService ] [99_nTdv] loaded module [tribe] 24 [2019-10-25T15:20:56,678][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-ccr] 25 [2019-10-25T15:20:56,678][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-core] 26 [2019-10-25T15:20:56,678][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-deprecation] 27 [2019-10-25T15:20:56,678][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-graph] 28 [2019-10-25T15:20:56,679][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-ilm] 29 [2019-10-25T15:20:56,679][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-logstash] 30 [2019-10-25T15:20:56,680][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-ml] 31 [2019-10-25T15:20:56,683][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-monitoring] 32 [2019-10-25T15:20:56,703][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-rollup] 33 [2019-10-25T15:20:56,703][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-security] 34 [2019-10-25T15:20:56,703][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-sql] 35 [2019-10-25T15:20:56,704][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-upgrade] 36 [2019-10-25T15:20:56,704][INFO ][o.e.p.PluginsService     ] [99_nTdv] loaded module [x-pack-watcher] 37 [2019-10-25T15:20:56,706][INFO ][o.e.p.PluginsService ] [99_nTdv] no plugins loaded 38 [2019-10-25T15:21:18,215][INFO ][o.e.x.s.a.s.FileRolesStore] [99_nTdv] parsed [0] roles from file [/home/hadoop/soft/elasticsearch-6.7.0/config/roles.yml] 39 [2019-10-25T15:21:21,668][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [99_nTdv] [controller/9054] [Main.cc@109] controller (64 bit): Version 6.7.0 (Build d74ae2ac01b10d) Copyright (c) 2019 Elasticsearch BV 40 [2019-10-25T15:21:24,554][DEBUG][o.e.a.ActionModule       ] [99_nTdv] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security 41 [2019-10-25T15:21:25,965][INFO ][o.e.d.DiscoveryModule    ] [99_nTdv] using discovery type [zen] and host providers [settings] 42 [2019-10-25T15:21:29,066][INFO ][o.e.n.Node ] [99_nTdv] initialized 43 [2019-10-25T15:21:29,066][INFO ][o.e.n.Node ] [99_nTdv] starting ... 44 [2019-10-25T15:21:29,420][INFO ][o.e.t.TransportService   ] [99_nTdv] publish_address {192.168.110.133:9300}, bound_addresses {192.168.110.133:9300} 45 [2019-10-25T15:21:29,573][INFO ][o.e.b.BootstrapChecks    ] [99_nTdv] bound or publishing to a non-loopback address, enforcing bootstrap checks 46 ERROR: [3] bootstrap checks failed 47 [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535] 48 [2]: max number of threads [3756] for user [elsearch] is too low, increase to at least [4096] 49 [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 50 [2019-10-25T15:21:29,726][INFO ][o.e.n.Node ] [99_nTdv] stopping ... 51 [2019-10-25T15:21:29,811][INFO ][o.e.n.Node ] [99_nTdv] stopped 52 [2019-10-25T15:21:29,811][INFO ][o.e.n.Node ] [99_nTdv] closing ... 53 [2019-10-25T15:21:29,860][INFO ][o.e.n.Node ] [99_nTdv] closed 54 [2019-10-25T15:21:29,865][INFO ][o.e.x.m.p.NativeController] [99_nTdv] Native controller process has stopped - no new native processes can be started 55 [elsearch@slaver4 bin]$

錯誤1、[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]，解決方法以下所示：

錯誤緣由，每一個進程最大同時打開文件數過小，可經過下面2個命令查看當前數量。

注意，切記，若是按照此方法修改，必須重啓你的虛擬機，並且是root用戶修改的配置文件，否則你解決完報的這兩個錯誤，再次啓動elasticsearch仍是會報錯誤一，可是不會報錯誤二，因此重啓虛擬機之後解決這兩個錯誤。

1 [root@slaver4 ~]# vim /etc/security/limits.conf

添加以下所示內容：

注意：解釋如是，*是表明任何用戶，此配置的意思是任何用戶均可以打開文件的數量。

1 * soft nofile 65536 2 * hard nofile 65536

操做以下所示：

錯誤2、[2]: max number of threads [3756] for user [elsearch] is too low, increase to at least [4096]

