ELK 安装配置
环境:
CentOS 7.1 x64
elasticsearch-2.3.2
logstash-2.3.2(或logstash-all-plugins-2.3.1)
kibana-4.5.0
elasticsearch 192.168.8.101
logstash 192.168.8.102
kibana 192.168.8.254
说明:Elasticsearch,Logstash依赖jdk7或更高,请事先安装
Elasticsearch
tar -xvf elasticsearch-2.3.2.tar.gz -C /opt
useradd elasticsearch
chown -R elasticsearch:
/opt/elasticsearch
su - elasticsearch -c
"/opt/elasticsearch-2.3.2/bin/elasticsearch -d
-p /tmp/elasticsearch.pid"
测试
[root@elastic ~]#
curl -X GET http://localhost:9200/
{
"name" : "Lianda",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.3.2",
"build_hash" :
"b9e4a6acad4008027e4038f6abed7f7dba346f94",
"build_timestamp" :
"2016-04-21T16:03:47Z",
"build_snapshot" : false,
"lucene_version" : "5.5.0"
},
"tagline" : "You Know, for Search"
}
修改监听地址:
#
---------------------------------- Network
-----------------------------------
#
# Set the
bind address to a specific IP (IPv4 or IPv6):
#
network.host:
192.168.8.101
#
# Set a
custom port for HTTP:
#
http.port:
9200
Logstash
tar -xvf logstash-2.3.2.tar.gz -C
/opt/
测试
[root@logstash ~]#
/opt/logstash-2.3.2/bin/logstash -e 'input { stdin { } } output
{ stdout {} }'
Settings:
Default pipeline workers: 2
Pipeline
main started
hello
world
2016-05-01T10:23:35.726Z
0.0.0.0 hello world
Pipeline
main has been shutdown
stopping
pipeline {:id=>"main"}
https://www.elastic.co/guide/en/logstash/current/reloading-config.html
2.3及以后的版本支持配置文件自动重载,只需在启动logstash时加上如下参数--auto-reload(-r),但不能与-e一起连用
重载过程中JVM不会重启,对于没有加上-r参数并且己启动的logstash,可以通过KILL
1信号来重载配置,如 kill -1 1234
/opt/logstash-2.3.2/bin/logstash
-f /opt/logstash-2.3.2/config/logstash_rsyslog.conf -r
Kibana
tar -xvf
kibana-4.5.0-linux-x64.tar.gz -C /opt
vim
/opt/kibana-4.5.0-linux-x64/config/kibana.yml
elasticsearch.url:
"http://192.168.8.101:9200"
提示:最简配置,只需要指向正确的elasticsearch主机即可
-h #显示帮助列表
-l #指定日志路径
root@jlive:~#/opt/kibana-4.5.0-linux-x64/bin/kibana
log [19:18:15.894]
[info][status][plugin:kibana]
Status changed from uninitialized to green -
Ready
log [19:18:15.924]
[info][status][plugin:elasticsearch]
Status changed from uninitialized to yellow - Waiting for
Elasticsearch
log [19:18:15.940]
[info][status][plugin:kbn_vislib_vis_types]
Status changed from uninitialized to green -
Ready
log [19:18:15.948]
[info][status][plugin:markdown_vis]
Status changed from uninitialized to green -
Ready
log [19:18:15.954]
[info][status][plugin:metric_vis]
Status changed from uninitialized to green -
Ready
log [19:18:15.965]
[info][status][plugin:spyModes]
Status changed from uninitialized to green -
Ready
log [19:18:15.969]
[info][status][plugin:statusPage]
Status changed from uninitialized to green -
Ready
log [19:18:15.972]
[info][status][plugin:table_vis]
Status changed from uninitialized to green -
Ready
log [19:18:15.977]
[info][status][plugin:elasticsearch]
Status changed from yellow to green - Kibana index
ready
log [19:18:15.982]
[info][listening]
Server running at http://0.0.0.0:5601
