elasticsearch+logstash+kibana收集日志

225025

　　1. 部署环境

　　CentOS 5.4
　　关闭selinux和iptables
　　

　　

　　2. 部署elasticsearch
yum install java-1.6.0-openjdk
wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.1.noarch.rpm
rpm -ivh elasticsearch-1.4.1.noarch.rpm
#编辑配置..
node.name: "xd-174"
node.master: true
node.data: true
index.number_of_shards: 10
index.number_of_replicas: 0
path.data: /data1/elasticsearch,/data2/elasticsearch
network.host:  8.8.8.8                                       #配置本地要监听的地址
transport.tcp.port: 9300
transport.tcp.compress: true
http.port: 9200
http.max_content_length: 100mb
http.enabled: true
http.cors.enabled: true


  mkdir /data{1,2}/elasticsearch -p
  chown elasticsearch.elasticsearch data{1,2}/elasticsearch -p
/chkconfig --add elasticsearch
  service elasticsearch start　　

　　

　　3. 状态查看和插件安装
集群状态: http://localhost:9200/_cluster/health
节点状态: http://localhost:9200/_nodes
日志查看: tail -f /var/log/elasticsearch/.log　　

　　插件安装
# 1. head
/usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head
#通过访问: http://ip:9200/_plugin/head/ 查看集群状态信息
#2. bigdesk
/usr/share/elasticsearch/bin/plugin -install lukas-vlcek/bigdesk
#通过访问: http://ip:9200/_plugin/bigdesk/#nodes  查看集群监控信息　　

　　

　　4. Logstash部署
wget https://download.elasticsearch.org/logstash/logstash/packages/centos/logstash-1.4.2-1_2c0f5a1.noarch.rpm
rpm -ivh logstash-1.4.2-1_2c0f5a1.noarch.rpm

cat >>/etc/logstash/conf.d/syslog.conf  "172.16.20.174"
    port => "514"
  }
}
output {
  elasticsearch {
    host => "127.0.0.1"
  }
  stdout {
    codec => rubydebug
  }
}
EOF　　

　　

　　5. Kibana部署
yum install http php
wget https://download.elasticsearch.org/kibana/kibana/kibana-3.1.2.tar.gz
mv kibana-3.1.2 /var/www/html/kibana
service httpd start
chkconfig httpd on