elastic官网地址:https://www.elastic.co/cn/elastic
产品地址:https://www.elastic.co/cn/elastic-stack
yum源地址:https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum
ELK主要由ElasticSearch、Logstash和Kibana三个开源工具组成
产生日志--》收集日志--》存储日志--》展示日志--》查看日志
elasticsearch:主要用于弹性搜索,日志存储,接受logstash提交得日志,进行存储
logstash:手机appserver产生得log,并存放到elasticsearch集群当中
kibana:可视化平台,能够搜索、展示存储在elasticsearch中得索引数据,使用它可以很方便得用图表、表格、地图展示和分析数据
安装:
环境准备:
系统:CentOS Linux release 7.5
服务器IP:192.168.53.6、192.168.53.7
1、配置jdk环境(略)
2、配置域名解析
echo -e "192.168.53.6 elk-node1 192.168.53.7 elk-node2" >>/etc/hosts
3、安装elasticsearch
基础环境安装:elk-node1、elk-node2同时操作
1)安装yum源
vim /etc/yum.repos.d/elk.repo
[ELK] name=ELK-Elasticstack baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/ gpgcheck=0 enabled=1
1 # yum -y install elasticsearch 2 # yum -y install elasticsearch --downloadonly --downloaddir=./ #只下载不安装
2)配置部署
自定义存储日志目录
# mkdir -p /data/es-datas
# chown -R elasticsearch.elasticsearch /data/es-data ##安装elasticsearch时候会生成内置用户
追加配置以下内容:
| 属性名 | 说明 |
| cluster.name: my-application | 配置集群名称,同一个集群名称必须一致 |
| node.name: elk-node1 | 节点名称,建议和主机名称一致 |
| path.data: /data/es-data | 数据存放路径 |
| path.logs: /var/log/elasticsearch | 日志存放路径 |
| bootstrap.mlockall: true | 锁住内存不被使用到交换分区 |
| network.host: 0.0.0.0 | 网络设置 |
| http.port: 9200 | 端口 |
| transport.tcp.port | 集群节点之间得通信端口,默认9300 |
| cluster.initial_master_nodes | 指定可以成为master节点得IP |
启动服务
[root@elk-node1 ~]# systemctl start elasticsearch.service [root@elk-node1 ~]# systemctl status elasticsearch.service ● elasticsearch.service - Elasticsearch Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled) Active: active (running) since Sat 2020-12-12 22:39:40 PST; 10s ago Docs: https://www.elastic.co Main PID: 3114 (java) Tasks: 42 Memory: 1.2G CGroup: /system.slice/elasticsearch.service ├─3114 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.network... └─3299 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller Dec 12 22:38:59 elk-node1 systemd[1]: Starting Elasticsearch... Dec 12 22:39:40 elk-node1 systemd[1]: Started Elasticsearch.
节点2做同样操作
4、logstash安装:部署在应用服务器
# wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/7.10.1/logstash-7.10.1-x86_64.rpm # rpm -ivh logstash-7.10.1-x86_64.rpm
修改配置文件
vim /etc/logstash/logstash.yml
http.host: “0.0.0.0”
# cp /etc/logstash/logstash-sample.conf /etc/logstash/conf.d/logstash.conf
# vim /etc/logstash/conf.d/logstash.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://192.168.53.6:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
自定义手机日志得话模板如下:
input { file { path => "/var/log/messages" type => "system" start_position => "beginning" } } output { elasticsearch { hosts => ["192.168.53.6:9200"] index => "system-%{+YYYY.MM.dd}" } }
启动
5、部署kibana
yum -y install kibana
修改配置文件
vim /etc/kibana/kibana.ymlm
server.port: 5601
server.host: “0.0.0.0”
elasticsearch.hosts: [“http://localhost:9200”]
kibana.index: “.kibana”
待完善... ...