安装环境:
操作系统:centos7.0
elasticsearch:5.5.1
kibana:5.5.1
logstash:5.5.1
JDK:jdk1.8.0_101
下载地址:https://www.elastic.co/downloads
JDK的安装此处就不做说明,自行百度。
首先文件下载存放至/data/ELK,目录看个人习惯存放。
文件列表:
elasticsearch-5.5.1.tar.gz
kibana-5.5.1-linux-x86_64.tar.gz
logstash-5.5.1.tar.gz
安装elasticsearch
创建elasticsearch组与用户及设置密码:
[root@bigdata2 bin]# groupadd elsearchgroup //创建elasticserch组[root@bigdata2 bin]# useradd -g elsearchgroup elsearchuser //创建elasticserch用户
[root@bigdata2 bin]# passwd elsearchuser //设置elasticserch用户的密码
Changing password for user elsearchuser.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
[root@bigdata2 ELK]# cd /data/ELK/
[root@bigdata2 ELK]# chown -R elsearchuser:elsearchgroup elasticsearch //将文件夹拥有者赋给elsearchuser
[root@bigdata2 ELK]# su elsearchuser //切换到elsearchuser用户
[elsearchuser@bigdata2 ELK]$ chmod -R +x elasticsearch //授予该文件及遍历子文件夹可执行权限
修改配置文件
[elsearchuser@bigdata2 ELK]$vi /data/ELK/elasticsearch/conf/elasticsearch.yml
将network.host 改为本机地址或者0.0.0.0即可。
启动服务器
[elsearchuser@bigdata2 ELK]$/data/ELK/elasticsearch/bin/elasticsearch -d #-d 为后台运行
安装logstash
[root@bigdata2 ELK]# tar -zxvf logstash-5.5.1.tar.gz
[root@bigdata2 ELK]# mv logstash-5.5.1 logstash
[root@bigdata2 ELK]# cd logstash/bin
[root@bigdata2 ELK]# touchlogstash.sh
插入以下shell脚本内容:
#!/bin/sh
# -*- coding: utf-8 -*-
#
#
# Authors:huwj
# Purpose: control ./logstash.sh start|stop|force-stop|status|restart
#
#
# customer env
name=logstash
pidfile="/var/run/${name}.pid"
LS_HOME=/data/ELK/logstash
export PATH=/sbin:/usr/sbin:/bin:/usr/bin:${LS_HOME}/bin
# must use root
if [ `id -u` -ne 0 ]; then
echo "You need root privileges to run this script"
exit 1
fi
# optimizations
LS_HEAP_SIZE="1024m"
LS_OPEN_FILES=102400
# logstash comm
# LS_OPTS="--debug"
LS_OPTS="--quiet"
LS_LOG_DIR=${LS_HOME}/logs
LS_CONF_DIR="${LS_HOME}/etc/logstash.d"
[ ! -d ${LS_HOME} ] && mkdir -p ${LS_HOME}
[ ! -d ${LS_LOG_DIR} ] && mkdir -p ${LS_LOG_DIR}
[ ! -d ${LS_CONF_DIR} ] && mkdir -p ${LS_CONF_DIR}
program=${LS_HOME}/bin/${name}
args="-f ${LS_CONF_DIR} -l ${LS_LOG_DIR} ${LS_OPTS}"
start() {
LS_JAVA_OPTS="${LS_JAVA_OPTS} -Djava.io.tmpdir=${LS_HOME}"
HOME=${LS_HOME}
export PATH HOME LS_HEAP_SIZE LS_JAVA_OPTS LS_USE_GC_LOGGING
ulimit -n ${LS_OPEN_FILES}
# Run the program!
bash -c "
cd $LS_HOME
ulimit -n ${LS_OPEN_FILES}
exec \"$program\" $args
" 2> "${LS_LOG_DIR}/${name}-error.log" &>/dev/null &
echo $! > $pidfile
echo "${name} started."
return 0
}
stop() {
if status ; then
pid=`cat "$pidfile"`
echo "Killing ${name} (pid $pid) with SIGTERM"
kill -TERM $pid
for i in 1 2 3 4 5 ; do
echo "Waiting ${name} (pid $pid) to die..."
status || break
sleep 1
done
if status ; then
echo "${name} stop Failed; still running."
else
echo "${name} stopped."
fi
fi
}
status() {
if [ -f "$pidfile" ] ; then
pid=`cat "$pidfile"`
if kill -0 $pid > /dev/null 2> /dev/null ; then
return 0
else
return 2
fi
else
return 3
fi
}
force_stop() {
if status ; then
stop
status && kill -KILL `cat "$pidfile"`
fi
}
case "$1" in
start)
status
code=$?
if [ $code -eq 0 ]; then
echo "${name} is already running"
else
start
code=$?
fi
exit $code
;;
stop) stop ;;
force-stop) force_stop ;;
status)
status
code=$?
if [ $code -eq 0 ] ; then
echo "${name} is running"
else
echo "${name} is not running"
fi
exit $code
;;
restart)
stop && start
;;
*)
echo "Usage: ${SCRIPTNAME} {start|stop|force-stop|status|restart}" >&2
exit 3
;;
esac
exit $?
退出保存:wq
[root@bigdata2 ELK]# chmod +x logstash.sh //授予可执行权限
[root@bigdata2 ELK]# ./logstash.sh start //启动服务
安装kibana
[root@bigdata2 ELK]# tar -zxvf kibana-5.5.1.tar.gz
[root@bigdata2 ELK]# mv kibana-5.5.1 kibana
[root@bigdata2 ELK]# cd kibana/config
[root@bigdata2 kibana]# vi kibana.yml
修改以下配置
server.host 为0.0.0.0
elasticsearch.url: "http://192.168.40.249:9200" //本机可以直接填写localhost
[root@bigdata2 kibana]# cd ../bin
[root@bigdata2 bin]#nohup kibana & //后台运行
服务启动完成后,在浏览器中访问地址: http://192.168.40.249:5601
添加索引的正则,如上图,我的日志索引是lymtest,我就输入正则为 lymtest*,保存,添加成功
然后选择discover模块,就可以查询采集的日志信息
到此,ELK 5.5.1就完成了搭建。