錯誤緣由，最大線程個數過低。修改配置文件/etc/security/limits.conf（和問題1是一個文件），增長配置。

*               soft    nproc           4096
*               hard    nproc           4096

錯誤3、[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

錯誤緣由，應該是虛擬內存不足致使的錯誤。修改/etc/sysctl.conf文件，增長配置vm.max_map_count=262144。執行命令sysctl -p生效。

1 [root@slaver4 ~]# vim /etc/sysctl.conf 2 [root@slaver4 ~]# sysctl -p 3 vm.max_map_count = 262144 4 [root@slaver4 ~]# 

添加內容以下所示：

1 vm.max_map_count=262144

操做以下所示：

解決完上述兩個錯誤之後，最好停機虛擬機，再次啓動便可，使用瀏覽器訪問也出現了正常，以下所示：

使用curl  192.168.110.133:9200能夠看到訪問成功了。也說明你的ElasticSearch啓動成功了。

三、elasticsearch.yml的關鍵配置說明。

cluster.name是集羣的名稱，以此做爲是否同一集羣的判斷條件。 node.name節點名稱，以此做爲集羣中不一樣節點的區分條件。 network.host/http.port是網絡地址和端口，用於http和tranport服務使用。 path.data是數據存儲地址。 path.log是日誌存儲地址。

elasticsearch兩種模式，一種是開發者模式，一種是生產模式。
Development與Production模式說明。
以transport的地址是否綁定在localhost爲判斷標準network.host。若是不是localhost或者127.0.0.1都認爲是生產模式。
Development模式下在啓動時候會以warning的方式提示配置檢查異常。
Production模式下在啓動時候會以error的方式提示配置檢查異常並退出。

參數修改的第二種方式:bin/elasticsearch -Ehttp.port=19200

 四、Elasticsearch集羣的搭建：http://www.javashuo.com/article/p-rplnnwlu-e.html

elasticsearch本地快速啓動集羣的方式，自行練習便可： bin/elasticsearch bin/elasticsearch -Ehttp.port=8200 -Epath.data=node2 bin/elasticsearch -Ehttp.port=7200 -Epath.data=node3 http://192.168.110.133:9200/_cat/nodes能夠查看集羣是否組成集羣。
http://192.168.110.133:9200/_cluster/stats能夠查看集羣的狀態。

 五、Kibane的安裝與運行。

Kibane的安裝下載，解壓縮操做以下所示：

 1 [root@slaver4 package]# ls  2 elasticsearch-6.7.0.tar.gz  3 [root@slaver4 package]# wget https://artifacts.elastic.co/downloads/kibana/kibana-6.7.0-linux-x86_64.tar.gz
 4 --2019-10-25 16:12:36--  https://artifacts.elastic.co/downloads/kibana/kibana-6.7.0-linux-x86_64.tar.gz
 5 正在解析主機 artifacts.elastic.co (artifacts.elastic.co)... 151.101.110.222, 2a04:4e42:1a::734
 6 正在鏈接 artifacts.elastic.co (artifacts.elastic.co)|151.101.110.222|:443... 已鏈接。  7 已發出 HTTP 請求，正在等待迴應... 200 OK  8 長度：186406262 (178M) [application/x-gzip]  9 正在保存至: 「kibana-6.7.0-linux-x86_64.tar.gz」 10 
11 100%[======================================================================================================================================================================================>] 186,406,262 5.31MB/s 用時 40s 12 
13 2019-10-25 16:13:17 (4.41 MB/s) - 已保存 「kibana-6.7.0-linux-x86_64.tar.gz」 [186406262/186406262]) 14 
15 [root@slaver4 package]# ls 16 elasticsearch-6.7.0.tar.gz  kibana-6.7.0-linux-x86_64.tar.gz 17 [root@slaver4 package]# tar -zxvf kibana-6.7.0-linux-x86_64.tar.gz -C /home/hadoop/soft/

解壓縮完畢，修改配置文件，我將kibana的目錄賦給本身建立的用戶及其用戶組，以下所示：

server.port: 5601　　　　　　　　　　　# 默認是5601，不改也能夠。
server.host: "192.168.110.133"      # 修改此參數，能夠在瀏覽器訪問的。
elasticsearch.hosts: ["http://192.168.110.133:9200"]

