本文內(nèi)容

• Elasticsearch
• logstash
• Kibana
• 參考資料

本文介紹安裝 logstash 2.2.0 和 elasticsearch 2.2.0太抓，操作系統(tǒng)環(huán)境版本是 CentOS/Linux 2.6.32-504.23.4.el6.x86_64。
安裝 JDK 是必須的锉桑，一般操作系統(tǒng)都會有链韭，只是版本的問題偏竟，后面會提到。
而 Kibana 只是一個用純 JavaScript 寫的前端 UI敞峭。一定要注意 Kibana 的版本踊谋，它會要求 ES 的版本。比如 Kibana 3 要求 Elasticsearch 至少 0.9.9 或更高旋讹；Kibana 4.5 要求 ES 至少 2.3.0 或更高殖蚕。

假設(shè)，ELK 都位于 10.1.8.166 機器上沉迹。

Elasticsearch

Elasticsearch主頁
Elasticsearch（簡稱睦疫，ES）提供 ZIP、TAR鞭呕、DEB 和 RPM 包蛤育。但 Github 上提供了一個針對中文環(huán)境的 Elasticsearch-RTF，RTF 即 Ready To Fly葫松，它是一個繼承了基本插件（如服務(wù)封裝瓦糕、中文分詞、mapper-attachments腋么、transport-thrift咕娄、tools.carrot2 等）的并帶有示例程序的可直接上手的簡易工程版本，換句話說珊擂，幫你入門的圣勒。本文針對 Elasticsearch-RTF 為例费变。基本上圣贸，elasticsearch 解壓后就能使用挚歧。

2016-02-26_150017

[root@vcyber local]# cd /usr/local/elasticsearch
 
[root@vcyber local]# unzip elasticsearch-master.zip
 
[root@vcyber elasticsearch]# ls
 
elasticsearch-master elasticsearch-master.zip
 
[root@vcyber local]# mv elasticsearch-master elasticsearch
 
[root@vcyber elasticsearch]# ls
 
elasticsearch elasticsearch-master.zip

嘗試運行 elasticsearch：

Linux 環(huán)境：

[root@vcyber elasticsearch]# pwd
 
/usr/local/elasticsearch/elasticsearch
 
[root@vcyber elasticsearch]# bin/elasticsearch

Windows 環(huán)境瞧掺，執(zhí)行相應(yīng)的 .bat 文件耕餐，即 elasticsearch.bat。

但報錯了：

[root@vcyber elasticsearch]# bin/elasticsearch
 
Exception in thread "main" java.lang.RuntimeException: Java version: Oracle Cooration 1.7.0_51 [Java HotSpot(TM) 64-Bit Server VM 24.51-b03] suffers from crical bug https://bugs.openjdk.java.net/browse/JDK-8024830 which can cause dataorruption.
 
Please upgrade the JVM, see http://www.elastic.co/guide/en/elasticsearch/referce/current/_installation.html for current recommendations.
 
If you absolutely cannot upgrade, please add -XX:-UseSuperWord to the JAVA_OPT environment variable.
 
Upgrading is preferred, this workaround will result in degraded performance.
 
at org.elasticsearch.bootstrap.JVMCheck.check(JVMCheck.java:123)
 
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:283)
 
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:3
 
Refer to the log for complete error details.

大意是：Java 運行時異常辟狈，本機版本 JDK 有 bug……讓升級 JVM肠缔。如果實在不能升級，就向 JAVA_OPT 環(huán)境變量添加 -XX:-UseSuperWord 選項哼转。

于是明未，看一下本機的Java 版本：

[root@vcyber elasticsearch]# java -version
 
java version "1.7.0_51"
 
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
 
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
 
[root@vcyber elasticsearch]# echo $JAVA_HOME
 
/usr/java/jdk1.7.0_51
 
[root@vcyber elasticsearch]#
 

版本是 1.7.0_51。再在官網(wǎng)查了一下壹蔓，說：

“Elasticsearch requires at least Java 7. Specifically as of this writing, it is recommended that you use the Oracle JDK version 1.8.0_72. Java installation varies from platform to platform so we won’t go into those details here. Oracle’s recommended installation documentation can be found on Oracle’s website. Suffice to say, before you install Elasticsearch, please check your Java version first by running (and then install/upgrade accordingly if needed):”

