zoukankan      html  css  js  c++  java

  • elk部署

     

    ElasticSearch

    You know, for search

     

    安装redis

     

    [root@liang filebeat]# yum install redis -y

     

     

    yum安装Elasticsearch

     

    安装jdk

     

    Elasticsearch requires Java 8 or later

    [root@liang local]# yum install java-1.8.0-openjdk -y

     

    [root@liang local]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

     

    [root@liang local]# cd /etc/yum.repos.d/

     

    [root@liang yum.repos.d]# vim elasticsearch.repo

    [elasticsearch-6.x]

    name=Elasticsearch repository for 6.x packages

    baseurl=https://artifacts.elastic.co/packages/6.x/yum

    gpgcheck=1

    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

    enabled=1

    autorefresh=1

    type=rpm-md

     

    [root@liang yum.repos.d]# yum install elasticsearch -y

     

    To configure Elasticsearch to start automatically when the system boots up, run the following commands:

    sudo /bin/systemctl daemon-reload

    sudo /bin/systemctl enable elasticsearch.service

     

    Elasticsearch can be started and stopped as follows:

     

    sudo systemctl start elasticsearch.service

     

    sudo systemctl stop elasticsearch.service

     

    [root@liang elasticsearch]# curl localhost:9200

    {

      "name" : "K0mAcX6",

      "cluster_name" : "elasticsearch",

      "cluster_uuid" : "DC4B_Qh4TEqd2AU2m11lEg",

      "version" : {

        "number" : "6.5.4",

        "build_flavor" : "default",

        "build_type" : "rpm",

        "build_hash" : "d2ef93d",

        "build_date" : "2018-12-17T21:17:40.758843Z",

        "build_snapshot" : false,

        "lucene_version" : "7.5.0",

        "minimum_wire_compatibility_version" : "5.6.0",

        "minimum_index_compatibility_version" : "5.0.0"

      },

      "tagline" : "You Know, for Search"

    }

     

    [root@liang elasticsearch]# curl -X PUT 'localhost:9200/hello'

    {“acknowledged":true,"shards_acknowledged":true,"index":"hello"}

     

    [root@liang elasticsearch]# curl -X DELETE 'localhost:9200/hello'

    {"acknowledged":true}

     

    rpm包安装elasticsearch6.5.3

     

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.3.rpm

     

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4.rpm.sha512

     

    shasum -a 512 -c elasticsearch-6.5.3.rpm.sha512 

     

    sudo rpm --install elasticsearch-6.5.3.rpm

     

    安装ik

     

    注意ik中文包一定要跟es的版本对应上,否则会安装失败

    [root@liang elasticsearch]# ./bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.5.3/elasticsearch-analysis-ik-6.5.3.zip

     

    安装filebeat

     

    [root@liang elk]# wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.3-x86_64.rpm

     

    [root@liang filebeat]# rpm --install filebeat-6.5.3-x86_64.rpm

     

    使用filebeat

     

    [root@liang filebeat]# grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$"

    filebeat.inputs:

    - type: log

      enabled: true

      paths:

        - /var/log/*.log

        - /var/log/messages

      exclude_lines: ['^DBG', '^$']

      fields:

        service: hello

    filebeat.config.modules:

      path: ${path.config}/modules.d/*.yml

      reload.enabled: false

    setup.template.settings:

      index.number_of_shards: 3

    setup.kibana:

      path: "/tmp"

      filename: "filebeat.txt"

    processors:

      - add_host_metadata: ~

      - add_cloud_metadata: ~

     

     

    把日志导入到redis

     

    [root@liang filebeat]# grep -v "#" /etc/filebeat/filebeat.yml |grep -v "^$"

    filebeat.inputs:

    - type: log

      enabled: true

      paths:

        - /var/log/*.log

        - /var/log/messages

      exclude_lines: ['^DBG', '^$'] 

      fields:

        service: hello

    filebeat.config.modules:

      path: ${path.config}/modules.d/*.yml

      reload.enabled: false

    setup.template.settings:

      index.number_of_shards: 3

    setup.kibana:

    output.redis:

      hosts: "localhost"

      db: "2"

      port: "6379"

      password: "123456"

      key: "hello"

    processors:

      - add_host_metadata: ~

      - add_cloud_metadata: ~

     

     

    安装logstash

     

    [root@liang ~]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.5.3.rpm

     

    [root@liang elk]# rpm --install logstash-6.5.3.rpm

     

    安装过程中可能遇到的问题:

     

    [root@liang elk]# /usr/share/logstash/bin/system-install

    OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N

    OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000e5330000, 449642496, 0) failed; error='Cannot allocate memory' (errno=12)

    /usr/share/logstash/bin/system-install:行88: #: 未找到命令

    Unable to install system startup script for Logstash.

     

    不要慌~

     

    [root@liang elk]# vim /etc/logstash/jvm.options

    把内存调小,默认为2g

    # Xms represents the initial size of total heap space

    # Xmx represents the maximum size of total heap space

     

    -Xms512m

    -Xmx512m

     

    调了之后还是报错,把占用内存的应用先关掉,比如es,开启了es占用了老子1g多的内存

     

    [root@liang conf.d]# vim redis-logstash.conf

     

    input {

        redis {

            data_type => "list"  

            host => “127.0.0.1”

            db => "2"

            port => "6379"

            password => "123456"

            key => "hello"

     

        }

    }

     

    output {

        elasticsearch {

            hosts => ["127.0.0.1:9200"]

            index => "hello-%{+YYYY.MM.dd}"

        }

    }

     

    检查语法

    [root@liang conf.d]#  /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis-logstash.conf -t

    OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N

    WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults

    Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

    [INFO ] 2018-12-21 15:56:51.300 [main] writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}

    [INFO ] 2018-12-21 15:56:51.381 [main] writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}

    [WARN ] 2018-12-21 15:56:52.237 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified

    Configuration OK

    [INFO ] 2018-12-21 15:56:55.604 [LogStash::Runner] runner - Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash

     

     

    [root@liang conf.d]# systemctl restart logstash

     

    [root@liang conf.d]# systemctl status  logstash

     

     

    安装kibana

     

    [root@liang conf.d]# wget https://artifacts.elastic.co/downloads/kibana/kibana-6.5.3-x86_64.rpm

     

    [root@liang elk]# rpm —install kibana-6.5.3-x86_64.rpm

     

    [root@liang elk]# grep -v "#" /etc/kibana/kibana.yml |grep -v "^$"

    server.host: "0.0.0.0"

    elasticsearch.url: "http://localhost:9200"

     

     

     

     

     

     

     

     

     

     
  • 相关阅读:
    猫与路由器(还没看)
    ORA-12154: TNS: 无法解析指定的连接标识符(未解决)
    easy-batch demo
    mongodb 创建用户
    docker mongodb
    监听器,过滤器,拦截器
    mysql docker-compose启动异常:Database is uninitialized and password option is not specified
    设计模式-builder模式的价值
    【C++ Template | 04】折叠表达式
    【vim】vim插件教程
  • 原文地址:https://www.cnblogs.com/liangweixiong/p/10157309.html
Copyright © 2011-2022 走看看