修改完畢，能夠啓動kibana，更多參數修改你能夠本身嘗試。當出現Server running at http://localhost:5601就已經啓動成功了。

 1 [elsearch@slaver4 kibana-6.7.0-linux-x86_64]$ bin/kibana  2   log   [08:31:34.724] [info][status][plugin:kibana@6.7.0] Status changed from uninitialized to green - Ready  3   log   [08:31:34.921] [info][status][plugin:elasticsearch@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch  4   log   [08:31:34.928] [info][status][plugin:xpack_main@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch  5   log   [08:31:34.958] [info][status][plugin:graph@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch  6   log   [08:31:34.976] [info][status][plugin:monitoring@6.7.0] Status changed from uninitialized to green - Ready  7   log   [08:31:34.984] [info][status][plugin:spaces@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch  8   log   [08:31:34.997] [warning][security] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml  9   log   [08:31:35.008] [warning][security] Session cookies will be transmitted over insecure connections. This is not recommended. 10   log   [08:31:35.037] [info][status][plugin:security@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 11   log   [08:31:35.067] [info][status][plugin:searchprofiler@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 12   log   [08:31:35.073] [info][status][plugin:ml@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 13   log   [08:31:35.164] [info][status][plugin:tilemap@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 14   log   [08:31:35.167] [info][status][plugin:watcher@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 15   log   [08:31:35.190] [info][status][plugin:grokdebugger@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 16   log   [08:31:35.196] [info][status][plugin:dashboard_mode@6.7.0] Status changed from uninitialized to green - Ready 17   log   [08:31:35.198] [info][status][plugin:logstash@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 18   log   [08:31:35.210] [info][status][plugin:beats_management@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 19   log   [08:31:35.269] [info][status][plugin:apm@6.7.0] Status changed from uninitialized to green - Ready 20   log   [08:31:35.272] [info][status][plugin:tile_map@6.7.0] Status changed from uninitialized to green - Ready 21   log   [08:31:35.276] [info][status][plugin:task_manager@6.7.0] Status changed from uninitialized to green - Ready 22   log   [08:31:35.279] [info][status][plugin:maps@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 23   log   [08:31:35.287] [info][status][plugin:interpreter@6.7.0] Status changed from uninitialized to green - Ready 24   log   [08:31:35.309] [info][status][plugin:canvas@6.7.0] Status changed from uninitialized to green - Ready 25   log   [08:31:35.326] [info][status][plugin:license_management@6.7.0] Status changed from uninitialized to green - Ready 26   log   [08:31:35.334] [info][status][plugin:cloud@6.7.0] Status changed from uninitialized to green - Ready 27   log   [08:31:35.344] [info][status][plugin:index_management@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 28   log   [08:31:35.383] [info][status][plugin:console@6.7.0] Status changed from uninitialized to green - Ready 29   log   [08:31:35.386] [info][status][plugin:console_extensions@6.7.0] Status changed from uninitialized to green - Ready 30   log   [08:31:35.404] [info][status][plugin:notifications@6.7.0] Status changed from uninitialized to green - Ready 31   log   [08:31:35.408] [info][status][plugin:index_lifecycle_management@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 32   log   [08:31:35.745] [info][status][plugin:infra@6.7.0] Status changed from uninitialized to green - Ready 33   log   [08:31:35.778] [info][status][plugin:rollup@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 34   log   [08:31:35.853] [info][status][plugin:remote_clusters@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 35   log   [08:31:35.883] [info][status][plugin:cross_cluster_replication@6.7.