介紹:ELK套件(ELK stack)是指ElasticSearch、Logstash和Kibana三件套。這三個軟件可以組成一套日誌分析和監控工具。Logstash:負責在客戶端收集日誌信息
ElasticSearch(es):負責將logstash 收集的信息整理存儲並建立索引es會建立索引並且把日誌信息存放在索引中es多節點:可做集羣,會進行選舉,會選出一個主節點Kibana:是一個web界面,便於日誌分析
本文把ELK套件部署在一臺CentOS單機上。
具體的版本要求如下:
操作系統版本:CentOS 6.4;
JDK版本:1.8.0;
Logstash版本:1.4.2;
ElasticSearch版本:1.4.2;
Kibana版本:4.1.2;
爲了正常使用HTTP服務等,需要關閉防火牆:
# service iptables stop
一、安裝ElasticSearch (簡稱es):
1、ElasticSearch和Logstash依賴於JDK,所以需要安裝JDK:
# yum -y install java-1.8.0-openjdk*
# java -version
2、ElasticSearch默認的對外服務的HTTP端口是9200,節點間交互的TCP端口是9300。
下載ElasticSearch:
# mkdir -p /soft
# sudo wget https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.6.0.tar.gz
# sudo tar zxvf elasticsearch-1.6.0.tar.gz -C /usr/local/
# ln -s /usr/local/elasticsearch-1.6.0 /usr/local/elasticsearch
3、啓動ElasticSearch服務:
# /usr/local/elasticsearch/bin/elasticsearch -d
# 啓動後等會才能看到端口
netstat -nptul #查看端口 9200 和 9300
4、測試ElasticSearch服務是否正常,預期返回200的狀態碼:
# curl -X GET http://10.0.0.51:9200
{
"status" : 200,
"name" : "Immortus",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "1.6.0",
"build_hash" : "cdd3ac4dde4f69524ec0a14de3828cb95bbb86d0",
"build_timestamp" : "2015-06-09T13:36:34Z",
"build_snapshot" : false,
"lucene_version" : "4.10.4"
},
"tagline" : "You Know, for Search"
5、安裝es插件
Elasticsearch-kopf插件可以查詢Elasticsearch中的數據
elasticsearch-marvel插件
elasticsearch-head插件可以查詢Elasticsearch中的數據和 kopf差不多
# /usr/local/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
# /usr/local/elasticsearch/bin/plugin -i elasticsearch/marvel/latest
# /usr/local/elasticsearch/bin/plugin -i mobz/elasticsearch-head
6、訪問插件http://10.0.0.51:9200/_plugin/marvel
http://10.0.0.51:9200/_plugin/head/
http://10.0.0.51:9200/_plugin/kopf
# wget https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz # tar zxvf logstash-1.4.2.tar.gz -C /usr/local/ # ln -s /usr/local/logstash-1.4.2 /usr/local/logstash |
2、簡單測試Logstash服務是否正常,預期可以將輸入內容以簡單的日誌形式打印在界面上:
# /usr/local/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'
this is a test #如入測試內容(等待一會)
2016-05-23T23:31:14.525+0000 0.0.0.0 this is a test #看到輸出測試內容
3、創建Logstash配置文件,並再次測試Logstash服務是否正常,預期可以將輸入內容以結構化的日誌形式打印在界面上:
# mkdir -p /usr/local/logstash/etc
# vim /usr/local/logstash/etc/hello_search.conf
input {
stdin {
type => "human"
}
file {
type => "messages"
path => ["/var/log/messages"]
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
host => "10.0.0.51" #指定es服務器所在ip
port => 9300
}
}
啓動logstash:
# /usr/local/logstash/bin/logstash -f /usr/local/logstash/etc/hello_search.conf
test #輸入內容(等一會)
{
"message" => "test", #輸出內容
"@version" => "1",
"@timestamp" => "2016-05-23T23:41:17.098Z",
"type" => "human",
"host" => "0.0.0.0"
三、安裝Kibana1、解壓kibana
# wget https://download.elastic.co/kibana/kibana/kibana-4.1.2-linux-x64.tar.gz # tar zxvf kibana-4.1.2-linux-x64.tar.gz -C /usr/local/ # ln -s /usr/local/kibana-4.1.2-linux-x64 /usr/local/kibana |
2、修改kibana配置文件
# vi /usr/local/kibana/config/kibana.yml elasticsearch_url: "http://10.0.0.51:9200" 填寫用於訪問本機的ip |
3、啓動kibana
# nohup /usr/local/kibana/bin/kibana & # 查看端口 5601: # netstat -npult|grep java |
4、訪問kibana: http://10.0.0.51:5601