大意是趟妥，ES 至少要求 7，推薦使用 1.8.0_72佣蓉。

那就刪除之前的版本披摄，按個新的吧。先刪掉之前的 JDK勇凭，然后再用 yum 按個新的：

[root@vcyber elasticsearch]# yum list installed | grep java
 
[root@vcyber elasticsearch]# yum list installed | grep jdk
 
jdk.x86_64 2000:1.7.0_51-fcs installed
 
[root@vcyber elasticsearch]# yum -y remove jdk.x86_64
 
……
 
[root@vcyber elasticsearch]#yum -y install java-1.8.0-openjdk*
 
……

注意：java-1.8.0-openjdk*”疚膊，后面有個星號，即安裝 java 全部相關(guān)的東西~

安裝完成后虾标，設(shè)置 JDK 的環(huán)境變量：

[root@vcyber elasticsearch]# export JAVA_HOME=/usr/lib/jvm/java-1.8.0
 
[root@vcyber elasticsearch]# export PATH=$JAVA_HOME/bin:$PATH
 
[root@vcyber elasticsearch]# export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
 
[root@vcyber elasticsearch]# java -version
 
openjdk version "1.8.0_71"
 
OpenJDK Runtime Environment (build 1.8.0_71-b15)
 
OpenJDK 64-Bit Server VM (build 25.71-b15, mixed mode)
 
[root@vcyber elasticsearch]# echo $JAVA_HOME
 
/usr/lib/jvm/java-1.8.0
 
[root@vcyber elasticsearch]#

另外寓盗，JDK 安裝在了我機器的 /usr/lib/jvm 目錄下，自己確認(rèn)一下你的路徑璧函。你可以把環(huán)境變量的設(shè)置放到 profile 里傀蚌，一勞永逸。

再次運行：

[root@vcyber elasticsearch]# bin/elasticsearch
 
Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root.
 
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:93)
 
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:144)
 
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285)
 
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
 
Refer to the log for complete error details.
 
[root@vcyber elasticsearch]#

又報錯柳譬，elasticsearch 不能用 root 用戶運行喳张，那就建立一個：

[root@vcyber elasticsearch]# groupadd es
 
[root@vcyber elasticsearch]# useradd -g es es
 
[root@vcyber elasticsearch]# passwd es
 
Changing password for user es.
 
New password:
 
BAD PASSWORD: it is WAY too short
 
BAD PASSWORD: is too simple
 
Retype new password:
 
passwd: all authentication tokens updated successfully.
 
[root@vcyber elasticsearch]#
 
[root@vcyber elasticsearch]# chown -R root .
 
[root@vcyber elasticsearch]# chown -R es .
 
[root@vcyber elasticsearch]# chgrp -R es .
 
[root@vcyber elasticsearch]# ls -l
 
total 4
 
drwxr-xr-x 7 es es 4096 Mar 1 03:07 elasticsearch
 
[root@vcyber elasticsearch]#

ES 2.* 版本已經(jīng)不允許用 root 用戶運行了，但是 1.* 版本無所謂美澳。

重新打開一個終端销部，用 es 用戶登錄摸航，并運行 elasticsearch：

[root@vcyber ~]$ cd /usr/local/elasticsearch/elasticsearch
 
[root@vcyber elasticsearch]$ bin/elasticsearch
 
[2016-03-01 05:11:48,413][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
 
[2016-03-01 05:11:48,750][INFO ][node ] [Googam] version[2.1.1], pid[15042], build[40e2c53/2015-12-15T13:05:55Z]
 
[2016-03-01 05:11:48,750][INFO ][node ] [Googam] initializing ...
 