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch 36   log   [08:31:35.936] [info][status][plugin:translations@6.7.0] Status changed from uninitialized to green - Ready 37   log   [08:31:35.991] [info][status][plugin:upgrade_assistant@6.7.0] Status changed from uninitialized to green - Ready 38   log   [08:31:36.026] [info][status][plugin:uptime@6.7.0] Status changed from uninitialized to green - Ready 39   log   [08:31:36.039] [info][status][plugin:oss_telemetry@6.7.0] Status changed from uninitialized to green - Ready 40   log   [08:31:36.103] [info][status][plugin:metrics@6.7.0] Status changed from uninitialized to green - Ready 41   log   [08:31:36.849] [info][status][plugin:timelion@6.7.0] Status changed from uninitialized to green - Ready 42   log   [08:31:37.858] [info][status][plugin:elasticsearch@6.7.0] Status changed from yellow to green - Ready 43   log   [08:31:38.051] [info][license][xpack] Imported license information from Elasticsearch for the [data] cluster: mode: basic | status: active 44   log   [08:31:38.057] [info][status][plugin:xpack_main@6.7.0] Status changed from yellow to green - Ready 45   log   [08:31:38.058] [info][status][plugin:graph@6.7.0] Status changed from yellow to green - Ready 46   log   [08:31:38.072] [info][status][plugin:searchprofiler@6.7.0] Status changed from yellow to green - Ready 47   log   [08:31:38.073] [info][status][plugin:ml@6.7.0] Status changed from yellow to green - Ready 48   log   [08:31:38.074] [info][status][plugin:tilemap@6.7.0] Status changed from yellow to green - Ready 49   log   [08:31:38.074] [info][status][plugin:watcher@6.7.0] Status changed from yellow to green - Ready 50   log   [08:31:38.074] [info][status][plugin:grokdebugger@6.7.0] Status changed from yellow to green - Ready 51   log   [08:31:38.075] [info][status][plugin:logstash@6.7.0] Status changed from yellow to green - Ready 52   log   [08:31:38.075] [info][status][plugin:beats_management@6.7.0] Status changed from yellow to green - Ready 53   log   [08:31:38.075] [info][status][plugin:index_management@6.7.0] Status changed from yellow to green - Ready 54   log   [08:31:38.076] [info][status][plugin:index_lifecycle_management@6.7.0] Status changed from yellow to green - Ready 55   log   [08:31:38.076] [info][status][plugin:rollup@6.7.0] Status changed from yellow to green - Ready 56   log   [08:31:38.077] [info][status][plugin:remote_clusters@6.7.0] Status changed from yellow to green - Ready 57   log   [08:31:38.077] [info][status][plugin:cross_cluster_replication@6.7.0] Status changed from yellow to green - Ready 58   log   [08:31:38.078] [info][kibana-monitoring][monitoring-ui] Starting monitoring stats collection 59   log   [08:31:38.139] [info][status][plugin:security@6.7.0] Status changed from yellow to green - Ready 60   log   [08:31:38.140] [info][status][plugin:maps@6.7.0] Status changed from yellow to green - Ready 61   log   [08:31:38.411] [info][license][xpack] Imported license information from Elasticsearch for the [monitoring] cluster: mode: basic | status: active 62   log   [08:31:40.064] [warning][browser-driver][reporting] Enabling the Chromium sandbox provides an additional layer of protection. 63   log   [08:31:40.067] [warning][reporting] Generating a random key for xpack.reporting.encryptionKey. To prevent pending reports from failing on restart, please set xpack.reporting.encryptionKey in kibana.yml 64   log   [08:31:40.220] [info][status][plugin:reporting@6.7.0] Status changed from uninitialized to green - Ready 65   log   [08:31:44.022] [info][listening] Server running at http://192.168.110.133:5601
66   log   [08:31:44.413] [info][status][plugin:spaces@6.7.0] Status changed from yellow to green - Ready

