ELK 集群搭建
1.安装JDK (所有机器)# rpm -ivh jdk-7u80-linux-x64.rpm
2.安装logstash (所有机器)
# yum localinstall logstash-2.2.2-1.noarch.rpm -y
默认安装目录: /opt/logstash
简单测试:
# /opt/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'
Settings: Default pipeline workers: 1
Logstash startup completed
test
2016-03-14T02:29:16.424Z adh1 test
hello logstash!
2016-03-14T02:29:37.614Z adh1 hello logstash!
3.安装Elasticsearch(所有机器)
# yum localinstall elasticsearch-2.2.0.rpm-y
默认安装目录:/usr/share/elasticsearch
配置elasticsearch
# cat /etc/elasticsearch/elasticsearch.yml| grep -v ^#
cluster.name: my-application
node.name: adh3 #注意修改对应的主机名
path.data: /var/edata
network.host: 0.0.0.0
#mkdir /var/edata
#chown elasticsearch. /var/edata -R
启动:
# service elasticsearch start
安装kopf插件
# /usr/share/elasticsearch/bin/plugininstall lmenezes/elasticsearch-kopf
查看安装的插件
# /usr/share/elasticsearch/bin/pluginlist
Installed plugins in /usr/share/elasticsearch/plugins:
- kopf
4.安装kibana# tar -zxvf kibana-4.4.2-linux-x64.tar.gz-C /opt/
配置logstash
# vim /etc/logstash/conf.d/test.conf
input {
file {
type => "messages"
path => "/var/log/messages"
}
}
output {
elasticsearch {
hosts => [ "adh1:9200","adh2:9200","adh3:9200" ]
index => "logstash-%{type}-%{+YYYY.MM.dd}"
#document_type => "%{type}"
}
}
给日志文件加上读的权限
# chmod +r /var/log/messages
# chmod +r /var/log/secure
检查配置
# /opt/logstash/bin/logstash -t -f /etc/logstash/conf.d/test.conf
Configuration OK
启动logstash
# service logstash start
启动kibana
# nohup /opt/kibana-4.4.2-linux-x64/bin/kibana &
访问web http://IP:5601
额,访问页面无法创建index pattern
禁用掉IPV6 重启elasticsearch。#每台机器都要做的。
禁用IPV6
#vim /etc/sysctl.conf #在最后添加如下2行
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
重新读取
#sysctl -p
重启elasticsearch
# service elasticsearch restart
刷新下web页面。OK,可以正常使用了。
不错。
页:
[1]