1.1:环境准备(两个节点上都要准备)
1:配置域名解析
(1)node1节点的设置
[root@localhost ~]# hostname node1
[root@localhost ~]# bash
[root@node1 ~]# vi /etc/hosts
192.168.1.10 node1
192.168.1.11 node2
(2)node2节点的设置
[root@localhost ~]# hostname node2
[root@localhost ~]# bash
[root@node2 ~]# vi /etc/hosts
192.168.1.10 node1
192.168.1.11 node2
2:检查java环境
(1)node1的java环境
[root@node1 ~]# java -version
openjdk version "1.8.0_102"
OpenJDK Runtime Environment (build 1.8.0_102-b14)
OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode)
(2)node2的java环境
[root@node2 ~]# java -version
openjdk version "1.8.0_102"
OpenJDK Runtime Environment (build 1.8.0_102-b14)
OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode)
1.2:部署Elasticsearch软件(在两个node节点上都部署)
1:在node1节点上安装Elasticsearch软件
(1)安装Elasticsearch软件
[root@node1 ~]# systemctl stop firewalld
[root@node1 ~]# rpm -ivh elasticsearch-5.5.0.rpm
(2)加载系统服务
[root@node1 ~]# systemctl daemon-reload
[root@node1 ~]# systemctl enable elasticsearch.service
(3)更改Elasticsearch主配置文件
[root@node1 ~]# vi /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk-cluster ##17行
node.name: node1 ##23行
path.data: /data/elk_data ##33行
path.logs: /var/log/elasticsearch/ ##37行
bootstrap.memory_lock: false ##43行
network.host: 0.0.0.0 ##55行
http.port: 9200 59行
discovery.zen.ping.unicast.hosts: ["node1", "node2"] ##68行
(4)创建数据存放路径并授权
[root@node1 ~]# mkdir -p /data/elk_data
[root@node1 ~]# chown elasticsearch:elasticsearch /data/elk_data/
2:在node2节点上安装Elasticsearch软件
(1)安装Elasticsearch软件
[root@node2 ~]# systemctl stop firewalld
[root@node2 ~]# rpm -ivh elasticsearch-5.5.0.rpm
(2)加载系统服务
[root@node2 ~]# systemctl daemon-reload
[root@node2 ~]# systemctl enable elasticsearch.service
(3)更改Elasticsearch主配置文件
[root@node2 ~]# vi /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk-cluster ##17行
node.name: node2 ##23行
path.data: /data/elk_data ##33行
path.logs: /var/log/elasticsearch/ ##37行
bootstrap.memory_lock: false ##43行
network.host: 0.0.0.0 ##55行
http.port: 9200 59行
discovery.zen.ping.unicast.hosts: ["node1", "node2"] ##68行
(4)创建数据存放路径并授权
[root@node2 ~]# mkdir -p /data/elk_data
[root@node2 ~]# chown elasticsearch:elasticsearch /data/elk_data/
3:启动Elasticsearch并查看是否开启成功
(1)在node1上启动
[root@node1 ~]# systemctl start elasticsearch
[root@node1 ~]# netstat -anpt | grep 9200
tcp6 0 0 :::9200 :::* LISTEN 6987/java
(2)在node2上启动
[root@node2 ~]# systemctl start elasticsearch
[root@node2 ~]# netstat -anpt | grep 9200
tcp6 0 0 :::9200 :::* LISTEN 5991/java
4:查看节点信息
(1)查看节点1
打开浏览器
(2)查看节点2
打开浏览器
(3)查看群集健康情况
打开浏览器
http://192.168.1.11:9200/_cluster/health?pretty
(4)查看群集的状态信息
打开浏览器
http://192.168.1.11:9200/_cluster/state?pretty
1.3:在node1上安装Elasticsearch-head插件(只需在node1上安装)
1:编译安装node
[root@node1 ~]# tar zxvf node-v8.2.1.tar.gz
[root@node1 ~]# cd node-v8.2.1/
[root@node1 node-v8.2.1]# yum -y install gcc*
[root@node1 node-v8.2.1]# ./configure && make && make install
2:安装phantomjs
[root@node1 ~]# tar jxvf phantomjs-2.1.1-linux-x86_64.tar.bz2
[root@node1 ~]# cd phantomjs-2.1.1-linux-x86_64/bin/
[root@node1 bin]# cp phantomjs /usr/local/bin/
3:安装Elasticsearch-head
[root@node1 ~]# tar zxvf elasticsearch-head.tar.gz
[root@node1 ~]# cd elasticsearch-head/
[root@node1 elasticsearch-head]# npm install
4:修改Elasticsearch主配置文件
[root@node1 elasticsearch-head]# vi /etc/elasticsearch/elasticsearch.yml
在末尾添加:
http.cors.enabled: true
http.cors.allow-origin: "*"
5:启动服务(必须在解压的elasticsearch-head目录下启动)
[root@node1 ~]# cd elasticsearch-head/
[root@node1 elasticsearch-head]# npm run start &
[1] 90716
[root@node1 elasticsearch-head]#
> elasticsearch-head@0.0.0 start /root/elasticsearch-head
> grunt server
Running "connect:server" (connect) task
Waiting forever...
