AI 助理
备案控制台
开发者社区 开发与运维 文章 正文

ELK日志分析平台

2017-11-22 2169
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
本文涉及的产品
检索分析服务 Elasticsearch 版,2核4GB开发者规格 1个月
推荐场景:
数据可视化分析航班信息
云原生内存数据库 Tair,内存型 2GB
推荐场景:
通过缓存加速数据库访问
云数据库 Redis 版,社区版 2GB
推荐场景:
搭建游戏排行榜
简介:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
我的博客已迁移到xdoujiang.com请去那边和我交流
ELKstack是Elasticsearch、Logstash、Kibana三个开源软件的组合。目前都在Elastic.co公司名下。
ELK是一套常用的开源日志监控和分析系统,包括一个分布式索引与搜索服务Elasticsearch,
一个管理日志和事件的工具logstash,和一个数据可视化服务Kibana
logstash_1.5.3                 负责日志的收集,处理和储存
elasticsearch-1.7.2            负责日志检索和分析
kibana-4.1.2-linux-x64. tar .gz  负责日志的可视化
jdk-1.7.0_03                   java环境
redis-2.4.14                   DB
 
一、基础环境
1、角色、ip、版本、内核
serverA 10.1.10.185 3.2.0-4-amd64 7.8 java elasticsearch redis kibana logstash(agent indexer)
clientB 10.1.10.117 3.2.0-4-amd64 7.8 java logstash(agent)
 
2、安装基础包
apt-get -y  install  curl wget lrzsz axel
 
二、安装redis server
1、安装包
apt-get -y  install  redis-server
 
2、创建redis存储目录
mkdir  /opt/redis  -p
 
3、权限
chown  redis  /opt/redis/  -R
 
4、配置
1)备份配置
cp  /etc/redis/redis .conf  /etc/redis/redis .conf.bak
2)修改配置
sed  -i  's!^bind.*!bind 10.1.10.185!g'  /etc/redis/redis .conf
sed  -i  's!^dir.*!dir /opt/redis!g'  /etc/redis/redis .conf
 
5、重启服务
/etc/init .d /redis-server  restart
 
6、查看进程和端口
1)查看进程
ps  -ef | grep  redis
redis     23193      1  0 16:41 ?        00:00:00  /usr/bin/redis-server  /etc/redis/redis .conf
2)查看端口
netstat  -tupnl | grep  redis
tcp        0      0 10.1.10.185:6379        0.0.0.0:*               LISTEN      25188 /redis-server
 
7、检查开机启动(默认设置开机启动了)
ll  /etc/rc2 .d/ | grep  redis
lrwxrwxrwx 1 root root  22 Sep 20 16:41 S02redis-server -> .. /init .d /redis-server
 
三、安装java环境
1、安装包
apt-get -y  install  openjdk-7-jdk
 
2、查看版本
java -version
java version  "1.7.0_03"
OpenJDK Runtime Environment (IcedTea7 2.1.7) (7u3-2.1.7-1)
OpenJDK 64-Bit Server VM (build 22.0-b10, mixed mode)
 
四、安装elasticsearch
1、下载elasticsearch
wget https: //download .elastic.co /elasticsearch/elasticsearch/elasticsearch-1 .7.2.deb
 
2、安装elasticsearch
dpkg -i elasticsearch-1.7.2.deb
Selecting previously unselected package elasticsearch.
(Reading database ... 30240 files and directories currently installed.)
Unpacking elasticsearch (from elasticsearch-1.7.2.deb) ...
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Setting up elasticsearch (1.7.2) ...
 
3、配置
1)备份配置
cp  /etc/elasticsearch/elasticsearch .yml  /etc/elasticsearch/elasticsearch .yml.bak
2)修改配置
echo  "network.bind_host: 10.1.10.185"  >>  /etc/elasticsearch/elasticsearch .yml
 
4、启动elasticsearch服务
/etc/init .d /elasticsearch  start
 
5、查看进程和端口
1)查看进程
ps  -ef | grep  java
106       22835      1 63 15:14 ?        00:00:03  /usr/lib/jvm/java-7-openjdk-amd64//bin/java  -Xms256m -Xmx1g -Djava.awt.headless= true  -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -XX:+DisableExplicitGC -Dfile.encoding=UTF-8 -Delasticsearch -Des.pidfile= /var/run/elasticsearch/elasticsearch .pid -Des.path.home= /usr/share/elasticsearch  - cp  : /usr/share/elasticsearch/lib/elasticsearch-1 .7.2.jar: /usr/share/elasticsearch/lib/ *: /usr/share/elasticsearch/lib/sigar/ * -Des.default.config= /etc/elasticsearch/elasticsearch .yml -Des.default.path.home= /usr/share/elasticsearch  -Des.default.path.logs= /var/log/elasticsearch  -Des.default.path.data= /var/lib/elasticsearch  -Des.default.path.work= /tmp/elasticsearch  -Des.default.path.conf= /etc/elasticsearch  org.elasticsearch.bootstrap.Elasticsearch
2)查看端口
netstat  -tupnl | grep  java
tcp6       0      0 10.1.10.185:9200        :::*                    LISTEN      22835 /java      
tcp6       0      0 10.1.10.185:9300        :::*                    LISTEN      22835 /java      
udp6       0      0 :::54328                :::*                                22835 /java     
 
