ELK 环境部署
基础环境
系统: Centos7.3
防火墙, selinux: 关闭
机器环境: 至少两台
- 192.168.1.182 elk-node1
- 192.168.1.183 elk-node2
Master-slave 模式
机器环境: jdk1.8+,nginx 或 apache
下载并安装 GPG Key
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
添加 yum 仓库
- vi /etc/yum.repos.d/Elasticsearch.repo
- [Elasticsearch-2.x]
- name=Elasticsearch repository for 2.x packages
- baseurl=
- gpgcheck=1
- gpgkey= http://packages.elastic.co/GPG-KEY-elasticsearch
- enabled=1
安装 Elasticsearch
yum install -y Elasticsearch
配置部署 (先进行 elk-node1 的配置)
1) 配置修改配置文件
- [root@elk-node1 ~]# mkdir -p /data/es-data
- [root@elk-node1 ~]# vi /etc/Elasticsearch/Elasticsearch.YAML // 将里面内容清空, 配置下面内容
- cluster.name: ceshi # 组名 (同一个组, 组名必须一致)
- node.name: elk-node1 # 节点名称, 建议和主机名一致
- path.data: /data/es-data # 数据存放的路径
- path.logs: /var/log/Elasticsearch/ # 日志存放的路径
- Bootstrap.mlockall: true # 锁住内存, 不被使用到交换分区去
- network.host: 0.0.0.0 # 网络设置
- http.port: 9200 # 端口
2) 启动并查看
- [root@elk-node1 ~]# chown -R Elasticsearch.Elasticsearch /data/
- [root@elk-node1 ~]# systemctl start Elasticsearch
- [root@elk-node1 ~]# systemctl status Elasticsearch
- CGroup: /system.slice/Elasticsearch.service
└─3005 /bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSI...
注意: 上面可以看出 Elasticsearch 设置的内存最小 256m, 最大 1g
- [root@Linux-node1 src]# netstat -antlp |egrep "9200|9300"
- tcp6 0 0 :::9200 ::: LISTEN 3005/java
- tcp6 0 0 :::9300 ::: LISTEN 3005/java
然后通过 web 访问 (访问的浏览器最好用 google 浏览器)
http://192.168.1.182:9200/
4) 接下来安装插件, 使用插件进行查看~ (下面两个插件要在 elk-node1 和 elk-node2 上都要安装)
4.1) 安装 head 插件
a) 插件安装方法一
[root@elk-node1 src]# /usr/share/Elasticsearch/bin/plugin install mobz/Elasticsearch-head
b) 插件安装方法二
首先下载 head 插件, 下载到 / usr/loca/src 目录下
下载地址: https://github.com/mobz/elasticsearch-head
- [root@elk-node1 src]# unzip Elasticsearch-head-master.zip
- [root@elk-node1 src]# ls
- Elasticsearch-head-master Elasticsearch-head-master.zip
在 / usr/share/Elasticsearch/plugins 目录下创建 head 目录
然后将上面下载的 Elasticsearch-head-master.zip 解压后的文件都移到 / usr/share/Elasticsearch/plugins/head 下
接着重启 Elasticsearch 服务即可!
- [root@elk-node1 plugins]# mkdir head
- [root@elk-node1 plugins]# ls
- head
- [root@elk-node1 head]# pwd
- /usr/share/Elasticsearch/plugins/head
- [root@elk-node1 head]# chown -R Elasticsearch:Elasticsearch /usr/share/Elasticsearch/plugins
- [root@elk-node1 head]# ll
- total 40
- -rw-r--r--. 1 Elasticsearch Elasticsearch 104 Sep 28 01:57 Elasticsearch-head.Sublime-project
- -rw-r--r--. 1 Elasticsearch Elasticsearch 2171 Sep 28 01:57 Gruntfile.JS
- -rw-r--r--. 1 Elasticsearch Elasticsearch 3482 Sep 28 01:57 grunt_fileSets.JS
- -rw-r--r--. 1 Elasticsearch Elasticsearch 1085 Sep 28 01:57 index.html
- -rw-r--r--. 1 Elasticsearch Elasticsearch 559 Sep 28 01:57 LICENCE
- -rw-r--r--. 1 Elasticsearch Elasticsearch 795 Sep 28 01:57 package.JSON
- -rw-r--r--. 1 Elasticsearch Elasticsearch 100 Sep 28 01:57 plugin-descriptor.properties
- -rw-r--r--. 1 Elasticsearch Elasticsearch 5211 Sep 28 01:57 README.textile
- drwxr-xr-x. 5 Elasticsearch Elasticsearch 4096 Sep 28 01:57 _site
- drwxr-xr-x. 4 Elasticsearch Elasticsearch 29 Sep 28 01:57 src
- drwxr-xr-x. 4 Elasticsearch Elasticsearch 66 Sep 28 01:57 test
- [root@elk-node1 _site]# systemctl restart Elasticsearch
插件访问 (最好提前将 elk-node2 节点的配置和插件都安装后, 再来进行访问和数据插入测试)
http://192.168.1.182:9200/_plugin/head/
下面进行节点 elk-node2 的配置 (如上的两个插件也在 elk-node2 上同样安装)
注释: 其实两个的安装配置基本上是一样的.
