ELK介紹
E = Elasticsearch,一款基於的Lucene的分佈式搜索引擎,我們熟悉的github,就是由ElastiSearch提供的搜索,據傳已經有10TB+的數據量。
L = Logstash , 一款分佈式日誌收集系統,支持多輸入源,並內置一些過濾操作,支持多輸入元
K = Kibana , 一款配合ElasticSearch的web可視化界面,內置非常各種查詢,聚合操作,並擁有漂亮的圖形化展示功能
部署環境
- Centos 7
- java version “1.8.0_101”
- elasticsearch-5.0.2
- kibana-5.0.2
- logstash-5.0.2
環境搭建
jdk
yum -y install java-1.8.0-openjdk創建運行ELK的用戶
[root@localhost local]# groupadd elsearch
[root@localhost local]# useradd -g elsearch elsearch
可以使用:passwd elsearch進行修改密碼
查看系統用戶列表:cat /etc/group創建ELK運行目錄
[root@localhost local]# mkdir /elk
[root@localhost local]# chown -R elsearch:elsearch /elk
[root@localhost local]# pwd
/usr/local/elk關閉防火牆
[root@localhost ~]#service iptables stop下載
(elasticsearch-5.0.2 | kibana-5.0.2 |
logstash-5.0.2)放在/usr/local/elk目錄下,
並且各自進行tar -zxvf 文件名解壓
配置Elasticsearch
vim elasticsearch-5.0.2/config/elasticsearch.yml 配置如下
cluster.name: es_cluster
node.name: node-1
path.data: /tmp/elasticsearch/data
path.logs: /tmp/elasticsearch/logs
network.host: 192.168.10.105
http.port: 9200
切換用戶啓動elasticsearch
[root@localhost elk]# su elsearch
[elsearch@localhost elk]# elasticsearch-5.0.2/bin/elasticsearch &因爲Elasticsearch用root用戶啓動會報錯
curl http://192.168.10.105:9200
Elasticsearch安裝完畢
安裝logstash
logstash是ELK中負責收集和過濾日誌的
[root@localhost elk]# vim logstash-5.0.2/config/logstash.conf
input {
beats {
port => 5044
}
file {
path => "/root/jeecgv3.log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.10.105:9200"]
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
指定配置文件啓動logstash
[root@localhost elk]# logstash-5.0.2/bin/logstash -f logstash-5.0.2/config/logstash.conf 
logstash安裝完畢
安裝kibana
修改配置
[root@localhost elk]# vim kibana-5.0.2-linux-x86_64/config/kibana.yml
server.port: 8888
server.host: "192.168.10.105"
elasticsearch.url: "http://192.168.10.105:9200"
啓動kibana
[root@localhost elk]# kibana-5.0.2-linux-x86_64/bin/kibana &
訪問 http://192.168.10.105:8888/ 即可訪問部署好的系統