- A+
所属分类:ELK
部署简介:客户打算把以后的项目都部署在docker云上,让我们公司测试一下灵雀云性能,而公司最近正好没机器部署ELK,所以领导直接让我在灵雀云部署一下ELK 直接部署5.0版本会报错,查了一下资料,比如修改宿主配置sysctl -w vm.max_map_count=262144。而我们无法修改宿主机配置,只好降低版本了。 系统环境:docker centos7 软件版本:jdk 1.8 Elasticsearch 2.4.6 logstash 2.4.1 Kibana 4.6.5
一.JDK安装 1.下载jdk 1.8 wget --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jdk-8u144-linux-x64.rpm 2.编写jdk安装脚本 vim jdk-1.8.sh #!/bin/sh rpm -ivh jdk-8u144-linux-x64.rpm echo "export JAVA_HOME=/usr/java/jdk1.8.0_144" >> /etc/profile echo "export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar" >> /etc/profile echo "export PATH=$PATH:$JAVA_HOME/bin" >> /etc/profile source /etc/profile update-alternatives --install /usr/bin/java java /usr/java/jdk1.8.0_144/bin/java 100 update-alternatives --config java 3.执行脚本 sh jdk-1.8.sh 4.测试是否安装成功 java -version 二.elasticsearch 1.下载 wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.6/elasticsearch-2.4.6.tar.gz 2.解压 tar zxvf elasticsearch-2.4.6.tar.gz mv elasticsearch-2.4.6 /opt/elasticsearch 4.创建用户并授权 useradd elasticsearch chown -R elasticsearch: /opt/elasticsearch 5.修改配置文件 vim /opt/elasticsearch/config/elasticsearch.yml node.name: elk-1 node.rack: elk network.host: 0.0.0.0 http.port: 9200 真实环境建议重新定义一下path.data和path.log 6.启动服务 su elasticsearch /opt/elasticsearch/bin/elasticsearch -d 7添加环境变量,下次启动就不用加那么长的路径了 echo "export PATH=$PATH:/opt/elasticsearch/bin/" >> /etc/profile source /etc/profile 8.测试 curl -i http://127.0.0.1:9200 HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 Content-Length: 359 { "name" : "elk-1", "cluster_name" : "elasticsearch", "cluster_uuid" : "8drU75o2SHSfd88WV7exXg", "version" : { "number" : "2.4.6", "build_hash" : "5376dca9f70f3abef96a77f4bb22720ace8240fd", "build_timestamp" : "2017-07-18T12:17:44Z", "build_snapshot" : false, "lucene_version" : "5.5.4" }, "tagline" : "You Know, for Search" } 9.elasticsearch-head插件安装(若无法安装,可下载到插件目录中) /opt/elasticsearch/bin/plugin install mobz/elasticsearch-head 插件访问地址ip:9200/_plugin/head/三.logstash 1.下载 wget https://download.elastic.co/logstash/logstash/logstash-2.4.1.tar.gz 2.解压并移动 tar zxvf logstash-2.4.1.tar.gz mv logstash-2.4.1 /opt/logstash 3.添加环境变量 echo "export PATH=$PAHT:/opt/logstash/bin/" >> /etc/profile source /etc/profile 4.测试 logstash -e "input {stdin{}} output {stdout{}}"
5.配置logstash和elasticsearch结合 mkdir /opt/logstash/conf vim /opt/logstash/conf/all.conf input { syslog { type => "system-syslog" host => "127.0.0.1" port => "514" } file { path => "/var/log/messages" type => "system" start_position => "beginning" } file { path => "/var/log/elasticsearch/longs.log" type => "es-error" start_position => "beginning" codec => multiline { pattern => "^\[" negate => "true" what => "previous" } } } output { if [type] == "system" { elasticsearch { hosts => ["localhost:9200"] index => "system-%{+YYYY.MM.dd}" } } if [type] == "es-error" { elasticsearch { hosts => ["localhost:9200"] index => "es-error-%{+YYYY.MM.dd}" } } if [type] == "system-syslog" { elasticsearch { hosts => ["localhost:9200"] index => "system-syslog-%{+YYYY.MM.dd}" } } } 6.测试 访问ip:9200/_plugin/head/,看是否有日志
四.:Kibana 1.下载 wget https://download.elastic.co/kibana/kibana/kibana-4.6.5-linux-x86_64.tar.gz 2.解压 tar zxvf kibana-4.6.5-linux-x86_64.tar.gz mv kibana-4.6.5-linux-x86_64 /opt/kibana 3.编辑配置文件(关于端口这块,默认是5601,我创建容器是映射错端口了,所以...) vim /opt/kibana/config/kibana.yml server.port: 6501 server.host: "0.0.0.0" elasticsearch.url: "http://localhost:9200" kibana.index: ".kibana" 4.启动服务 /opt/kibana/bin/kibana & 5.添加环境变量 echo "export PATH=$PATH:/opt/kibana/bin/" >> /etc/profile source /etc/profile 6.测试![]()