先下載安裝包,也是需要安裝jdk和logstash。
[root@node6 ~]#wget http://192.168.137.53/yum/Elasticsearch/jdk-8u191-linux-x64.rpm
[root@node6 ~]#wget http://172.20.7.53/yum/Elasticsearch/logstash-6.4.3.rpm安裝jdk、logstash
[root@node6 ~]#yum -y install logstash-6.4.3.rpm jdk-8u191-linux-x64.rpm檢查logstash是否正常,只要能正常顯示幫助信息即可。
[root@node7 ~]#/usr/share/logstash/bin/logstash --help
-n 指定當前節點的名稱
-f 指定配置文件的路徑
-e 標準輸入的方式來配置
-t 測試語法測試logstash
[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}} output {stdout{}}'
# 看到最後這句話說明已經成功啓動,在後續輸入字符後格式化之後輸出顯示結果
[INFO ] 2018-11-29 12:56:06.194 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
# 手動輸入
hello world
{
"host" => "node7.dklwj.com",
"@version" => "1",
"@timestamp" => 2018-11-29T04:58:26.160Z,
"message" => "hello world"
}
[INFO ] 2018-11-29 12:56:06.194
{
"host" => "node7.dklwj.com",
"@version" => "1",
"@timestamp" => 2018-11-29T04:59:10.752Z,
"message" => "[INFO ] 2018-11-29 12:56:06.194"
}輸出到文件裏面,需要手動輸入字符纔會生成相對應的文件
[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}} output {file { path => "/tmp/output.txt" }}'
[INFO ] 2018-11-29 13:11:42.870 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
1
1
1[INFO ] 2018-11-29 13:12:10.300 [Ruby-0-Thread-6: :1] file - Opening file {:path=>"/tmp/output.txt"}
fdfd
dfd
dfa
dfa
fa
dfa
# 新打開一個終端用tail -f 動態加載這個文件然後在另一端繼續輸入文字
[root@node7 ~]#tail -f /tmp/output.txt
{"message":"1","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:10.094Z"}
{"message":"1","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:09.843Z"}
{"message":"1","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:10.365Z"}
{"message":"fdfd","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:24.298Z"}
{"message":"dfd","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:25.027Z"}
{"message":"dfa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:25.412Z"}
{"message":"dfa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:25.749Z"}
{"message":"fa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:26.097Z"}
{"message":"dfa","host":"node7.dklwj.com","@version":"1","@timestamp":"2018-11-29T05:12:26.394Z"}輸出到elk服務器上去
啓動之後在後面輸入一些測試內容,然後它是不會在當前終端上顯示出來,需要用瀏覽器打開elk服務器的地址+9100端口
[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}} output {elasticsearch { hosts => ["172.20.7.50:9200"] index => "test-%{+YYYY.MM.dd}"}}'
[INFO ] 2018-11-29 13:23:15.698 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
hello world 
接下來開始安裝前端展示kibana圖形
還是跟elk-head安裝一樣,跑在docker裏面
先下載打包好的kibana鏡像文件
[root@node1 ~]#wget http://192.168.3.53/yum/Elasticsearch/kibana_docker-image_6.4.3.tar.gz把下載好的鏡像文件導入到docker images裏面去
[root@node1 ~]#docker load -i kibana_docker-image_6.4.3.tar.gz
f972d139738d: Loading layer 208.8MB/208.8MB
bf4884a66d65: Loading layer 27.92MB/27.92MB
fd1a35685127: Loading layer 2.56kB/2.56kB
24d0eaf4a529: Loading layer 559.9MB/559.9MB
96d0c6a3b847: Loading layer 4.096kB/4.096kB
a55297057152: Loading layer 9.216kB/9.216kB
d80d8e5025ea: Loading layer 7.68kB/7.68kB
17579ca9208b: Loading layer 8.704kB/8.704kB
3c3df3ec2abb: Loading layer 306.7kB/306.7kB
Loaded image: kibana:6.4.3在宿主機上創建一個配置文件,用於後續起容器時綁定配置文件
[root@node1 ~]#vim kibana.yml
---
#Default Kibana configuration from kibana-docker.
server.name: kibana
server.host: "0"
elasticsearch.url: http://192.168.3.50:9200
xpack.monitoring.ui.container.elasticsearch.enabled: true啓動kibana容器,綁定配置文件、把kibana的5601端口號暴露出來
[root@node1 ~]#docker run --name kibana -d -p 15601:5601 -v /root/kibana.yml:/usr/share/kibana/config/kibana.yml kibana:6.4.3
087da7310c1fc722bd932a904987922d177374f2b7a03c4568ddd5f571564d52查看已有的容器
通過瀏覽器訪問 宿主機的IP+容器暴露時使用的端口來訪問kibana的默認界面
