i1zhuxian 发表于 2016-3-14 16:54:56

ELK 集群搭建

1.安装JDK (所有机器)


# rpm -ivh jdk-7u80-linux-x64.rpm


2.安装logstash (所有机器)
# yum localinstall logstash-2.2.2-1.noarch.rpm -y


默认安装目录: /opt/logstash
简单测试:
# /opt/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'

Settings: Default pipeline workers: 1
Logstash startup completed
test
2016-03-14T02:29:16.424Z adh1 test
hello logstash!
2016-03-14T02:29:37.614Z adh1 hello logstash!


3.安装Elasticsearch(所有机器)

# yum localinstall elasticsearch-2.2.0.rpm-y


默认安装目录:/usr/share/elasticsearch
配置elasticsearch
# cat /etc/elasticsearch/elasticsearch.yml| grep -v ^#

cluster.name: my-application
node.name: adh3                                           #注意修改对应的主机名
path.data: /var/edata
network.host: 0.0.0.0


#mkdir /var/edata
#chown elasticsearch. /var/edata -R

启动:
# service elasticsearch start


安装kopf插件
# /usr/share/elasticsearch/bin/plugininstall lmenezes/elasticsearch-kopf
查看安装的插件
# /usr/share/elasticsearch/bin/pluginlist
Installed plugins in /usr/share/elasticsearch/plugins:
    - kopf


4.安装kibana# tar -zxvf kibana-4.4.2-linux-x64.tar.gz-C /opt/


配置logstash
# vim /etc/logstash/conf.d/test.conf
input {
file {
    type => "messages"
    path => "/var/log/messages"
}
}
output {
elasticsearch {
    hosts => [ "adh1:9200","adh2:9200","adh3:9200" ]
    index => "logstash-%{type}-%{+YYYY.MM.dd}"
    #document_type => "%{type}"
}
}



给日志文件加上读的权限
# chmod +r /var/log/messages

# chmod +r /var/log/secure



检查配置
# /opt/logstash/bin/logstash -t -f /etc/logstash/conf.d/test.conf
Configuration OK


启动logstash
# service logstash start


启动kibana
# nohup /opt/kibana-4.4.2-linux-x64/bin/kibana &

访问web http://IP:5601
额,访问页面无法创建index pattern
禁用掉IPV6 重启elasticsearch。#每台机器都要做的。
禁用IPV6
#vim /etc/sysctl.conf   #在最后添加如下2行
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

重新读取
#sysctl -p
重启elasticsearch
# service elasticsearch restart

刷新下web页面。OK,可以正常使用了。












DTitRAGmNt 发表于 2016-3-14 18:35:55

不错。
页: [1]
查看完整版本: ELK 集群搭建