準(zhǔn)備文件
elasticsearch?https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.3.1.tar.gz
logstash?https://artifacts.elastic.co/downloads/logstash/logstash-5.3.1.tar.gz
kibaba?https://artifacts.elastic.co/downloads/kibana/kibana-5.3.1-linux-x86_64.tar.gz
[root@localhost ]# vi /etc/profile-JAVA_HOME=/usr/local/java/jre1.8.0_171 -JRE_HOME=/usr/local/java/jre1.8.0_171-PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH -CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib:$CLASSPATH -exportJAVA_HOME JRE_HOME PATH CLASSPATH#開啟網(wǎng)卡- [root@localhost]# vi /etc/sysconfig/network-scripts/ifcfg-enoxxx? onboot on ->yes- [root@localhost]# service network restart
[root@localhost]#source/etc/profile
[root@localhost]#tar-zxvf /usr/local/download/elasticsearch-5.3.1.tar.gz-C /usr/local/
elasticsearch配置詳解:http://www.cnblogs.com/skyblue/p/5216536.html
修改 [root@localhost]#vi /usr/local/elasticsearch-5.3.1/config/elasticsearch.yml配置文件骄瓣。
cluster.name: skynet_es_cluster#這里指定的是集群名稱械馆,ES會按照此集群名稱進(jìn)行集群發(fā)現(xiàn)node.name: skynet_es_cluster_dev1#節(jié)點名path.data: /data/elk/data#數(shù)據(jù)目錄path.logs: /data/elk/logs#日志目錄network.host:0.0.0.0#允許所有設(shè)備訪問http.port:9200#默認(rèn)的端口號discovery.zen.ping.unicast.hosts: ["skynet_es_cluster_dev1","skynet_es_cluster_dev2"]#集群節(jié)點點列表,也可以寫成ip地址discovery.zen.minimum_master_nodes:3#可以作為主節(jié)點的個數(shù)為總節(jié)點(n+1)/2http.cors.enabled:true#支持跨域嫉柴,保證_site類的插件可以訪問eshttp.cors.allow-origin:"*"#跨域訪問允許的域名地址,bootstrap.memory_lock:false#虛擬機(jī)內(nèi)存鎖定設(shè)置為falsebootstrap.system_call_filter:false#未知厌杜,必須,設(shè)置计螺,然后補(bǔ)充
[root@localhost]# vi /etc/sysctl.confvm.max_map_count=655360# 增加參數(shù)[root@localhost]# sysctl -p? ? ? # 執(zhí)行,確保生效配置生效:
[root@localhost]## vi /etc/security/limits.conf? ? # 在文件末尾追加
* soft nofile65536* hard nofile131072* soft nproc65536* hard nproc131072
[root@localhost]# vi /etc/security/limits.d/20-nproc.confelk? ? soft? ? nproc65536# 設(shè)置elk用戶參數(shù)[root@localhost]# useradd elk[root@localhost]# groupadd elk[root@localhost]# useradd elk -g elk[root@localhost]# chown -R elk:elk /usr/local/
[root@localhostelasticsearch-5.3.1]#bin/elasticsearch -d? #后臺啟動
1陈轿、解壓
[root@localhost logstash-5.3.1]#tar /usr/local/src/logstash-5.3.1.tar.gz -C /usr/local/? ? # .解壓源碼包
2圈纺、運行測試
[root@localhostlogstash-5.3.1]#/usr/local/logstash-5.3.1/bin/logstash -e'input { stdin { } } output { stdout {} }'#運行命令測試
結(jié)果如下
