ELK日志分析平台搭建----ELASTICSEARCH
介绍:ELK由ElasticSearch、Logstash和Kiabana三个开源工具组成
1、Elasticsearch是一个开源分布式的搜索引擎,特点是:分布式、零配置、自动发现、索引自动分片、索引副本机制、restful风格接口,多数据源,自动搜索负载等。
2、Logstash是一个完全开源的工具,它可以对你的日志进行收集、过滤,并将其存储供以后使用(比如:搜索)
3、Kibana也是一个开源免费的工具,它可以为Logstash和ElasticSearch提供的日志分析友好的WEB界面,可以帮助汇总、分析和搜索重要的数据日志
原理:
Logstash收集过滤到日志之后存放在Elasticsearch集群中,然后Elasticsearch将获取的日志提供给Kibana在前端页面进行展示
一、下载所需要的安装包
2.wget https://download.elastic.co/logstash/logstash/logstash-2.2.0.tar.gz
3.wget https://download.elastic.co/kibana/kibana/kibana-4.4.0-linux-x64.tar.gz
4.wget -O jdk-8u77-linux-x64.rpm "http://dl.download.csdn.net/down11/20160330/abf9ea0cb9d3c350f0de43fe41a80782.rpm?response-content-disposition=attachment%3Bfilename%3D%22jdk-8u77-linux-x64.rpm%22&OSSAccessKeyId=9q6nvzoJGowBj4q1&Expires=1499158963&Signature=APx%2BymivcfG2F19nYGx6WOO%2Bl5k%3D"
5.yum -y install git
ELK平台搭建
环境描述:
System:centos 6.5 64位
Elasticsearc:2.2.0
Logstash:2.2.0
Kibana:4.4.0
Jdk:1.8.0_77
一、Elasticsearch的安装搭建,并测试访问
1、jdk安装
安装方式:rpm安装
[[email protected] package]# rpm -ivh jdk-8u77-linux-x64.rpm
Preparing... ########################################### [100%]
1:jdk1.8.0_77 ########################################### [100%]
Unpacking JAR files...
tools.jar...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
jfxrt.jar...
[[email protected] package]# java -version
java version "1.8.0_77"
Java(TM) SE Runtime Environment (build 1.8.0_77-b03)
Java HotSpot(TM) 64-Bit Server VM (build 25.77-b03, mixed mode)
[[email protected] package]#
2、Elasticsearch安装
(1)解压安装包
[[email protected] package]# tar -xvzf elasticsearch-2.2.0.tar.gz
[[email protected] package]# cd elasticsearch-2.2.0
(2)安装HEAD插件
[[email protected] elasticsearch-2.2.0]# ./bin/plugin install mobz/elasticsearch-head
-> Installing mobz/elasticsearch-head...
Plugins directory [/package/elasticsearch-2.2.0/plugins] does not exist. Creating...
Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ...
Downloading .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed head into /package/elasticsearch-2.2.0/plugins/head
[[email protected] elasticsearch-2.2.0]#
(3)优化目录
[[email protected] elasticsearch-2.2.0]# cd ..
[[email protected] package]# pwd
/package
[[email protected] package]# mv elasticsearch-2.2.0 elastics
[[email protected] package]# mv elastics /usr/local/
(4)编辑ES配置文件
[[email protected] package]#cd /usr/local/elastics/config/
[[email protected] config]# vim elasticsearch.yml
修改以下配置:
cluster.name=my-elk #es集群名称可自定义
node.name=node-1 #节点名,默认随机指定一个name列表中名字,该列表在es的jar包中config文件夹里name.txt
path.data: /usr/local/elastics/data/ #设置索引数据的存储路径
path.logs: /usr/local/elastics/logs/ #设置日志文件的存储路径
network.host=192.168.179.129 #本地机器的ip地址
network.port=9200 #设置对外服务的http端口,默认为9200
配置修改完毕保存退出即可
(5)创建目录并赋予权限
[[email protected] local]# mkdir /usr/local/elastics/data
[[email protected] local]# mkdir /usr/local/elastics/logs
[[email protected] local]# cd /usr/local/elastics/
[[email protected] elastics]# chmod -R 777 data/
[[email protected] elastics]# chmod -R 777 logs/
(6)创建启动Elasticsearch的普通用户
创建组:
[[email protected] config]# groupadd zc-elk
创建普通用户并将用户加入到组:
[[email protected] config]# useradd -g zc-elk zc-elk
修改Elasticsearch的目录属主属组:
[[email protected] local]# chown -R zc-elk.zc-elk elastics/
(7)切换到普通用户zc-elk启动Elasticsearch
[[email protected] ~]# su - zc-elk
[[email protected] ~]$ cd /usr/local/elastics/
[[email protected] elastics]$ ./bin/elasticsearch -d(-d选项是后台运行)
(8)查看9200端口是否正常监听
9200端口为接受HTTP请求的端口
9300是与其他节点的传输端口
(9)访问测试
正确的返回是:
在访问测试时有的浏览器会直接显示以下下载页面
该页面下载下来里面的内容和我在谷歌浏览器访问到的内容是一样的,没有问题,返回展示了配置的cluster_name和name,以及安装的ES的版本等信息。
(10)HEAD访问测试
刚刚安装的head插件,它是一个用浏览器跟ES集群交互的插件,可以查看集群状态、集群的doc内容、执行搜索和普通的Rest请求等。现在也可以使用它打开localhost:9200/_plugin/head页面来查看ES集群状态:
(11)安装elasticsearch的web管理工具
[[email protected] bin]# cd /usr/local/elastics/bin/
[[email protected] bin]#./plugin install lmenezes/elasticsearch-kopf
浏览器测试访问
http://192.168.179.128:9200/_plugin/kopf
