Loading

CentOS 7 部署 ELK

  • Elasticsearch:一个开源分布式搜索引擎。分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载。
  • Logstash:一个开源工具,对日志进行收集、过滤,并将其存储供以后使用。
  • Kibana:一个开源和免费的工具,它可以为 Logstash 和 ElasticSearch 提供的日志生成友好的 Web 界面,可以帮助您汇总、分析和搜索重要数据日志。

1. Elasticsearch

安装 JDK:Linux 配置 JDK 环境

# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# firewall-cmd --add-port=9200/tcp --permanent
# firewall-cmd --add-port=9300/tcp --permanent
# firewall-cmd --add-port=5601/tcp --permanent
# firewall-cmd --reload

# 添加仓库
cat <<EOF | tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

# 引入 GPG key
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

# 更新 yum
yum clean all
yum makecache

# 安装 Elasticsearch
yum install -y elasticsearch
systemctl daemon-reload
systemctl start elasticsearch && systemctl enable elasticsearch
systemctl status elasticsearch
curl localhost:9200

# 更改配置
vi /etc/elasticsearch/elasticsearch.yml
    cluster.name: my-application
    node.name: master
    network.host: 0.0.0.0
    http.port: 9200
    cluster.initial_master_nodes: ["master", "node-1"]
systemctl restart elasticsearch

2. Kibana

yum install -y kibana
systemctl start kibana && systemctl enable kibana
systemctl status kibana
curl localhost:5601 -L

vi /etc/kibana/kibana.yml
    server.port: 5601
    server.host: "0.0.0.0"
    elasticsearch.hosts: ["http://localhost:9200"]
systemctl restart kibana

查看:http://IP:5601

3. Logstash

yum install -y logstash
systemctl start logstash
systemctl status logstash

4. 测试

vi test.log
    hello logstash!
vi test.conf
    input {
        file {
            path => ["/root/test/test.log"]
            sincedb_path => "/dev/null"
            start_position => "beginning"
        }
    }
    filter {
    }
    output {
        elasticsearch {
            hosts => ["http://localhost:9200"]
        }
    }
/usr/share/logstash/bin/logstash -f test.conf

访问:http://192.168.11.100:9200/_cat/indices?v

访问:http://192.168.11.100:9200/logstash-2021.04.28-000001/_search

posted @ 2021-04-28 20:14  LB477  阅读(84)  评论(0编辑  收藏  举报