[root@localhost logstash-5.3.1]# /usr/local/logstash-5.3.1/bin/logstash -e 'input { stdin { } } output { stdout {codec=> rubydebug} }'Sending Logstash's logs to /usr/local/logstash-5.3.1/logs which is now configured via log4j2.properties[2018-04-27T22:49:59,008][INFO ][logstash.pipeline? ? ? ? ] Starting pipeline {"id"=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>125}[2018-04-27T22:49:59,124][INFO ][logstash.pipeline? ? ? ? ] Pipeline main startedThe stdin plugin is now waiting for input:[2018-04-27T22:49:59,255][INFO ][logstash.agent? ? ? ? ? ] Successfully started Logstash API endpoint {:port=>9600}#此處進(jìn)行日志輸入秦忿,測試結(jié)果會即時顯示
3、創(chuàng)建配置文件
[root@localhost logstash-5.3.1]#vi config/logstash-simple.confinput {stdin { } }output {stdout { codec=> rubydebug }? ? ? ? ? ? }#這是最簡單配置文件包含輸入輸出管道未指定elasticsearch也未指定輸入輸出格式蛾娶,過濾
#####附(服務(wù)器配置詳解):
input{#輸入管道file {path=> ["/springcloud/log/*","/springcloud/log/back_stage_management_web/*"]#采集路徑type=>"log"codec=> multiline {pattern=>"^\["# [開頭匹配negate=>true#為true表示條件執(zhí)行what=>"previous"#緊隨上條日志合并} #匹配條件灯谣,理論上寫在filter管道,據(jù)說有可能影響性能所有做在輸入管道start_position =>"beginning"}? ? ? ? ? ? }filter{? ? ? ? ? ? ? ? ? ? grok {#匹配函數(shù)match=> {"message"=>"%{COMBINEDAPACHELOG} %{LOGLEVEL:level} %{GREEDYDATA:msg}"# logstash默認(rèn)的過濾}remove_field=>"message"}? ? ? ? ? ? }output{? ? ? ? ? ? ? ? elasticsearch {hosts=> ["192.168.1.220:9200"]# elasticsearch指定index=>"[providerlog-]%{+YYYY.MM.dd}"#用于elasticsearch區(qū)分服務(wù)器的索引蛔琅,也用于檢索日志action=>"index"document_type=>"springcloud_logs"}? ? ? ? ? ? }
4胎许、啟動測試
[root@localhost logstash-5.3.1]#/usr/local/logstash-5.3.1/bin/logstash -f? /usr/local/logstash-5.3.1/config/logstash-simple.conf
5、開啟服務(wù)揍愁,執(zhí)行如下命令:
[root@localhost logstash-5.3.1]#/usr/local/logstash-5.3.1/bin/logstash? -f /usr/local/logstash-5.3.1/config/logstash-simple.conf & # &表示后臺運行
6呐萨、我們可以使用 curl 命令發(fā)送請求來查看 ES 是否接收到了數(shù)據(jù):
[root@localhostlogstash-5.3.1]#curl"elasticsearch ip:port"
1.解壓資源包
[root@localhost kibana-5.3.1]# tar -zxvf /usr/local/src/kibana-5.3.1-linux-x86_64.tar.gz? -C /usr/local/
2.配置kibana
[root@localhost kibana-5.3.1]# vi /usr/local/kibana-5.3.1/config/kibana.yml #編輯kibana.yml配置文件增加以下參數(shù):server.port:5601#開啟默認(rèn)端口5601server.host:"kibana服務(wù)器ip"#站點地址elasticsearch.url:http://elasticsearch ip:9200#指向elasticsearch服務(wù)的ip地址kibana.index:“.kibana”
3.啟動 執(zhí)行以下命令啟動:
[root@localhost kibana-5.3.1]#/usr/local/kibana-5.3.1-linux-x86_64/bin/kibana &
4.測試瀏覽器訪問 訪問:http://kibana服務(wù)器ip:5601
####執(zhí)行了kibana-4.5.2-linux-x64/bin/kibana &命令后莽囤,不使用ctrl+c去退出日志谬擦, ####而是使用exit;這樣即使關(guān)閉了shell窗口kibana服務(wù)也不會掛了。