6、测试
curl -X GET http: //10 .1.10.185:9200
{
   "status"  : 200,
   "name"  "Ned Leeds" ,
   "cluster_name"  "elasticsearch" ,
   "version"  : {
     "number"  "1.7.2" ,
     "build_hash"  "e43676b1385b8125d647f593f7202acbd816e8ec" ,
     "build_timestamp"  "2015-09-14T09:49:53Z" ,
     "build_snapshot"  false ,
     "lucene_version"  "4.10.4"
   },
   "tagline"  "You Know, for Search"
}
 
7、添加到开机启动
update-rc.d elasticsearch defaults
update-rc.d: using dependency based boot sequencing
 
五、安装logstash
1、下载logstash
wget https: //download .elastic.co /logstash/logstash/packages/debian/logstash_1 .5.3-1_all.deb
 
2、安装logstash
dpkg -i logstash_1.5.3-1_all.deb
(Reading database ... 30338 files and directories currently installed.)
Unpacking logstash (from logstash_1.5.3-1_all.deb) ...
Setting up logstash (1:1.5.3-1) ...
 
3、配置(默认没有这个配置文件)
1)配置logstash_agent
cat  /etc/logstash/conf .d /logstash_agent .conf
input {
         file  {
                 type  =>  "messages"
                 path => [ "/var/log/messages" ]
         }
         file  {
                 type  =>  "elasticsearch"
                 path => [ '/var/log/elasticsearch/elasticsearch.log*' ]
         }
}
output {
         redis {
                 host =>  "10.1.10.185"
                 data_type =>  "list"
                 key =>  "logstash:redis"
         }
}
2)配置logstash_indexer
cat  /etc/logstash/conf .d /logstash_indexer .conf
input {
         redis {
                 host =>  "10.1.10.185"
                 data_type =>  "list"
                 key =>  "logstash:redis"
                 type  =>  "redis-input"
         port =>  "6379"
         }
}
output {
         elasticsearch {
                 host =>  "10.1.10.185"
         }
}
 
4、启动服务
/etc/init .d /logstash  start
logstash started.
 
5、使用jps -mlv或 ps  -ef来查看下进程
ps  -ef| grep  logst
logstash  22932      1 16 15:19 pts /0     00:00:01  /usr/bin/java  -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless= true  -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir= /var/lib/logstash  -Xmx500m -Xss2048k -Djffi.boot.library.path= /opt/logstash/vendor/jruby/lib/jni  -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless= true  -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir= /var/lib/logstash  -Xbootclasspath /a : /opt/logstash/vendor/jruby/lib/jruby .jar -classpath : -Djruby.home= /opt/logstash/vendor/jruby  -Djruby.lib= /opt/logstash/vendor/jruby/lib  -Djruby.script=jruby -Djruby.shell= /bin/sh  org.jruby.Main --1.9  /opt/logstash/lib/bootstrap/environment .rb logstash /runner .rb agent -f  /etc/logstash/conf .d -l  /var/log/logstash/logstash .log
 
6、设置开机启动
update-rc.d logstash defaults
update-rc.d: using dependency based boot sequencing
 
六、安装kibana(前端web)
1、下载
axel -n 10 https: //download .elastic.co /kibana/kibana/kibana-4 .1.2-linux-x64. tar .gz
 
2、解压到指定目录
tar  zxvf kibana-4.1.2-linux-x64. tar .gz -C  /opt
 
3、创建日志目录
mkdir  -p  /opt/kibanalog
 
4、配置
1)备份配置
cp  /opt/kibana-4 .1.2-linux-x64 /config/kibana .yml  /opt/kibana-4 .1.2-linux-x64 /config/kibana .yml.bak
2)修改配置
sed  -i  's!^elasticsearch_url: .*!elasticsearch_url: "http://10.1.10.185:9200"!g'  /opt/kibana-4 .1.2-linux-x64 /config/kibana .yml
sed  -i  's!^host: .*!host: "10.1.10.185"!g'  /opt/kibana-4 .1.2-linux-x64 /config/kibana .yml
 
5、启动服务
cd  /opt/kibanalog  &&  nohup  /opt/kibana-4 .1.2-linux-x64 /bin/kibana  &
 
