文章目录
ELK是三个软件产品的首字母缩写,Elasticsearch,Logstash和Kibana。这三款软件都是开源的,现在归于Elastic.co公司。
在这套系统中,Elasticsearch主要充当一个全文检索和分析引擎,Logstash是一款分布式日志收集系统,Kibana可以为这个平台提供可视化的Web界面。
本文使用的Centos7.4系统,ELK部署全部在一台机器下完成,全部使用rpm包方式安装,ELK版本为6.2.3
elk流程图:
安装jdk
从官网下载jdk安装包
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
yum install jdk-8u162-linux-x64.rpm
|---|-------------------------------------| | 1 | yum install jdk-8u162-linux-x64.rpm |
Elasticsearch {#title-0}
1、安装elasticsearch
cd /usr/local/src wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.rpm yum install elasticsearch-6.2.3.rpm
|-------|-----------------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 | cd /usr/local/src wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.rpm yum install elasticsearch-6.2.3.rpm |
2、创建一个目录用于elasticsearch数据存放
mkdir -p /data/es-data chown -R elasticsearch.elasticsearch /data/es-data/
|-----|----------------------------------------------------------------------------| | 1 2 | mkdir -p /data/es-data chown -R elasticsearch.elasticsearch /data/es-data/ |
3、创建一个目录用于elasticsearch日志存放
mkdir /data/es-log chown -R elasticsearch.elasticsearch /data/es-log/
|-----|-----------------------------------------------------------------------| | 1 2 | mkdir /data/es-log chown -R elasticsearch.elasticsearch /data/es-log/ |
4、修改elasticsearch配置文件
vi /etc/elasticsearch/elasticsearch.yml
|---|-----------------------------------------| | 1 | vi /etc/elasticsearch/elasticsearch.yml |
设置以下几项
#elasticsearch数据存放路径
path.data: /data/es-data
#elasticsearch日志存放路径
path.logs: /data/es-log
#设置内存不使用交换分区
bootstrap.memory_lock: false
#设置监听端口为9200
http.port: 9200
5、启动elasticsearch
/etc/init.d/elasticsearch start
|---|---------------------------------| | 1 | /etc/init.d/elasticsearch start |
6、查看状态是否running
/etc/init.d/elasticsearch status
|---|----------------------------------| | 1 | /etc/init.d/elasticsearch status |
7、设置开机自启
systemctl enable elasticsearch
|---|--------------------------------| | 1 | systemctl enable elasticsearch |
8、验证是否安装成功
curl http://127.0.0.1:9200
|---|----------------------------| | 1 | curl http://127.0.0.1:9200 |
返回以下内容即表示elasticsearch正常
Logstash {#title-1}
1、安装logstash
cd /usr/local/src wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.rpm yum install logstash-6.2.3.rpm
|-------|--------------------------------------------------------------------------------------------------------------------------| | 1 2 3 | cd /usr/local/src wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.rpm yum install logstash-6.2.3.rpm |
2、创建一个目录用于logstash数据存放
mkdir -p /data/ls-data chown -R logstash.logstash /data/ls-data/
|-----|------------------------------------------------------------------| | 1 2 | mkdir -p /data/ls-data chown -R logstash.logstash /data/ls-data/ |
3、创建一个目录用于logstash日志存放
mkdir /data/ls-log chown -R logstash.logstash /data/ls-log/
|-----|-------------------------------------------------------------| | 1 2 | mkdir /data/ls-log chown -R logstash.logstash /data/ls-log/ |
4、修改logstash配置文件
vi /etc/logstash/logstash.yml
|---|-------------------------------| | 1 | vi /etc/logstash/logstash.yml |
设置以下几项
#logstash数据存放路径
path.data: /data/ls-data
#logstash日志存放路径
path.logs: /data/ls-log
#设置管道配置文件路径
path.config: /etc/logstash/conf.d
5、启动logstash
systemctl start logstash
|---|--------------------------| | 1 | systemctl start logstash |
6、查看状态是否running
systemctl status logstash
|---|---------------------------| | 1 | systemctl status logstash |
7、设置开机自启
systemctl enable logstash
|---|---------------------------| | 1 | systemctl enable logstash |
8、创建一个软连接,方便使用logstash命令
ln -sv /usr/share/logstash/bin/logstash /usr/bin/
|---|---------------------------------------------------| | 1 | ln -sv /usr/share/logstash/bin/logstash /usr/bin/ |
测试一下,执行logstash命令,稍等片刻,输入任意内容会有返回的输出
logstash -e 'input { stdin { } } output { stdout {} }'
|---|--------------------------------------------------------| | 1 | logstash -e 'input { stdin { } } output { stdout {} }' |
Kibana {#title-2}
1、安装kibana
/usr/local/src wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-x86_64.rpm yum install kibana-6.2.3-x86_64.rpm
|-------|-------------------------------------------------------------------------------------------------------------------------------| | 1 2 3 | /usr/local/src wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-x86_64.rpm yum install kibana-6.2.3-x86_64.rpm |
2、修改kibana配置文件
vi /etc/kibana/kibana.yml
|---|---------------------------| | 1 | vi /etc/kibana/kibana.yml |
设置以下几项
#默认监听端口5601
server.port: 5601
#监听IP地址,这里改成0.0.0.0,即监听所有IP
server.host: "0.0.0.0"
#elasticsearch的地址,elasticsearch与kibana安装在不同服务器上,需要手动指定地址
elasticsearch.url: "http://localhost:9200"
#kibana会在elasticsearch中创建一个索引用于存储kibana的设置,索引名称可以自定义,一般无需修改。
kibana.index: ".kibana"
3、启动kibana
/etc/init.d/kibana start
|---|--------------------------| | 1 | /etc/init.d/kibana start |
4、查看状态是否running
/etc/init.d/kibana status
|---|---------------------------| | 1 | /etc/init.d/kibana status |
5、设置开机自启
systemctl enable kibana
|---|-------------------------| | 1 | systemctl enable kibana |
访问kibana
http://IP:5601