安装环境:
操作系统:centos7.0
elasticsearch:5.5.1
kibana:5.5.1
logstash:5.5.1
JDK:jdk1.8.0_101
下载地址:https://www.elastic.co/downloads
JDK的安装此处就不做说明,自行百度。
首先文件下载存放至/data/ELK,目录看个人习惯存放。
文件列表:
elasticsearch-5.5.1.tar.gz
kibana-5.5.1-linux-x86_64.tar.gz
logstash-5.5.1.tar.gz
安装elasticsearch
创建elasticsearch组与用户及设置密码:
[root@bigdata2 bin]# groupadd elsearchgroup //创建elasticserch组[root@bigdata2 bin]# useradd -g elsearchgroup elsearchuser //创建elasticserch用户
[root@bigdata2 bin]# passwd elsearchuser //设置elasticserch用户的密码
Changing password for user elsearchuser.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
[root@bigdata2 ELK]# cd /data/ELK/
[root@bigdata2 ELK]# chown -R elsearchuser:elsearchgroup elasticsearch //将文件夹拥有者赋给elsearchuser
[root@bigdata2 ELK]# su elsearchuser //切换到elsearchuser用户
[elsearchuser@bigdata2 ELK]$ chmod -R +x elasticsearch //授予该文件及遍历子文件夹可执行权限
[elsearchuser@bigdata2 ELK]$vi /data/ELK/elasticsearch/conf/elasticsearch.yml
将network.host 改为本机地址或者0.0.0.0即可。
启动服务器
[elsearchuser@bigdata2 ELK]$/data/ELK/elasticsearch/bin/elasticsearch -d #-d 为后台运行
安装logstash
[root@bigdata2 ELK]# tar -zxvf logstash-5.5.1.tar.gz
[root@bigdata2 ELK]# mv logstash-5.5.1 logstash
[root@bigdata2 ELK]# cd logstash/bin
[root@bigdata2 ELK]# touchlogstash.sh
插入以下shell脚本内容:
#!/bin/sh # -*- coding: utf-8 -*- # # # Authors:huwj # Purpose: control ./logstash.sh start|stop|force-stop|status|restart # # # customer env name=logstash pidfile="/var/run/${name}.pid" LS_HOME=/data/ELK/logstash export PATH=/sbin:/usr/sbin:/bin:/usr/bin:${LS_HOME}/bin # must use root if [ `id -u` -ne 0 ]; then echo "You need root privileges to run this script" exit 1 fi # optimizations LS_HEAP_SIZE="1024m" LS_OPEN_FILES=102400 # logstash comm # LS_OPTS="--debug" LS_OPTS="--quiet" LS_LOG_DIR=${LS_HOME}/logs LS_CONF_DIR="${LS_HOME}/etc/logstash.d" [ ! -d ${LS_HOME} ] && mkdir -p ${LS_HOME} [ ! -d ${LS_LOG_DIR} ] && mkdir -p ${LS_LOG_DIR} [ ! -d ${LS_CONF_DIR} ] && mkdir -p ${LS_CONF_DIR} program=${LS_HOME}/bin/${name} args="-f ${LS_CONF_DIR} -l ${LS_LOG_DIR} ${LS_OPTS}" start() { LS_JAVA_OPTS="${LS_JAVA_OPTS} -Djava.io.tmpdir=${LS_HOME}" HOME=${LS_HOME} export PATH HOME LS_HEAP_SIZE LS_JAVA_OPTS LS_USE_GC_LOGGING ulimit -n ${LS_OPEN_FILES} # Run the program! bash -c " cd $LS_HOME ulimit -n ${LS_OPEN_FILES} exec \"$program\" $args " 2> "${LS_LOG_DIR}/${name}-error.log" &>/dev/null & echo $! > $pidfile echo "${name} started." return 0 } stop() { if status ; then pid=`cat "$pidfile"` echo "Killing ${name} (pid $pid) with SIGTERM" kill -TERM $pid for i in 1 2 3 4 5 ; do echo "Waiting ${name} (pid $pid) to die..." status || break sleep 1 done if status ; then echo "${name} stop Failed; still running." else echo "${name} stopped." fi fi } status() { if [ -f "$pidfile" ] ; then pid=`cat "$pidfile"` if kill -0 $pid > /dev/null 2> /dev/null ; then return 0 else return 2 fi else return 3 fi } force_stop() { if status ; then stop status && kill -KILL `cat "$pidfile"` fi } case "$1" in start) status code=$? if [ $code -eq 0 ]; then echo "${name} is already running" else start code=$? fi exit $code ;; stop) stop ;; force-stop) force_stop ;; status) status code=$? if [ $code -eq 0 ] ; then echo "${name} is running" else echo "${name} is not running" fi exit $code ;; restart) stop && start ;; *) echo "Usage: ${SCRIPTNAME} {start|stop|force-stop|status|restart}" >&2 exit 3 ;; esac exit $?
退出保存:wq
[root@bigdata2 ELK]# chmod +x logstash.sh //授予可执行权限
[root@bigdata2 ELK]# ./logstash.sh start //启动服务
安装kibana
[root@bigdata2 ELK]# tar -zxvf kibana-5.5.1.tar.gz
[root@bigdata2 ELK]# mv kibana-5.5.1 kibana
[root@bigdata2 ELK]# cd kibana/config
[root@bigdata2 kibana]# vi kibana.yml
修改以下配置
server.host 为0.0.0.0
elasticsearch.url: "http://192.168.40.249:9200" //本机可以直接填写localhost
[root@bigdata2 kibana]# cd ../bin
[root@bigdata2 bin]#nohup kibana & //后台运行
服务启动完成后,在浏览器中访问地址: http://192.168.40.249:5601
添加索引的正则,如上图,我的日志索引是lymtest,我就输入正则为 lymtest*,保存,添加成功
然后选择Discover模块,就可以查询采集的日志信息
到此,ELK 5.5.1就完成了搭建。