centos上手动安装最新版本ELK

软件包下载地址：https://www.elastic.co/downloads/elasticsearch

 

1，安装es

#tar zxvf elasticsearch-2.3.4.tar.gz

#mv elasticsearch-2.3.4 /usr/local

#Cd /usr/local

#mv elasticsearch-2.3.4/ elasticsearch

#chmod -R test:test ./elasticsearch/

#su test

 

更改配置文件config/elasticsearch.yml

cluster.name: node236

network.host: 192.168.1.236

 

$ bin/elasticsearch  //这里应该正常启动了

 

插件安装

$ ./plugin install mobz/elasticsearch-head

-> Installing mobz/elasticsearch-head...

Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ...

Downloading

 

......................................................................................................................................

 

....................................DONE

Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ...

NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)

Installed head into /usr/local/elasticsearch/plugins/head

[test@node236 bin]$ ls ../plugins/head/

elasticsearch-head.sublime-project  .jshintrc                           _site/

.gitignore                          LICENCE                             src/

Gruntfile.js                        package.json                        test/

grunt_fileSets.js                   plugin-descriptor.properties       

index.html                          README.textile                      

 

访问http://192.168.1.236:9200/_plugin/head/正常

注：此处远程访问一定要改配置文件的network.host值，否则只能本机访问

2，安装kibana

#tar zxvf kibana-4.5.3-linux-x64.tar.gz  -C /usr/local/

# cd /usr/local/

# mv kibana-4.5.3-linux-x64/ kibana

# cd kibana/

# ls

bin     installedPlugins  node          optimize      README.txt  webpackShims

config  LICENSE.txt       node_modules  package.json  src

# cd /etc/systemd/system

 

# vi kibana.service

[Service]

ExecStart=/usr/local/kibana/bin/kibana

[Install]

WantedBy=multi-user.target

 

# systemctl enable kibana

#systemctl start kibana

Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.

#systemctl status kibana

— kibana.service

   Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: disabled)

   Active: active (running) since Wed 2016-07-27 16:35:12 CST; 814ms ago

 Main PID: 44722 (node)

   CGroup: /system.slice/kibana.service

          44722 /usr/local/kibana/bin/../node/bin/node /usr/local/kibana/b...

 

Jul 27 16:35:12 node236 systemd[1]: Started kibana.service.

Jul 27 16:35:12 node236 systemd[1]: Starting kibana.service...

# netstat -nltp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   

tcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      44722/node         

tcp6       0      0 192.168.1.236:9200      :::*                    LISTEN      44160/java         

tcp6       0      0 192.168.1.236:9300      :::*                    LISTEN      44160/java         

 

 

3，安装logstash

[root@node236 test]# tar zxvf logstash-2.3.4.tar.gz -C /usr/local/

[root@node236 test]# cd /usr/local/

[root@node236 local]# mv logstash-2.3.4/ logstash

[root@node236 logstash-2.3.4]# ls

bin  CHANGELOG.md  CONTRIBUTORS  Gemfile  Gemfile.jruby-1.9.lock  lib  LICENSE  NOTICE.TXT  vendor

 

测试一下，情况正常

[root@node236 logstash-2.3.4]# bin/logstash -e 'input { stdin { } } output { stdout {} }'

Settings: Default pipeline workers: 1

Pipeline main started

2016-07-27T08:41:53.637Z node236

fdfd

2016-07-27T08:41:58.875Z node236 fdfd

afdfad

2016-07-27T08:42:01.846Z node236 afdfad

 

 

加个证书支持

[root@node236 logstash]# cd /etc/pki/tls

[root@node236 tls]# openssl req -subj '/CN=node236/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-

 

forwarder.key -out certs/logstash-forwarder.crt

Generating a 2048 bit RSA private key

..........................................+++

....+++

writing new private key to 'private/logstash-forwarder.key'

-----

 

手动安装是没有配置文件的，需要自己建立

[root@node236 tls]# cd /usr/local/logstash/

[root@node236 logstash]# mkdir conf

[root@node236 logstash]# vi conf/1.conf

内容如下，这是针对apache的日志的监控

input {

  file {

    path => "/var/log/httpd/access_log"

    start_position => beginning

  }

}

 

filter {

  if [path] =~ "access" {

    mutate { replace => { "type" => "apache_access" } }

    grok {

      match => { "message" => "%{COMBINEDAPACHELOG}" }

    }

  }

  date {

    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]

  }

}

 

output {

  elasticsearch {

  hosts => "192.168.1.246:9200"

  index => "fuckyou_index"     #索引名称

  }

  stdout { codec => rubydebug }

}

"conf/1.conf" 26L, 471C written

[root@node236 logstash]# ./bin/logstash -f ./conf/1.conf   //启动

 

4,测试

yum -y install httpd 装个apache，之后随便用个awvs扫一下IP

以下是在ES里看到的内容，说明已经正确抓取

 

 

访问kibana，一切正常。