Enviroment prepare
rpm -qa | grep java
wget http://download.oracle.com/otn-pub/java/jdk/8u171-b11/512cd62ec5174c3487ac17c61aaa89e8/jdk-8u171-linux-x64.tar.gz
tar -zxvf jdk-8u171-linux-x64.tar.gz -C /usr/local
echo -e 'export JAVA_HOME=/usr/local/jdk1.8.0_171
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib/dt.JAVA_HOME/lib/tools.jar:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:${PATH}' >>/etc/profile
source /etc/profile
java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.171-b11, mixed mode)
Elasticsearch Install
1. Download Elasticsearch-6.2.3
curl 127.0.0.0.1:9002
{
"name" : "5eRpLYV",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "RrKzHv2bTD2JfcuGxNwGBw",
"version" : {
"number" : "6.2.3",
"build_hash" : "c59ff00",
"build_date" : "2018-03-13T10:06:29.741383Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
mkdir /elk/ && cd /elk
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.tar.gz
tar -xzf elasticsearch-6.2.3.tar.gz
cd elasticsearch-6.2.3/
2. Create elasticsearch user and Running Elasticsearch as a daemon
useradd elasticsearch
chown -R elasticsearch.elasticsearch /elk/elasticsearch-6.2.3
su - elasticsearch
cd /elk/elasticsearch
./bin/elasticsearch -d -p pid
3. Checking that Elasticsearch is running
curl 127.0.0.0.1:9002
{
"name" : "5eRpLYV",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "RrKzHv2bTD2JfcuGxNwGBw",
"version" : {
"number" : "6.2.3",
"build_hash" : "c59ff00",
"build_date" : "2018-03-13T10:06:29.741383Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
4. Configuring Elasticsearch on the command line
default conf file is $ES_HOME/config/elasticsearch.yml
./bin/elasticsearch -d -Ecluster.name=my_cluster -Enode.name=node_1
curl 127.0.0.1:9200
{
"name" : "node_1",
"cluster_name" : "my_cluster",
"cluster_uuid" : "RrKzHv2bTD2JfcuGxNwGBw",
"version" : {
"number" : "6.2.3",
"build_hash" : "c59ff00",
"build_date" : "2018-03-13T10:06:29.741383Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
Logstash Install
1. Download Logstash-6.2.3
cd /elk
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.tar.gz
tar xf logstash-6.2.3.tar.gz && cd logstash-6.2.3
2. Edit logstash-filter.conf file
cd /elk/logstash-6.2.3/bin
cat >logstash-filter.conf << EOF
input { stdin { } }
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
EOF
3. Run Logstash with this configuration
cd /elk/logstash-6.2.3/bin
./logstash -f logstash-filter.conf &
tailf /elk/logstash-6.2.3/logs/logstash-plain.log
[2018-05-14T20:14:32,445][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-05-14T20:14:32,445][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
Kibana Install
1. Download Kibana-6.2.3
cd /elk
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-linux-x86_64.tar.gz
tar xf kibana-6.2.3-linux-x86_64.tar.gz && cd kibana-6.2.3-linux-x86_64
2. Edit kibana.yml
sed -i '$a server.host: "10.0.0.100"' /elk/kibana-6.2.3-linux-x86_64/config/kibana.yml
cd /elk/kibana-6.2.3-linux-x86_64/bin/
nohup kibana &
3. HanHua Kibana
git clone https://github.com/anbai-inc/Kibana_Hanization.git
cd Kibana_Hanization/
python main.py python main.py /elk/kibana-6.2.3-linux-x86_64/
4. Restart Kibana