[2016-03-01 05:11:49,088][INFO ][plugins ] [Googam] loaded [elasticsearch-analysis-ik, elasticsearch-analysis-mmseg, elasticsearch-analysis-stconvert, elasticsearch-analysis-pinyin], sites []
 
[2016-03-01 05:11:49,121][INFO ][env ] [Googam] using [1] data paths, mounts [[/ (/dev/mapper/vg_vcyber-lv_root)]], net usable_space [26.1gb], net total_space [34.8gb], spins? [possibly], types [ext4]
 
[2016-03-01 05:11:51,119][INFO ][mmseg-analyzer ] [Dict Loading] chars loaded time=42ms, line=12638, on file=chars.dic
 
……

此時，在另一個終端舅桩，訪問 elasticsearch：

[root@vcyber elasticsearch]# curl -X GET http://localhost:9200
 
{
 
"name" : "Captain Savage",
 
"cluster_name" : "elasticsearch",
 
"version" : {
 
"number" : "2.1.1",
 
"build_hash" : "40e2c53a6b6c2972b3d13846e450e66f4375bd71",
 
"build_timestamp" : "2015-12-15T13:05:55Z",
 
"build_snapshot" : false,
 
"lucene_version" : "5.3.1"
 
},
 
"tagline" : "You Know, for Search"
 
}
 
[root@vcyber elasticsearch]#
 

ES 已經(jīng)安裝成功酱虎。

配置 ES

但此時，ES 不能通過IP訪問擂涛，最好修改 config/elasticsearch.yml读串，配置一下 ES。

首先撒妈，找到“network.host”行恢暖，添加一行：

network.host: your id address

就能通過IP，或瀏覽器訪問狰右。

再找到“http.port”行杰捂，添加一行：

http.port: 9200

否則，ES 每次啟動時棋蚌，端口可能會變（端口被占用嫁佳，ES 自己會改端口）~
如果還不能正常啟動 ES，并提示端口被占用谷暮，就查看一下什么程序占用 9200 端口蒿往，kill 掉，重啟 ES 就行湿弦。
我遇到的瓤漏，Java 把 9200 端口占用了。

安裝 Head 插件

Head 是一個用來監(jiān)控 ES 狀態(tài)的客戶端插件省撑，可以為初學(xué)用戶提供很多便利赌蔑，例如，使用 Head 提供的 HTTP 客戶端竟秫，通過 HTTP 方式來操作 ES娃惯。

先查看你的 ES 都有哪些插件：

[root@vcyber ~]# cd /usr/local/elasticsearch/elasticsearch
[root@cyber elasticsearch]# bin/plugin list
Installed plugins in /usr/local/elasticsearch/elasticsearch/plugins:
- elasticsearch-analysis-mmseg-1.7.0
- elasticsearch-analysis-stconvert-1.6.1
- elasticsearch-analysis-pinyin-1.5.2
- elasticsearch-analysis-ik-1.7.0
[root@vcyber elasticsearch]#

大部分是關(guān)于中文分詞的，沒有 Head 插件肥败。

ES 支持在線和本地安裝 Head趾浅。本地安裝時，從 Github 上下載 Head 插件馒稍，然后上傳到你的 ES 服務(wù)器皿哨，比如，Elasticsearch/plugins 目錄纽谒。

下面是在線安裝：

[root@vcyber ~]# cd /usr/local/elasticsearch/elasticsearch/
[root@vcyber elasticsearch]# bin/plugin install mobz/elasticsearch-head
-> Installing mobz/elasticsearch-head...
Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ...
Downloading ...................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed head into /usr/local/elasticsearch/elasticsearch/plugins/head

如果命令使用的是“mobz/elasticsearch-head”证膨，那么 ES 將自己聯(lián)網(wǎng)從 Github 下載再安裝。

但是報錯了鼓黔，說校驗和有問題央勒。加上“-v”選項不见，這次換本地安裝，而且是 zip 壓縮包（從 Github 上下載的）崔步，即“file:plugins/elasticsearch-head-master.zip”稳吮，再執(zhí)行一下：

