1. 安裝JDK（tar.gz版本）

官網(wǎng)下載：?http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html?

解壓到指定的目錄（filename替換為你的tar包）：

tar -zxvf filename -C /usr/local/java/

修改配置文件：

vim /etc/profile

添加：

export JAVA_HOME=/usr/java/jdk1.8.0_191-amd64

export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

export PATH=$PATH:$JAVA_HOME/bin

使生效：

source /etc/profile

校驗(yàn)：

java -version

若成功本砰，則顯示 java 版本：

java version "1.8.0_191"

Java(TM) SE Runtime Environment (build 1.8.0_191-b12)

Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)

2. filebeat安裝

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.2-linux-x86_64.tar.gz

tar xzvf filebeat-6.5.2-linux-x86_64.tar.gz

修改 filebeat.yml （注釋除kafka以外的輸出源）

#=========================== Filebeat inputs =============================?

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so

# you can use different inputs for various configurations.

# Below are the input specific configurations.

- type: log

# Change to true to enable this input configuration.

enabled: true

# Paths that should be crawled and fetched. Glob based paths.

paths:

- /*/log/*

fields:

testname: xxxnn

fields_under_root: true

#----------------------------- kafka output --------------------------------

output.kafka:

enabled: true

hosts: ["localhost:9092"]

max_retries: 5

timeout: 300

topic: "filebeat"

配置驗(yàn)證:

./filebeat test config -c filebeat.yml

3. kafka缠局、zookeeper安裝

docker 鏡像拉取

docker pull wurstmeister/zookeeper:latest

docker pull wurstmeister/kafka:latest

連接、啟動(dòng)服務(wù)

sudo docker run -d --name zookeeper -p 2181 -t wurstmeister/zookeeper:latest

sudo docker run -d --name kafka --publish 9092:9092 --link zookeeper --env KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 --env KAFKA_ADVERTISED_HOST_NAME=127.0.0.1 --env KAFKA_ADVERTISED_PORT=9092 wurstmeister/kafka:latest

進(jìn)入容器查看配置

docker exec -it kafka bash

4. 安裝logstash

下載公共簽名文件：

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

在 /etc/yum.repos.d/ 路徑下添加你的?.repo 文件驱证，比如?logstash.repo

[logstash-6.x]

name=Elastic repository for 6.x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

添加完依賴以后，你可以使用yum進(jìn)行安裝了

sudo yum install logstash

添加配置文件test.conf

input {

kafka {

bootstrap_servers => "127.0.0.1:9092"

topics => ["filebeat"]

group_id => "test-consumer-group"

codec => "plain"

consumer_threads => 1

decorate_events => true

}

}

output {

elasticsearch {

hosts => ["127.0.0.1:9200"]

index => "test" workers => 1

}

}

測(cè)試配置文件

./logstash -f test.conf --config.test_and_exit

5. elasticsearch 安裝

拉取鏡像

docker pull docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2

6. 服務(wù)啟動(dòng)

1）elasticsearch?

sudo docker run -d --name es -p 9200:9200 -t docker.elastic.co/elasticsearch/elasticsearch-oss:6.3.2

2）logstash

./logstash -f test.conf --config.reload.automatic

3) kafka

上文已經(jīng)處于啟動(dòng)狀態(tài)

4）filebeat

./filebeat -e -c filebeat.yml -d "publish"

7. 添加 kibana 可視化操作界面

下載kibana

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-linux-x86_64.tar.gz

tar -zxvf kibana-6.3.2-linux-x86_64.tar.gz

修改配置文件

vim config/kibana.yml

# 放開(kāi)注釋,將默認(rèn)配置改成如下：

server.port: 5601

server.host: "0.0.0.0"

elasticsearch.url: "http://192.168.202.128:9200"

kibana.index: ".kibana"

啟動(dòng)

./kibana

至此單機(jī)版的安裝已經(jīng)全部完成