Elk 搭建记录
下载rpm安装包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.7.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.7.0.rpm
wget https://artifacts.elastic.co/GPG-KEY-elasticsearch
wget https://mirrors.tuna.tsinghua.edu.cn/AdoptOpenJDK/11/jdk/x64/linux/OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz
安装java (logstash必须是java9以上版本)
tar xvf OpenJDK11U-jdk_x64_linux_hotspot_11.0.10_9.tar.gz
mv jdk-11.0.10+9 /usr/local/java
vi /etc/profile.d/java.sh
export JAVA_HOME=/usr/local/java
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$PATH
source /etc/profile.d/java.sh
java -version
安装Elasticsearch
rpm --import GPG-KEY-elasticsearch
rpm -ivh elasticsearch-7.7.0-x86_64.rpm
#修改配置文件
vim /etc/elasticsearch/elasticsearch.yml
node.name: node-1
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"]
#加载服务并启动
systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch
systemctl status elasticsearch
安装Kibana
rpm -ivh kibana-7.7.0-x86_64.rpm
#修改配置文件
vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
i18n.locale: "zh-CN"
#加载服务并启动
systemctl daemon-reload
systemctl enable kibana
systemctl start kibana
systemctl status kibana
安装Logstash
rpm --import GPG-KEY-elasticsearch
rpm -ivh logstash-7.7.0.rpm
Ruby语法报错,这个不影响
创建配置文件测试
vim /etc/logstash/conf.d/test_log.conf
input {
file {
path => ["/var/log/test.log"]
#监听文件的起始位置,默认是end
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "test-log"
}
}
#测试
/usr/share/logstash/bin/logstash -t -f /etc/logstash/conf.d/test_log.conf
#启动
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/*.conf &
#停止
ps -ef | grep logstash
kill -TERM pid