[root@vcyber elasticsearch]# bin/plugin install -v file:plugins/elasticsearch-head-master.zip
-> Installing from file:plugins/elasticsearch-head-master.zip...
Trying file:plugins/elasticsearch-head-master.zip ...
Downloading .........DONE
Verifying file:plugins/elasticsearch-head-master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
- Plugin information:
Name: head
Description: head - A web front end for an elastic search cluster
Site: true
Version: master
JVM: false
 
Installed head into /usr/local/elasticsearch/elasticsearch/plugins/head

注意：install 選項，ES 的 2.* 版本井濒，都不帶“-”橫線選項灶似，即“-install”。
注意：若是本地安裝瑞你，而且酪惭，你把 Head 壓縮包放到了 Elasticsearch/plugins 目錄下，安裝后捏悬，一定要將 Elasticsearch-head zip 壓縮包刪掉撞蚕，否則啟動 ES 時會報“不能初始化插件”錯誤。

[2016-03-02 07:06:16,547][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
[2016-03-02 07:06:16,866][INFO ][node ] [MODAM] version[2.1.1], pid[19446], build[40e2c53/2015-12-15T13:05:55Z]
[2016-03-02 07:06:16,866][INFO ][node ] [MODAM] initializing...
Exception in thread "main" java.lang.IllegalStateException: Unable to initialize plugins
Likely root cause: java.nio.file.FileSystemException: /usr/local/elasticsearch/elasticsearch/plugins/elasticsearch-head-master.zip/plugin-descriptor.properties: Not a directory

之后用瀏覽器訪問 http://your ip adress:9200/_plugin/head过牙，你就會看到如下界面：

[![2016-03-02_152710](http://upload-images.jianshu.io/upload_images/112704-6ad27a9125e34300.png?imageMogr2/auto-orient/strip%7CimageView2/2/w/1240)](http://images2015.cnblogs.com/blog/321721/201603/321721-20160302152932626-1652084615.png)

myfirestidx 是我之前通過命令行自己建的。

Elasticsearch Head 就成功安裝了纺铭。

安裝 Marvel 圖形化監(jiān)控插件

[root@vcyber elasticsearch]# bin/plugin install -v elasticsearch/marvel/latest
-> Installing elasticsearch/marvel/latest...

Trying http://download.elasticsearch.org/elasticsearch/marvel/marvel-latest.zip...
Downloading ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Installed elasticsearch/marvel/latest into /usr/local/elasticsearch/elasticsearch-1.7.1/plugins/marvel
[root@vcyber elasticsearch-1.7.1]#

2015-11-19_154502_副本

安裝 kopf 網(wǎng)絡(luò)插件

[root@vcyber elasticsearch]# bin/plugin install -v lmenezes/elasticsearch-kopf
-> Installing lmenezes/elasticsearch-kopf...
Trying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip...
Downloading ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Installed lmenezes/elasticsearch-kopf into /usr/local/elasticsearch/elasticsearch-1.7.1/plugins/kopf
[root@vcyber elasticsearch]#

kopf

雖然安裝成功了寇钉，但此版本 kopf 不支持我的 ES 版本。

ES 插件地址舶赔。

logstash

logstash主頁
logstash 提供各種安裝包扫倡，包括 tar.gz，ZIP竟纳，DEB 和 RPM撵溃。另外，又提供了一個包含所有插件的壓縮包——logstash-all-plugins-2.2.0.tar.gz 锥累。本文以它為例缘挑。解壓后，配置 logstash桶略，運行即可语淘。

