elk安裝整理
kibana安裝配置rpm 安裝
vim vim /etc/kibana/kibana.yml
修改訪問端口地址
server.port: 5601
server.host: "ip"
修改elasticsearch訪問地址
elasticsearch.url: "http://ip:9200"
elasticsearch安裝配置rpm 安裝 jdk 1.8以上
vim /etc/elasticsearch/elasticsearch.yml
修改集羣名字節點名字一樣
cluster.name: my-elk
節點一
node.name: elk-node-1
存放數據路徑
mkdir -p /data/
chown -R elasticsearch:elasticsearch /data
path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
# ----------------------------------- Memory -----------------------------------## Lock the memory on startup:#bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["ip1", "ip2"]
head插件安裝service elasticsearch restart
安裝出錯問題排查 logstash安裝rpm安裝
mkdir -p /data/
chown -R logstash:logstash /data/
vim /etc/logstash/logstash.yml
path.data: /data/logstash
http.host: "10.144.23.33"
http.port: 9600-9700
path.logs: /var/log/logstash
建立過濾日誌文件
默認路徑
vim /etc/logstash/conf.d/simple.conf --必須以.conf後綴
啓動logstash
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/simple.conf &
由於logstash 比較耗費資源採用輕量級filebeats
安裝filebeatsvim /etc/filebeat/filebeat.yml
#=========================== Filebeat inputs =============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.- type: log
# Change to true to enable this input configuration.enabled: true
# Paths that should be crawled and fetched. Glob based paths.paths:
- /home/159tomcat/logs/*.txt
#============================= Filebeat modules ===============================
filebeat.config.modules:
Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloadingreload.enabled: true
#----------------------------- Logstash output --------------------------------
output.logstash:
The Logstash hosts
hosts: ["10.144.23.33:5044"]啓動filebeats
/usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat.yml &
實例
vim /etc/logstash/conf.d/simple.confinput{
beats{
port => 5044
}
}
output{
elasticsearch {
hosts => ["http://ip:9200"]
index => "localhost_access_log"
}
}