kibana訪問界面以下所示：

Kibana配置說明，配置位於config文件夾中。kibana.yml關鍵配置說明。

server.host/server.port 訪問kibana的地址和端口號。 elasticsearh.host（以前是elasticsearh.url）待訪問elasticsearh的地址。

Kibana經常使用功能說明。
　　Discover數據搜索查看。Visualize圖標製做。Dashboard儀表盤製做。Timelion時序數據的高級可視化分析。DevTools開發者工具。Management配置。

六、Elasticsearch與Kibana入門。Elasticsearch術語介紹與CRUD實際操做。

Elasticsearch經常使用術語。 Document文檔數據。 Index索引。 Type索引中的數據類型。6.x版本以及之後版本慢慢廢除此說法。 Field字段，文檔的屬性。 Query DESL查詢語法。

Create建立文檔。Read讀取文檔。Update更新文檔。Delete刪除文檔。

 1 GET _search  2 {  3   "query": {  4     "match_all": {}  5  }  6 }  7 
 8 # 插入  9 PUT /account/person/1
10 { 11   "name": "zhangsan", 12   "age": 22
13 } 14 
15 PUT /account/person/2
16 { 17   "name": "zhangsan", 18   "age": 22
19 } 20 
21 # 查詢 22 GET /account/person/2
23 
24 # 修改 25 POST /account/person/1/_update 26 { 27   "doc":{ 28     "name": "lisi", 29     "age": 25
30  } 31 } 32 
33 # 刪除 34 DELETE /account/person/1
35 
36 DELETE /account 37 
38  
39 
40 GET /account/_mapping 41 
42 
43 # Query String 44 GET /account/person/_search?q=zhangsan 45 
46 # Query DSL 47 GET /account/person/_search 48 { 49     "query":{ 50         "match":{ 51             "name": "lisi"
52  } 53  } 54 }

操做以下所示：

七、Beats入門學習。Lightweight Data Shipper，輕量級的數據傳送者。

Filebeat日誌文件。
　　處理流程：輸入Input、處理Filter、輸出Output。 Metricbeat度量數據。
　　主要用來蒐集cpu數據，內存數據，磁盤數據，nginx，mysql。 Packetbeat網絡數據。 Winlogbeat，Windows數據。 Auditbeat Heartbeat建康檢查。 Functionbeat

Filebeat的配置簡介：

a、Filebeat Input配置簡介，使用的是yaml語法。input_type目前有兩個類型，分別是log日誌文件、stdin標準輸入。 案例以下所示： filebeat.properties: -input_type:log paths: -/var/log/apache/httpd-*.log -input_type:log paths: -/var/log/messages -/var/log/*.log b、Filebeat Output配置簡介，支持的Output對象包含，Console標準輸出、Elasticsearch、Logstash、Kafka、Redis、File。 案例以下所示： output.elasticsearch: hosts:["http://localhost:9200"] # elasticsearch的鏈接地址 username:"admin" # 用戶權限認證，須要配置帳號密碼 password:"123456" output.console: # 輸出到控制檯，方便調試。 pretty:true # 輸出作json的格式化。 c、Filebeat Filter配置簡介。 Input 時處理 Include_lines : 達到某些條件的時候，讀入這一行。 exclude_lines ：達到某些條件的時候，不讀入這一行。 exclude_files：當文件名符合某些條件的時候，不讀取這個文件。 output 前處理 --Processor drop_event ：讀取到某一條，知足了某個條件，不輸出。 drop_fields ：讀取到某一條，知足了某個條件，不輸出這個字段。 Decode_json_fields ：把這條數據裏面符合json格式的字段，去作json的解析。 Include_fields ：加入一些字段，或者是隻想取數據裏面的某一些字段。 案例以下所示: processors: -drop_event: when: regexp: # 正則表達式，當匹配到message字段以DBG開頭的進行丟棄。 message:"^DBG:" processors: -decode_json_fields: # 將結果處理成正常的json格式的。 fields:["inner"] d、Filebeat高級使用簡介： Filebeat + Elasticsearch Ingest Node組合使用。 緣由：Filebeat 缺少數據轉換的能力。 Elasticsearch Ingest Node介紹以下所示： 新增的node類型。 在數據寫入es前對數據進行處理轉換。 使用的api是pipeline api。