2016-02-26_135910

2016-02-26_144944

在 /usr/local 下創(chuàng)建目錄 logstash：

[root@vcyber local]# cd /usr/local
 
[root@vcyber local]# pwd
 
/usr/local
 
[root@vcyber local]# mkdir logstash
 
[root@vcyber local]#

上傳 logstash 到該目錄。然后际歼，解壓并配置 logstash 配置文件：

[root@vcyber local]# cd logstash
 
[root@vcyber logstash]# ls
 
logstash-all-plugins-2.2.0.tar.gz
 
[root@vcyber logstash]# tar zxf logstash-all-plugins-2.2.0.tar.gz
 
logstash-2.2.0 logstash-all-plugins-2.2.0.tar.gz
 
[root@vcyber logstash]# cd logstash-2.2.0
 
[root@vcyber logstash-2.2.0]# vi logstash.conf
 
[root@vcyber logstash-2.2.0]#

文件內(nèi)容如下：

input{
 
stdin{}
 
}
 
output{
 
stdout{}
 
}

這個配置是最簡單惶翻，輸入是終端命令行，輸出也是終端命令行鹅心。

運行 logstash：

[root@vcyber logstash-2.2.0]# bin/logstash agent -f logstash.conf
 
hello world
 
hello world 2
 
Settings: Default pipeline workers: 2
 
Logstash startup completed
 
2016-02-28T22:37:06.130Z vcyber hello world
 
2016-02-28T22:37:06.132Z vcyber hello world 2

logst 已經(jīng)成功安裝吕粗。其中，agent 表示運行Agent模式旭愧，-f 表示指定配置文件颅筋，-p 表示端口宙暇，命令行參數(shù)可以參考logstash command-lines flags。