Started connect web server on http://localhost:9100
[root@node1 elasticsearch-head]# netstat -anpt | grep 9100
tcp 0 0 0.0.0.0:9100 0.0.0.0:* LISTEN 90729/grunt
[root@node1 elasticsearch-head]# netstat -lnupt | grep 9200
tcp6 0 0 :::9200 :::* LISTEN 90600/java
6:通过elasticsearch-head查看elasticsearch信息
浏览器中访问:
http://localhost:9100/
7:插入索引
node1:
[root@node1 ~]# curl -XPUT 'localhost:9200/index-demo/test/1?pretty&pretty' -H 'Content-Type:application/json' -d '{"user":"zhangsan","mesg":"hello world"}'
{
"_index" : "index-demo",
"_type" : "test",
"_id" : "1",
"_version" : 1,
"result" : "created",
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"created" : true
}
刷新浏览器,会发现添加的索引:
1.4:Logstash安装及使用方法
1:在node1上安装Logtash
[root@node1 ~]# rpm -ivh logstash-5.5.1.rpm
[root@node1 ~]# systemctl start logstash.service
[root@node1 ~]# ln -s /usr/share/logstash/bin/logstash /usr/local/bin/
2:测试Logtash
(1)输入采用标准输入,输出采用标准输出
[root@node1 ~]# logstash -e 'input { stdin{} } output { stdout{} }'
The stdin plugin is now waiting for input:
10:19:45.831 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com
2018-04-17T02:20:01.564Z localhost.localdomain www.baidu.com
www.sina.com
2018-04-17T02:20:14.612Z localhost.localdomain www.sina.com
^C10:20:21.838 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
10:20:21.851 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}
按下ctrl+c退出
(2)使用rubydubug显示详细输出
[root@node1 ~]# logstash -e 'input { stdin{} } output { stdout{ codec=>rubydebug } }'
The stdin plugin is now waiting for input:
10:21:43.495 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
www.baidu.com
{
"@timestamp" => 2018-04-17T02:23:02.842Z,
"@version" => "1",
"host" => "localhost.localdomain",
"message" => "www.baidu.com"
}
按下ctrl+c退出
(3)使用Logtash将信息写入Eloasticsearch中
注意:如果下列命令执行后提示拒绝连接,可以重启以下elasticsearch服务
[root@node1 ~]# logstash -e 'input { stdin{} } output { elasticsearch { hosts=>["192.168.1.10:9200"] } }'
3:Logstash配置文件
(1)修改Logstash配置文件
[root@node1 ~]# chmod o+r /var/log/messages
[root@node1 ~]# touch /etc/logstash/conf.d/system.conf
[root@node1 ~]# vi /etc/logstash/conf.d/system.conf
input {
file {
path=>"/var/log/messages"
type=>"system"
start_position=>"beginning"
}
}
output {
elasticsearch {
hosts=>["192.168.8.134:9200"]
index=>"system-%{+YYYY.MM.dd}"
}
}
(2)重启Logstash服务
[root@node1 ~]# systemctl restart logstash
(3)刷新页面,查看Elasticsearch的信息
1.5:安装Kibana
1:在node1上安装Kibana
[root@node1 ~]# rpm -ivh kibana-5.5.1-x86_64.rpm
[root@node1 ~]# systemctl enable kibana.service
2:修改Kibana主配置文件
[root@node1 ~]# vi /etc/kibana/kibana.yml
server.port: 5601 ##2行
server.host: "0.0.0.0" ##7行
elasticsearch.url: "http://192.168.1.10:9200" ##21行
kibana.index: ".kibana" ##30行
3:启动Kibana服务
[root@node1 ~]# systemctl start kibana
4:验证Kibana
(1)浏览器访问
(2)查看索引字段
(3)查看图标和日志信息
6:添加apache服务器的日志
(1)在apache服务器上安装httpd
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# yum -y install httpd
[root@localhost ~]# java -version
openjdk version "1.8.0_102"
OpenJDK Runtime Environment (build 1.8.0_102-b14)
OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode)
[root@localhost ~]# rpm -ivh logstash-5.5.1.rpm
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable logstash
[root@localhost conf.d]# vi /apache_log.conf
input {
file {
path=>"/etc/httpd/logs/access_log"
type=>"access"
start_position=>"beginning"
}
}
file {
path=>"/etc/httpd/logs/error_log"
type=>"error"
start_position=>"beginning"
}
output {
if [type]=="access" {
elasticsearch {
hosts=>["192.168.8.134:9200"]
index=>"apache_access-%{+YYYY.MM.dd}"
}
}
if [type]=="error" {
elasticsearch {
hosts=>["192.168.8.134:9200"]
index=>"apache_error-%{+YYYY.MM.dd}"
}
}
}
[root@localhost ~]# systemctl start httpd
[root@localhost conf.d]# /usr/share/logstash/bin/logstash -f apache_log.conf
(2)浏览器访问
