Home > php教程 > php手册 > ELK Stack最新版本测试一安装篇

ELK Stack最新版本测试一安装篇

WBOY
Release: 2016-06-13 08:49:40
Original
1146 people have browsed it

ELK Stack最新版本测试一安装篇

咱们废话少说,直接切入正题
先看版本
filebeat1.0.0-rc2 logstash2.0.0-1 elasticsearch2.0.0 kibana4.2

那么多内容可以简单归结如下:
名词解释

Elasticsearch 存储索引
Kibana UI
Kibana dashboard 可视化思维图
Logstash Input Beats plugin 收集事件
Elasticsearch output plugin 发送事务
Filebeat 日志数据托运人shipper
Topbeat 轻量级服务器监控
Packetbeat 在线网络数据包分析




架构




一,客户端安装


filebeat架构




https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-installation


nginx日志客户端安装filebeat


安装filebeat
curl -L -O https://download.elastic.co/beats/filebeat/filebeat-1.0.0-rc2-x86_64.rpm
rpm-vi filebeat-1.0.0-rc2-x86_64.rpm
配置filebeat
/etc/filebeat/filebeat.yml


Filebeat configuration:
filebeat:
prospectors:
-
paths:
- "/var/log/*.log"
fields:
type: syslog
output:
elasticsearch:
enabled: true
hosts: ["http://localhost:5043"]


启动filebeat


[root@backup01 filebeat]# curl -XPUT 'http://192.168.0.58:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json
{
"acknowledged" : true
}




topbeat
https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-getting-started.html


curl -L -O https://download.elastic.co/beats/topbeat/topbeat-1.0.0-rc2-x86_64.rpm
rpm -vih topbeat-1.0.0-rc2-x86_64.rpm


packetbeat
https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-getting-started.html
yum install libpcap
curl -L -O https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-rc2-x86_64.rpm
rpm -vi packetbeat-1.0.0-rc2-x86_64.rpm




二,服务器端安装


安装elk
https://www.elastic.co/guide/en/beats/libbeat/1.0.0-rc2/getting-started.html#logstash-setup


既可以分析日志,又可以监控服务器状态,还可以分析http协议等网络数据包。


elasticearch安装


yum install java-1.7.0-openjdk
curl -L -O https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-2.0.0.rpm
rpm -ivh elasticsearch-2.0.0.rpm


配置启动
cat /etc/elasticsearch/elasticsearch.yml |grep -Ev "^$|^#"
path.data: /data
path.logs: /data/elklogs
network.host: 192.168.0.58


chmod elasticsearch:elasticsearch /data/elasticsearch/ -R
chmod elasticsearch:elasticsearch /data/elklogs/ -R


service elasticsearch start




测试elasticearch
[root@localhost ~]# curl http://127.0.0.1:9200
{
"name" : "Redwing",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.0.0",
"build_hash" : "de54438d6af8f9340d50c5c786151783ce7d6be5",
"build_timestamp" : "2015-10-22T08:09:48Z",
"build_snapshot" : false,
"lucene_version" : "5.2.1"
},
"tagline" : "You Know, for Search"
}




logstash安装(102.131)


curl -L -O https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.0.0-1.noarch.rpm
rpm -ivh logstash-2.0.0-1.noarch.rpm




logstash配置
cat nginxconf.json
input {
beats {
port => 5044
}
}


output {
elasticsearch {
hosts => "192.168.0.58:9200"
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}




kibana安装


curl -L -O https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz
tar xzvf kibana-4.2.0-linux-x64.tar.gz
cd kibana-4.2.0-linux-x64/
./bin/kibana


先修改kibana.yml 可设置端口号,elaticsearch
mv kibana-4.2.0-linux-x64 /var/kibana
nohup /var/kibana/bin/kibana -e http://192.168.0.58:9200 &


log [13:14:14.588] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
log [13:14:14.617] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [13:14:14.630] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
log [13:14:14.639] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
log [13:14:14.646] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
log [13:14:14.655] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
log [13:14:14.658] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
log [13:14:14.661] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
log [13:14:14.663] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
log [13:14:14.675] [info][listening] Server running at http://0.0.0.0:5601




kibana dashboard加载
curl -L -O http://download.elastic.co/beats/dashboards/beats-dashboards-1.0.0-rc2.tar.gz
tar xzvf beats-dashboards-1.0.0-rc2.tar.gz
cd beats-dashboards-1.0.0-rc2/
./load.sh


./load.sh http://192.168.0.58:9200
curl
Loading search Cache-transactions:
{"_index":".kibana","_type":"search","_id":"Cache-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}
Loading search DB-transactions:
{"_index":".kibana","_type":"search","_id":"DB-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}


最后测试索引的命令如下:
curl 192.168.0.58:9200/_cat/indices
yellow open .kibana 1 1 93 0 69kb 69kb
yellow open filebeat-2015.11.18 5 1 4109 0 2.9mb 2.9mb
详细配置可以参考配置篇
http://blog.chinaunix.net/uid-25057421-id-5576272.html


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template