另外垃沦，你可以查看 logstash 都安裝了哪些插件客给。

[root@vcyber logstash-2.2.0]# bin/plugin list
 
logstash-codec-avro
 
logstash-codec-cef
 
logstash-codec-cloudfront
 
logstash-codec-cloudtrail
 
logstash-codec-collectd
 
logstash-codec-compress_spooler
 
logstash-codec-dots
 
logstash-codec-edn
 
logstash-codec-edn_lines
 
logstash-codec-es_bulk
 
logstash-codec-fluent
 
logstash-codec-graphite
 
logstash-codec-gzip_lines
 
logstash-codec-json
 
logstash-codec-json_lines
 
logstash-codec-line
 
logstash-codec-msgpack
 
logstash-codec-multiline
 
logstash-codec-netflow
 
logstash-codec-nmap
 
logstash-codec-oldlogstashjson
 
logstash-codec-plain
 
logstash-codec-rubydebug
 
logstash-codec-s3plain
 
logstash-codec-spool
 
logstash-filter-aggregate
 
logstash-filter-alter
 
logstash-filter-anonymize
 
logstash-filter-checksum
 
logstash-filter-cidr
 
logstash-filter-cipher
 
logstash-filter-clone
 
logstash-filter-collate
 
logstash-filter-csv
 
logstash-filter-date
 
logstash-filter-de_dot
 
logstash-filter-dns
 
logstash-filter-drop
 
logstash-filter-elapsed
 
logstash-filter-elasticsearch
 
logstash-filter-environment
 
logstash-filter-extractnumbers
 
logstash-filter-fingerprint
 
logstash-filter-geoip
 
logstash-filter-grok
 
logstash-filter-i18n
 
logstash-filter-json
 
logstash-filter-json_encode
 
logstash-filter-kv
 
logstash-filter-metaevent
 
logstash-filter-metricize
 
logstash-filter-metrics
 
logstash-filter-multiline
 
logstash-filter-mutate
 
logstash-filter-oui
 
logstash-filter-prune
 
logstash-filter-punct
 
logstash-filter-range
 
logstash-filter-ruby
 
logstash-filter-sleep
 
logstash-filter-split
 
logstash-filter-syslog_pri
 
logstash-filter-throttle
 
logstash-filter-tld
 
logstash-filter-translate
 
logstash-filter-unique
 
logstash-filter-urldecode
 
logstash-filter-useragent
 
logstash-filter-uuid
 
logstash-filter-xml
 
logstash-filter-zeromq
 
logstash-input-beats
 
logstash-input-cloudwatch
 
logstash-input-couchdb_changes
 
logstash-input-elasticsearch
 
logstash-input-eventlog
 
logstash-input-exec
 
logstash-input-file
 
logstash-input-fluentd
 
logstash-input-ganglia
 
logstash-input-gelf
 
logstash-input-gemfire
 
logstash-input-generator
 
logstash-input-github
 
logstash-input-graphite
 
logstash-input-heartbeat
 
logstash-input-http
 
logstash-input-http_poller
 
logstash-input-imap
 
logstash-input-irc
 
logstash-input-jdbc
 
logstash-input-jmx
 
logstash-input-kafka
 
logstash-input-log4j
 
logstash-input-lumberjack
 
logstash-input-meetup
 
logstash-input-pipe
 
logstash-input-puppet_facter
 
logstash-input-rabbitmq
 
logstash-input-redis
 
logstash-input-relp
 
logstash-input-rss
 
logstash-input-s3
 
logstash-input-salesforce
 
logstash-input-snmptrap
 
logstash-input-sqlite
 
logstash-input-sqs
 
logstash-input-stdin
 
logstash-input-stomp
 
logstash-input-syslog
 
logstash-input-tcp
 
logstash-input-twitter
 
logstash-input-udp
 
logstash-input-unix
 
logstash-input-varnishlog
 
logstash-input-websocket
 
logstash-input-wmi
 
logstash-input-xmpp
 
logstash-input-zenoss
 
logstash-input-zeromq
 
logstash-output-boundary
 
logstash-output-circonus
 
logstash-output-cloudwatch
 
logstash-output-csv
 
logstash-output-datadog
 
logstash-output-datadog_metrics
 
logstash-output-elasticsearch
 
logstash-output-elasticsearch-ec2
 
logstash-output-elasticsearch_http
 
logstash-output-elasticsearch_java
 
logstash-output-email
 
logstash-output-exec
 
logstash-output-file
 
logstash-output-ganglia
 
logstash-output-gelf
 
logstash-output-google_bigquery
 
logstash-output-google_cloud_storage
 
logstash-output-graphite
 
logstash-output-graphtastic
 
logstash-output-hipchat
 
logstash-output-http
 
logstash-output-influxdb
 
logstash-output-irc
 
logstash-output-juggernaut
 
logstash-output-kafka
 
logstash-output-librato
 
logstash-output-loggly
 
logstash-output-lumberjack
 
logstash-output-metriccatcher
 
logstash-output-mongodb
 
logstash-output-nagios
 
logstash-output-nagios_nsca
 
logstash-output-null
 
logstash-output-opentsdb
 
logstash-output-pagerduty
 
logstash-output-pipe
 
logstash-output-rabbitmq
 
logstash-output-redis
 
logstash-output-redmine
 
logstash-output-riemann
 
logstash-output-s3
 
logstash-output-sns
 
logstash-output-solr_http
 
logstash-output-sqs
 
logstash-output-statsd
 
logstash-output-stdout
 
logstash-output-stomp
 
logstash-output-syslog
 
logstash-output-tcp
 
logstash-output-udp
 
logstash-output-websocket
 
logstash-output-xmpp
 
logstash-output-zabbix
 
logstash-output-zeromq
 
logstash-patterns-core
 
[root@vcyber logstash-2.2.0]#

Kibana

Kibana 主頁
chenryn 增強版的 Kibana
你得搞一個 Kibana 3.0 并上傳你服務(wù)器的 /usr/local/Kibana 目錄下，沒有建立一個肢簿，然后用 unzip 解壓（github 下載的是 zip 文件）靶剑。

[root@vcyber /]# cd /usr/local/kibana/
[root@vcyber kibana]# ls
exampledata kibana-3.0 kibana-4.0 kibana-5.0
[root@vcyber kibana]#

你可以看到，我有三個版本池充，4.0 和 5.0 沒有安裝成功（總提示 node.js 報錯）~Kibana 這三個主要版本差距很大~

簡單介紹一下桩引，你就知道，Kibana 的每個版本差距有多大收夸。Logstash 早期曾經(jīng)自帶了一個特別簡單的 Logstash-Web坑匠，用來查看 ES 數(shù)據(jù)。后來卧惜， Rashid Khan 用 PHP 寫了一個更好的 Web厘灼，取名 Kibana，發(fā)布于 2011年12月11日咽瓷。2012年8月19日设凹，Rashid Khan 用 Ruby 重寫了一遍，叫 Kibana 2,茅姜。因為闪朱，Logstash 也是用 Ruby 寫的，所以就代替了 Logstash-Web钻洒。2014年2月奋姿，此人，用 AngularJS 又重寫了一遍素标，（我靠称诗，真是服了他了~），叫 Kibana 3糯钙。2014年4月粪狼，Kibana 3 停止開發(fā)，全面致力于 Kibana 4任岸。到 2015年初再榄，發(fā)布了用 JRuby 做后端的 beta 版，但3月正式推出時卻使用 node.js 做后端享潜。（我靠靠困鸥，服了_{都被他用遍了}）

