軟件包軟件包下載:
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.1.tar.gz
https://artifacts.elastic.co/downloads/kibana/kibana-5.4.1-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/logstash/logstash-5.4.1.tar.gz
https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.4.1-linux-x86_64.tar.gz
1.準備工作:
yum install -y java-1.8.0-openjdk
hostnamectl set-hostname elk #修改主機名
systemctl stop firewalld #關閉firewalld
setenforce 0
tar zxvf elasticsearch-5.4.1.tar.gz && tar zxvf logstash-5.4.1.tar.gz && tar zxvf kibana-5.4.1-linux-x86_64.tar.gz
mv logstash-5.4.1 /usr/local/logstash
mv elasticsearch-5.4.1 /usr/local/elasticsearch
mv kibana-5.4.1-linux-x86_64 /usr/local/kibana
2.安裝logstash
解壓後是沒有logstash的配置文件的,需要手動創建一個,上面截圖的log.conf就是我手動創建的,爲了測試,只是配置了簡單的標準輸入和標準輸出,內容如下:
input {
stdin { }
}
output {
stdout {
codec => rubydebug {}
}
}
嘗試啓動logstash並驗證是否配置成功,在logstash的解壓目錄下執行命令: ./bin/logstash -f config/log.conf,出現如下截圖表明配置成功,從啓動信息中也能看出日誌路徑,端口等信息
在交互裏隨便輸入測試hello log,看看輸出吧
3.安裝elasticsearch
yum install -y java-1.8.0-openjdk
hostnamectl set-hostname elk #修改主機名
systemctl stop firewalld #關閉firewalld
setenforce 0
編輯elasticsearch.yml
mkdir -p /usr/local/elasticsearch/data /usr/local/elasticsearch/logs
useradd elasticsearch
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch
echo "vm.max_map_count = 655360" >>/etc/sysctl.conf && sysctl -p
編輯/etc/security/limits.conf文件,新增以下內容
* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536
elasticsearch不可用root用戶啓動,切換到elasticsearch用戶運行:
su - elasticsearch
cd /usr/local/elasticsearch
bin/elasticsearch &
查看端口監聽信息:
在瀏覽器中查看:
完成logstash和elasticsearch的安裝後,就該開始集成他們倆了,回到logstash的配置文件log.conf,修改配置如下:輸入還是標準輸入,輸出增添一個elasticsearch,hosts配置elasticsearch的地址和端口:
input {
stdin { }
}
output {
elasticsearch {
hosts => "192.168.56.100:9200"
index => "logstash-test"
}
stdout {
codec => rubydebug {}
}
}
在啓動logstash過程中檢查並連接output端elasticsearch,輸入測試字符串後,訪問elasticsearch的api:http://192.168.56.100:9200/logstash-test/_search(logstash-test是logstash.conf中配置的索引index),可以看到如下:剛纔輸入的I hello 222已經在elasticsearch中可以查看到了
4.安裝kibana
cd /usr/local/kibana/config
vi /usr/local/kibana/config/kibana.yml
進入kibana的解壓目錄的config目錄下,編輯kibana.yml,server.port:5601放開,server.host修改爲kibana的安裝服務器,配置elasticsearch的路徑端口
啓動:/bin/kibana &
再在logstash的交互中輸入:Hello kaka,you are the chen
網頁可以看見:
5.接下來安裝redis:
我需要的是centos 64位,我直接找到源後wget下載到當前目錄:wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
然後進行安裝:rpm -ivh epel-release-6-8.noarch.rpm
第三、安裝redisyum install redis
在配置文件中配置:vi /etc/redis.conf
#bind 127.0.0.1 不要bind迴環地址,不bind或bind局域網IP地址
port 6379
daemonize yes
protected-mode no
pidfile /var/run/redis_6379.pid
logfile /var/log/redis/redis.log
dbfilename dump.rdb
dir /var/lib/redis/
啓動redis-serverredis-server /etc/redis.conf
redis和ELK還沒有對接成功,後面待更新!!!!!!!