6、查看进程和端口
1)查看进程
ps  aux | grep  kibana
root      22982  5.4 20.1 612576 47716 pts /0     Sl   15:22   0:01  /opt/kibana-4 .1.2-linux-x64 /bin/ .. /node/bin/node  /opt/kibana-4 .1.2-linux-x64 /bin/ .. /src/bin/kibana .js
2)查看端口
netstat  -tupnl| grep  5601
tcp        0      0 10.1.10.185:5601        0.0.0.0:*               LISTEN      22982 /node  
 
7、在windows上访问http: //10 .1.10.185:5601

wKiom1YB9GrwvtzrAANcUZu8rDw596.jpg

wKioL1YB9GyzXKWkAAbO4sll4MI251.jpg

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
8、设置开机启动
echo  "cd /opt/kibanalog && nohup /opt/kibana-4.1.2-linux-x64/bin/kibana &"  >>  /etc/rc . local
 
七、查看全部服务日志
1、查看redis日志
cat  /var/log/redis/redis-server .log
[5903] 22 Sep 09:53:47 * Server started, Redis version 2.4.14
[5903] 22 Sep 09:53:47  # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
[5903] 22 Sep 09:53:47 * The server is now ready to accept connections on port 6379
[5903] 22 Sep 10:08:42  # Received SIGTERM, scheduling shutdown...
[5903] 22 Sep 10:08:42  # User requested shutdown...
[5903] 22 Sep 10:08:42 * Saving the final RDB snapshot before exiting.
[5903] 22 Sep 10:08:42 * DB saved on disk
[5903] 22 Sep 10:08:42 * Removing the pid  file .
[5903] 22 Sep 10:08:42  # Redis is now ready to exit, bye bye...
[22674] 22 Sep 10:08:43 * Server started, Redis version 2.4.14
[22674] 22 Sep 10:08:43  # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
[22674] 22 Sep 10:08:43 * The server is now ready to accept connections on port 6379
[22674] 22 Sep 10:49:56 * 1 changes  in  900 seconds. Saving...
[22674] 22 Sep 10:49:56 * Background saving started by pid 23186
[23186] 22 Sep 10:49:56 * DB saved on disk
[22674] 22 Sep 10:49:57 * Background saving terminated with success
[22674] 22 Sep 10:50:58 * 10000 changes  in  60 seconds. Saving...
[22674] 22 Sep 10:50:58 * Background saving started by pid 23205
[23205] 22 Sep 10:50:58 * DB saved on disk
[22674] 22 Sep 10:50:58 * Background saving terminated with success
[22674] 22 Sep 10:51:59 * 10000 changes  in  60 seconds. Saving...
[22674] 22 Sep 10:51:59 * Background saving started by pid 23214
[23214] 22 Sep 10:51:59 * DB saved on disk
[22674] 22 Sep 10:51:59 * Background saving terminated with success
 
2、查看elasticsearch日志
cat  /var/log/elasticsearch/elasticsearch .log
[2015-09-22 10:09:42,361][INFO ][node                     ] [Karma] version[1.7.2], pid[22751], build[e43676b /2015-09-14T09 :49:53Z]
[2015-09-22 10:09:42,362][INFO ][node                     ] [Karma] initializing ...
[2015-09-22 10:09:42,536][INFO ][plugins                  ] [Karma] loaded [], sites []
[2015-09-22 10:09:42,595][INFO ][ env                       ] [Karma] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [7.3gb], net total_space [9.1gb], types [rootfs]
[2015-09-22 10:09:45,669][INFO ][node                     ] [Karma] initialized
[2015-09-22 10:09:45,669][INFO ][node                     ] [Karma] starting ...
[2015-09-22 10:09:45,776][INFO ][transport                ] [Karma] bound_address {inet[ /10 .1.10.185:9300]}, publish_address {inet[ /10 .1.10.185:9300]}
[2015-09-22 10:09:45,794][INFO ][discovery                ] [Karma] elasticsearch /mB1_wQprTAWGam7X1LzCxQ
[2015-09-22 10:09:49,582][INFO ][cluster.service          ] [Karma] new_master [Karma][mB1_wQprTAWGam7X1LzCxQ][debian][inet[ /10 .1.10.185:9300]], reason: zen-disco- join  (elected_as_master)
[2015-09-22 10:09:49,620][INFO ][http                     ] [Karma] bound_address {inet[ /10 .1.10.185:9200]}, publish_address {inet[ /10 .1.10.185:9200]}
[2015-09-22 10:09:49,620][INFO ][node                     ] [Karma] started
[2015-09-22 10:09:49,642][INFO ][gateway                  ] [Karma] recovered [0] indices into cluster_state
[2015-09-22 10:49:56,101][INFO ][cluster.service          ] [Karma] added {[logstash-debian-23118-13460][Bt8LxnD9R4amhOypJbgxww][debian][inet[ /10 .1.10.185:9301]]{client= true , data= false },}, reason: zen-disco-receive( join  from node[[logstash-debian-23118-13460][Bt8LxnD9R4amhOypJbgxww][debian][inet[ /10 .1.10.185:9301]]{client= true , data= false }])
[2015-09-22 10:49:58,511][INFO ][cluster.metadata         ] [Karma] [logstash-2015.09.22] creating index, cause [auto(bulk api)], templates [logstash], shards [5]/[1], mappings [_default_, elasticsearch]
[2015-09-22 10:49:59,645][INFO ][cluster.metadata         ] [Karma] [logstash-2015.09.22] update_mapping [elasticsearch] (dynamic)
[2015-09-22 10:53:28,474][DEBUG][action.admin.cluster.health] [Karma] observer: timeout notification from cluster service. timeout setting [5s],  time  since start [5s]
[2015-09-22 10:53:51,251][INFO ][cluster.metadata         ] [Karma] [.kibana] creating index, cause [api], templates [], shards [1]/[1], mappings []
[2015-09-22 10:53:52,902][INFO ][cluster.metadata         ] [Karma] [.kibana] update_mapping [config] (dynamic)
 