到其 src 目錄下：

[root@vcyber kibana]# cd kibana-3.0/src
[root@vcyber src]# ls
app config.js css favicon.ico font img index.html vendor
[root@vcyber src]#

修改其 config.js 文件，添加對 ES 的訪問。無論是看文件內(nèi)容疾就，還是看后綴名澜术，你能猜到，就是手動去改 JavaScript 文件而已：

elasticsearch: [http://10.1.8.166:9200](http://10.1.8.166:9200/),

我 ES 服務(wù)器地址是 10.1.8.166猬腰，注意鸟废，屁股后面的逗號，絕對是有的姑荷。如果該文件配置錯了盒延，當(dāng)你訪問 Kibana 時，界面什么都看不到~

接下來鼠冕，把 Kibana 搞成一個 Web 站點添寺。tomcat、Python懈费、Nginx 都行计露，我暫時用 Python。只要把 Kibana 的 src 目錄發(fā)布出去就行憎乙。

注意你當(dāng)前的位置票罐，執(zhí)行如下命令，就能把 Kibana 做成一個 Web 站點：

[root@vcyber src]# pwd
/usr/local/kibana/kibana-3.0/src
[root@vcyber src]# python –m SimpleHTTPServer 8000

其中泞边，SimpleHTTPServer 是 Python 模塊名胶坠，區(qū)分大小寫的；8000 是 Web 站點的端口繁堡。

這樣，你就能通過 http://10.1.8.166:8000 訪問 Kibana乡数。

但是椭蹄，頁面報錯了：“Connection Failed”：

Connection Failed

提示，Kibana 不能連接 ES净赴。至于原因绳矩，從 ES 1.4 版本開始，它增強了安全性玖翅。寫得很清楚翼馆，照著做就行（事后才知道）。~但問題是金度，這些具體東西应媚，在官網(wǎng)沒找到（我是沒找到），而且連 Kibana 3.0 的文檔猜极，都已經(jīng)沒有了~錯誤信息所說的：“http.cors” 相關(guān)配置中姜，在 Elasticsearch.yml 中，也沒給出~事實上跟伏，還真是寫這兩個配置丢胚。

進(jìn)入到 ES 的 config 目錄：

[root@vcyber src]# cd /usr/local/elasticsearch/
[root@vcyber elasticsearch]# ls
elasticsearch-1.7.1 elasticsearch-2.2.0
[root@vcyber elasticsearch]# cd elasticsearch-1.7.1/config/
[root@vcyber config]#

我有兩個 ES 版本翩瓜，Kibana 訪問的是 1.7 那個版本。

修改 Elasticsearch.yml 文件携龟，添加如下內(nèi)容：

http.cors.allow-origin: http://10.1.8.166:8000
http.cors.enabled: true

其中兔跌，http.cors.allow-origin 一行表明，誰可以訪問 ES峡蟋。若讓所有域名都可以訪問坟桅，寫成 “*”~

本例寫具體的 IP 地址和端口。

這樣层亿，Kibana 就可以訪問 ES 了桦卒。如下圖所示：

Kibana 就可以訪問 ES

參考資料

• ELK STACK
  elastic.co 文檔
• ELK——在 CentOS/Linux 把 Kibana 3.0 部署在 Nginx 1.9.12
• 在 CentOS/Linux 把 Kibana 3.0 部署在 Nginx 1.9.12
• 為調(diào)試 Logstash Grok 表達(dá)式，安裝 GrokDebuger 環(huán)境