- A+
所属分类:ELK
部署简介:客户打算把以后的项目都部署在docker云上,让我们公司测试一下灵雀云性能,而公司最近正好没机器部署ELK,所以领导直接让我在灵雀云部署一下ELK
直接部署5.0版本会报错,查了一下资料,比如修改宿主配置sysctl -w vm.max_map_count=262144。而我们无法修改宿主机配置,只好降低版本了。
系统环境:docker centos7
软件版本:jdk 1.8
Elasticsearch 2.4.6
logstash 2.4.1
Kibana 4.6.5
一.JDK安装
1.下载jdk 1.8
wget --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jdk-8u144-linux-x64.rpm
2.编写jdk安装脚本
vim jdk-1.8.sh
#!/bin/sh
rpm -ivh jdk-8u144-linux-x64.rpm
echo "export JAVA_HOME=/usr/java/jdk1.8.0_144" >> /etc/profile
echo "export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar" >> /etc/profile
echo "export PATH=$PATH:$JAVA_HOME/bin" >> /etc/profile
source /etc/profile
update-alternatives --install /usr/bin/java java /usr/java/jdk1.8.0_144/bin/java 100
update-alternatives --config java
3.执行脚本
sh jdk-1.8.sh
4.测试是否安装成功
java -version
二.elasticsearch
1.下载
wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.6/elasticsearch-2.4.6.tar.gz
2.解压
tar zxvf elasticsearch-2.4.6.tar.gz
mv elasticsearch-2.4.6 /opt/elasticsearch
4.创建用户并授权
useradd elasticsearch
chown -R elasticsearch: /opt/elasticsearch
5.修改配置文件
vim /opt/elasticsearch/config/elasticsearch.yml
node.name: elk-1
node.rack: elk
network.host: 0.0.0.0
http.port: 9200
真实环境建议重新定义一下path.data和path.log
6.启动服务
su elasticsearch
/opt/elasticsearch/bin/elasticsearch -d
7添加环境变量,下次启动就不用加那么长的路径了
echo "export PATH=$PATH:/opt/elasticsearch/bin/" >> /etc/profile
source /etc/profile
8.测试
curl -i http://127.0.0.1:9200
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 359
{
"name" : "elk-1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "8drU75o2SHSfd88WV7exXg",
"version" : {
"number" : "2.4.6",
"build_hash" : "5376dca9f70f3abef96a77f4bb22720ace8240fd",
"build_timestamp" : "2017-07-18T12:17:44Z",
"build_snapshot" : false,
"lucene_version" : "5.5.4"
},
"tagline" : "You Know, for Search"
}
9.elasticsearch-head插件安装(若无法安装,可下载到插件目录中)
/opt/elasticsearch/bin/plugin install mobz/elasticsearch-head
插件访问地址ip:9200/_plugin/head/
三.logstash
1.下载
wget https://download.elastic.co/logstash/logstash/logstash-2.4.1.tar.gz
2.解压并移动
tar zxvf logstash-2.4.1.tar.gz
mv logstash-2.4.1 /opt/logstash
3.添加环境变量
echo "export PATH=$PAHT:/opt/logstash/bin/" >> /etc/profile
source /etc/profile
4.测试
logstash -e "input {stdin{}} output {stdout{}}"
5.配置logstash和elasticsearch结合
mkdir /opt/logstash/conf
vim /opt/logstash/conf/all.conf
input {
syslog {
type => "system-syslog"
host => "127.0.0.1"
port => "514"
}
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
file {
path => "/var/log/elasticsearch/longs.log"
type => "es-error"
start_position => "beginning"
codec => multiline {
pattern => "^\["
negate => "true"
what => "previous"
}
}
}
output {
if [type] == "system" {
elasticsearch {
hosts => ["localhost:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
if [type] == "es-error" {
elasticsearch {
hosts => ["localhost:9200"]
index => "es-error-%{+YYYY.MM.dd}"
}
}
if [type] == "system-syslog" {
elasticsearch {
hosts => ["localhost:9200"]
index => "system-syslog-%{+YYYY.MM.dd}"
}
}
}
6.测试
访问ip:9200/_plugin/head/,看是否有日志
四.:Kibana 1.下载 wget https://download.elastic.co/kibana/kibana/kibana-4.6.5-linux-x86_64.tar.gz 2.解压 tar zxvf kibana-4.6.5-linux-x86_64.tar.gz mv kibana-4.6.5-linux-x86_64 /opt/kibana 3.编辑配置文件(关于端口这块,默认是5601,我创建容器是映射错端口了,所以...) vim /opt/kibana/config/kibana.yml server.port: 6501 server.host: "0.0.0.0" elasticsearch.url: "http://localhost:9200" kibana.index: ".kibana" 4.启动服务 /opt/kibana/bin/kibana & 5.添加环境变量 echo "export PATH=$PATH:/opt/kibana/bin/" >> /etc/profile source /etc/profile 6.测试
