ELK就是ElasticSearch + LogStash + Kibana
1、准备工作
ELK下载:https://www.elastic.co/downloads/
jdk version:1.8.0_162
平台:centos6.5
2、环境搭建
ElasticSearch:
(1)不能使用root用户启动,需将elasticsearch文件夹放在执行用户目录下,否则会报错:“错误: 找不到或无法加载主类 org.elasticsearch.tools.launchers.JavaVersionChecker”
(2)插件安装:bin/elasticsearch-plugin install x-pack
(3)修改配置文件 vim config/elasticsearch.yml
cluster.name: myapp
node.name: node0
path.data: /path/to/data
path.logs: /path/to/logs
network.host: 127.0.0.1(若要局域网访问,需要添加端口或直接关闭防火墙)
http.port: 9200
bootstrap.system_call_filter: false(add)
xpack.security.enabled: false(取消用户登陆的验证)
注:尽量保持冒号前面没空格,后面一个空格,不要用tab键,否则会报错:“Exception in thread "main" 2017-11-10 06:29:49,106 main ERROR No log4j2 configuration file found. Using default configuration: logging only errors to the console. Set system property 'log4j2.debug' to show Log4j2 internal initialization logging.ElasticsearchParseException[malformed, expected settings to start with 'object', instead was [VALUE_STRING]]”
vim /etc/security/limits.d/90-nproc.conf
elasticsearch soft nproc 4096 # 针对 max number of threads
elasticsearch hard nproc 4096
elasticsearch soft nofile 65536 # 针对 max file descriptors (add)
elasticsearch hard nofile 65536
vim /etc/sysctl.conf
vm.max_map_count=262144 # 针对 max virtual memory areas(add) (sysctl -p 使生效)
Kiabna
(1)解压后,执行“./bin/kibana-plugin install x-pack”安装X-Pack
(2)修改配置文件kibana.yml
elasticsearch.url: "http://192.168.11.13:9200"
server.host: "192.168.11.13"
logstash
(1)解压后,执行“./bin/logstash-plugin install x-pack”安装X-Pack
(2)修改配置文件logstash.yml,添加如下
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: ["http://192.168.11.13:9200"]([]中填写elasticsearch运行后能访问到的IP和端口)
(3)添加配置文件:logstash.conf
input {
file {
path => "/home/elsearch/error.log"
type => "error"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.11.13:9200"]
index => "error-%{+YYYY.MM.DD}"
}
}