八、Filebeat的下載，安裝部署。Filebeat是go開發的，因此分操做系統的。根據本身需求下載哦。

你能夠下載好，上傳到服務器，我是使用wget命令直接下載了。

 1 [root@slaver4 package]# ls  2 elasticsearch-6.7.0.tar.gz  kibana-6.7.0-linux-x86_64.tar.gz  3 [root@slaver4 package]# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.7.0-linux-x86_64.tar.gz
 4 --2019-10-26 10:33:52--  https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.7.0-linux-x86_64.tar.gz
 5 正在解析主機 artifacts.elastic.co (artifacts.elastic.co)... 151.101.230.222, 2a04:4e42:36::734
 6 正在鏈接 artifacts.elastic.co (artifacts.elastic.co)|151.101.230.222|:443... 已鏈接。  7 已發出 HTTP 請求，正在等待迴應... 200 OK  8 長度：11703213 (11M) [application/x-gzip]  9 正在保存至: 「filebeat-6.7.0-linux-x86_64.tar.gz」 10 
11 100%[======================================================================================================================================================================================>] 11,703,213  3.97MB/s 用時 2.8s 12 
13 2019-10-26 10:33:56 (3.97 MB/s) - 已保存 「filebeat-6.7.0-linux-x86_64.tar.gz」 [11703213/11703213]) 14 
15 [root@slaver4 package]# ls 16 elasticsearch-6.7.0.tar.gz  filebeat-6.7.0-linux-x86_64.tar.gz  kibana-6.7.0-linux-x86_64.tar.gz 17 [root@slaver4 package]# tar -zxvf filebeat-6.7.0-linux-x86_64.tar.gz -C /home/hadoop/soft/

因爲使用的是root進行解壓縮操做的，將文件擁有者賦予給elsearch本身新建的用戶和用戶組。

filebeat-6.7.0-linux-x86_64的文件解釋以下所示：

data存儲的是filebeat解析過程當中會去存日誌讀到的位置。
filebeat是可執行文件。
module是filebeat支持的模塊的功能。

 1 [root@slaver4 package]# cd ../soft/
 2 [root@slaver4 soft]# ls  3 elasticsearch-6.7.0  filebeat-6.7.0-linux-x86_64  kibana-6.7.0-linux-x86_64  4 [root@slaver4 soft]# chown -R elsearch:elsearch filebeat-6.7.0-linux-x86_64/
 5 [root@slaver4 soft]# su elsearch  6 [elsearch@slaver4 soft]$ ls  7 elasticsearch-6.7.0  filebeat-6.7.0-linux-x86_64  kibana-6.7.0-linux-x86_64  8 [elsearch@slaver4 soft]$ ll  9 總用量 0
10 drwxr-xr-x.  9 elsearch elsearch 155 10月 25 15:09 elasticsearch-6.7.0
11 drwxr-xr-x.  5 elsearch elsearch 212 10月 26 10:35 filebeat-6.7.0-linux-x86_64 12 drwxr-xr-x. 13 elsearch elsearch 246 10月 25 16:13 kibana-6.7.0-linux-x86_64 13 [elsearch@slaver4 soft]$

下面，經過一個簡單案例，使用Filebeat收集nginx log日誌，經過stdin收集日誌。經過console輸出結果。

首先修改一下filebeat的配置，修改配置如謝謝所示：

 1 #=========================== Filebeat inputs =============================
 2 
 3 filebeat.inputs:  4 
 5 # Each - is an input. Most options can be set at the input level, so  6 # you can use different inputs for various configurations.  7 # Below are the input specific configurations.  8 
 9 - type: log 10 
11   # Change to true to enable this input configuration. 12   enabled: false
13 
14  # Paths that should be crawled and fetched. Glob based paths. 15  paths: 16     # - /var/log/*.log 17  - /home/hadoop/soft/elasticsearch-6.7.0/logs 18  #- c:\programdata\elasticsearch\logs\* 19     
20     
21 
22 #-------------------------- Elasticsearch output ------------------------------ 23 output.elasticsearch: 24  # Array of hosts to connect to. 25  # hosts: ["localhost:9200"] 26  hosts: ["192.168.110.133:9200"] 27 
28  # Enabled ilm (beta) to use index lifecycle management instead daily indices. 29  #ilm.enabled: false 30 
31  # Optional protocol and basic auth credentials. 32  #protocol: "https" 33  #username: "elastic" 34  #password: "changeme" 35     
36

啓動你的filebeat就能夠看到日誌信息。

[elsearch@slaver4 filebeat-6.7.0-linux-x86_64]$ ./filebeat -e -c filebeat.yml -d "publish"