- [root@elk-node2 src]# mkdir -p /data/es-data
- [root@elk-node2 ~]# cat /etc/Elasticsearch/Elasticsearch.YAML
- cluster.name: ceshi
- node.name: elk-node2
- path.data: /data/es-data
- path.logs: /var/log/Elasticsearch/
- Bootstrap.mlockall: true
- network.host: 0.0.0.0
- http.port: 9200
- discovery.zen.ping.multicast.enabled: false
- discovery.zen.ping.unicast.hosts: ["192.168.1.182", "192.168.1.183"]
- [root@elk-node2 src]# systemctl start Elasticsearch
- [root@elk-node2 src]# systemctl status Elasticsearch
- Loaded: loaded (/usr/lib/systemd/system/Elasticsearch.service; enabled; vendor preset: disabled)
- Active: active (running) since Wed 2018-08-28 16:49:41 CST; 1 weeks 3 days ago
- Docs: http://www.elastic.co/
- Process: 17798 ExecStartPre=/usr/share/Elasticsearch/bin/Elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
- Main PID: 17800 (java)
- CGroup: /system.slice/Elasticsearch.service
- 09 13:42:22 elk-node2 Elasticsearch[17800]: [2016-10-09 13:42:22,295][WARN ][transport ] [elk-node2] Transport res...943817]
- 09 13:42:23 elk-node2 Elasticsearch[17800]: [2016-10-09 13:42:23,111][WARN ][transport ] [elk-node2] Transport res...943846]
- ................
- ................
- [root@elk-node2 src]# netstat -antlp|egrep "9200|9300"
- tcp6 0 0 :::9200 ::: LISTEN 2928/java
- tcp6 0 0 :::9300 ::: LISTEN 2928/java
- tcp6 0 0 127.0.0.1:48200 127.0.0.1:9300 TIME_WAIT -
- tcp6 0 0 ::1:41892 ::1:9300 TIME_WAIT -
- [root@hadoop-node1 ~]# vi /etc/yum.repos.d/logstash.repo
- [logstash-2.1]
- name=Logstash repository for 2.1.x packages
- baseurl= http://packages.elastic.co/logstash/2.1/centos
- gpgcheck=1
- gpgkey= http://packages.elastic.co/GPG-KEY-elasticsearch
- enabled=1
- [root@elk-node1 ~]# systemctl start logstash
- [root@elk-node1 ~]# systemctl status logstash
- Docs: man:systemd-sysv-generator(8)
- Process: 1699 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)
- [root@elk-node1 ~]# /opt/logstash/bin/logstash -e 'input { stdin{} } output { stdout{} }'
- Settings: Default filter workers: 1
- Logstash startup completed
- hello #输入这个
- 2018-08-28T04:41:07.690Z elk-node1 hello #输出这个
- lihongwu #输入这个
- 2018-08-28T04:41:10.608Z elk-node1 lihongwu #输出这个
- [root@elk-node1 ~]# vi /etc/logstash/conf.d/01-logstash.conf
- input {
- stdin {
- }
- }
- output {
- Elasticsearch {
- hosts => ["192.168.1.182:9200"]
- }
- stdout {
- codec => rubydebug
- }
- }
- [root@elk-node1 ~]# /opt/logstash/bin/logstash -f /etc/logstash/conf.d/01-logstash.conf
- Settings: Default filter workers: 1
- Logstash startup completed
- beijing #输入内容
- {
- #输出下面信息
- "message" => "beijing",
- "@version" => "1",
- "@timestamp" => "2018-08-28T04:41:48.401Z",
- "host" => "elk-node1"
- }
- [root@elk-node1 ~]# cd /usr/local/src
- [root@elk-node1 src]# wget
- [root@elk-node1 src]# tar zxf kibana-4.3.1-Linux-x64.tar.gz
- [root@elk-node1 src]# mv kibana-4.3.1-Linux-x64 /usr/local/
- [root@elk-node1 src]# ln -s /usr/local/kibana-4.3.1-Linux-x64/ /usr/local/kibana
- [root@elk-node1 config]# pwd
- /usr/local/kibana/config
- [root@elk-node1 config]# cp kibana.YAML kibana.YAML.bak
- [root@elk-node1 config]# vi kibana.YAML
- server.port: 5601
- server.host: "0.0.0.0"
- Elasticsearch.url: "http://192.168.1.182:9200/"
- kibana.index: ".kibana"
- [root@elk-node1 ~]# yum -y install screen
- [root@elk-node1 ~]# screen #这样就另开启了一个终端窗口
- [root@elk-node1 ~]# /usr/local/kibana/bin/kibana
- log [17:23:19.867] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
- log [17:23:19.911] [info][status][plugin:Elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
- log [17:23:19.941] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
- log [17:23:19.953] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
- log [17:23:19.963] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
- log [17:23:19.995] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
- log [17:23:20.004] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
- log [17:23:20.010] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
- [root@elk-node1 ~]# screen -ls
- There is a screen on:
- 15041.pts-0.elk-node1 (Detached)
- 1 Socket in /var/run/screen/S-root.
- [root@tivf18 root]# screen -ls
- There are screens on:
- 8736.pts-1.tivf18 (Detached)
- 8462.pts-0.tivf18 (Detached)
- 2 Sockets in /root/.screen.
- [root@tivf18 root]# screen -r 8736
来源: http://www.bubuko.com/infodetail-2916058.html