九、Logstash入門，下載安裝部署，以下所示。

　　簡介data shipper （不是輕量級的，會比beats佔用更多的資源，可是功能強大）。

　　ETL的概念：Extract 對數據進行提取、Transform 轉換、Load 對外的輸出。

　　Logstash 是一個開源的，服務端的數據處理流，能夠同時從多個數據源提取數據、轉換數據、最後把數據放到你要存儲的地方。

十、Logstash處理流程，以下所示：

　　input：能夠從file 、Redis 、beats、kafka等讀取數據。

　　filter ：gork(表達式，簡單理解爲基於正則的，能夠將非格式化數據轉化成格式化數據的語法)、mutate（能夠對結構化的數據的字段進行增刪改查）、drop、date。

　　output ：能夠向stdout 、elasticsearch 、Redis、kafka等中輸出。

處理流程，Input和Output的配置，因爲Logstash不是yaml語法。 input{file{path => "/tmp/abc.log"}} output{stdout{codec => rubydebug}} 處理流程，Filter配置。 Grok，基於正則表達式提供了豐富可重用的模式（pattern）。基於此能夠將非結構化數據作結構化處理。 Date，將字符串類型的時間字段轉換爲時間戳類型，方便後續數據處理。 Mutate，進行增長，修改，刪除，替換等字段相關的處理。

十一、Logstash的下載，安裝，Logstash是Ruby開發的哦。以下所示：

Logstash也是基於JVM的應用，我這裏直接下載tar包，方便操做，壓縮包略大，百十兆哈。

 1 [root@slaver4 package]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.7.0.tar.gz
 2 --2019-10-26 14:31:48--  https://artifacts.elastic.co/downloads/logstash/logstash-6.7.0.tar.gz
 3 正在解析主機 artifacts.elastic.co (artifacts.elastic.co)... 151.101.110.222, 2a04:4e42:1a::734
 4 正在鏈接 artifacts.elastic.co (artifacts.elastic.co)|151.101.110.222|:443... 已鏈接。  5 已發出 HTTP 請求，正在等待迴應... 200 OK  6 長度：175824513 (168M) [application/x-gzip]  7 正在保存至: 「logstash-6.7.0.tar.gz」  8 
 9 100%[======================================================================================================================================================================================>] 175,824,513 3.29MB/s 用時 4m 13s 10 
11 2019-10-26 14:36:02 (679 KB/s) - 已保存 「logstash-6.7.0.tar.gz」 [175824513/175824513]) 12 
13 [root@slaver4 package]# ll 14 總用量 510692
15 -rw-r--r--. 1 elsearch elsearch 149006122 10月 25 14:44 elasticsearch-6.7.0.tar.gz 16 -rw-r--r--. 1 root     root      11703213 3月  26 2019 filebeat-6.7.0-linux-x86_64.tar.gz 17 -rw-r--r--. 1 root     root     186406262 3月  26 2019 kibana-6.7.0-linux-x86_64.tar.gz 18 -rw-r--r--. 1 root     root     175824513 3月  26 2019 logstash-6.7.0.tar.gz 19 drwxr-xr-x. 2 elsearch elsearch       131 10月 26 10:44 materials 20 [root@slaver4 package]# tar -zxvf logstash-6.7.0.tar.gz -C /home/hadoop/soft/
21 [root@slaver4 package]# cd ../soft/
22 [root@slaver4 soft]# ls 23 elasticsearch-6.7.0  filebeat-6.7.0-linux-x86_64  kibana-6.7.0-linux-x86_64  logstash-6.7.0
24 [root@slaver4 soft]# chown -R elsearch:elsearch logstash-6.7.0/
25 [root@slaver4 soft]# ls 26 elasticsearch-6.7.0  filebeat-6.7.0-linux-x86_64  kibana-6.7.0-linux-x86_64  logstash-6.7.0
27 [root@slaver4 soft]# su elsearch 28 [elsearch@slaver4 soft]$ cd logstash-6.7.0/
29 [elsearch@slaver4 logstash-6.7.0]$ ls 30 bin  config  CONTRIBUTORS  data  Gemfile  Gemfile.lock  lib  LICENSE.txt  logstash-core  logstash-core-plugin-api  modules  NOTICE.TXT  tools  vendor  x-pack

更深刻學習後面見咯！！！

做者：別先生

博客園：https://www.cnblogs.com/biehongli/

若是您想及時獲得我的撰寫文章以及著做的消息推送，能夠掃描上方二維碼，關注我的公衆號哦。