3、查看logstash日志
cat  /var/log/logstash/logstash .err
!!! Please upgrade your java version, the current version  '1.7.0_03-b21'  may cause problems. We recommend a minimum version of 1.7.0_51
'[DEPRECATED] use `require concurrent` instead of `require concurrent_ruby'
[2015-09-22 10:49:48.459]  WARN -- Concurrent: [DEPRECATED] Java 7 is deprecated, please use Java 8.
Java 7 support is only best effort, it may not work. It will be removed  in  next release (1.0).
Sep 22, 2015 10:49:49 AM org.elasticsearch.node.internal.InternalNode <init>
INFO: [logstash-debian-23118-13460] version[1.7.0], pid[23118], build[929b973 /2015-07-16T14 :31:07Z]
Sep 22, 2015 10:49:49 AM org.elasticsearch.node.internal.InternalNode <init>
INFO: [logstash-debian-23118-13460] initializing ...
Sep 22, 2015 10:49:49 AM org.elasticsearch.plugins.PluginsService <init>
INFO: [logstash-debian-23118-13460] loaded [], sites []
Sep 22, 2015 10:49:51 AM org.elasticsearch.bootstrap.Natives <clinit>
WARNING: JNA not found. native methods will be disabled.
Sep 22, 2015 10:49:52 AM org.elasticsearch.node.internal.InternalNode <init>
INFO: [logstash-debian-23118-13460] initialized
Sep 22, 2015 10:49:52 AM org.elasticsearch.node.internal.InternalNode start
INFO: [logstash-debian-23118-13460] starting ...
Sep 22, 2015 10:49:52 AM org.elasticsearch.transport.TransportService doStart
INFO: [logstash-debian-23118-13460] bound_address {inet[ /0 :0:0:0:0:0:0:0:9301]}, publish_address {inet[ /10 .1.10.185:9301]}
Sep 22, 2015 10:49:53 AM org.elasticsearch.discovery.DiscoveryService doStart
INFO: [logstash-debian-23118-13460] elasticsearch /Bt8LxnD9R4amhOypJbgxww
Sep 22, 2015 10:49:56 AM org.elasticsearch.cluster.service.InternalClusterService$UpdateTask run
INFO: [logstash-debian-23118-13460] detected_master [Karma][mB1_wQprTAWGam7X1LzCxQ][debian][inet[ /10 .1.10.185:9300]], added {[Karma][mB1_wQprTAWGam7X1LzCxQ][debian][inet[ /10 .1.10.185:9300]],}, reason: zen-disco-receive(from master [[Karma][mB1_wQprTAWGam7X1LzCxQ][debian][inet[ /10 .1.10.185:9300]]])
Sep 22, 2015 10:49:56 AM org.elasticsearch.node.internal.InternalNode start
INFO: [logstash-debian-23118-13460] started
Sep 22, 2015 10:55:23 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
WARNING: [logstash-debian-23118-13460] [gc][young][325][5441] duration [1s], collections [1]/[1.2s], total [1s]/[31.5s], memory [156.5mb]->[157.1mb]/[491.6mb], all_pools {[young] [3.8mb]->[2.4mb]/[66.5mb]}{[survivor] [365.5kb]->[512kb]/[8.3mb]}{[old] [152.3mb]->[154.2mb]/[416.8mb]}
Sep 22, 2015 10:56:08 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
INFO: [logstash-debian-23118-13460] [gc][young][369][6284] duration [1.8s], collections [2]/[2.3s], total [1.8s]/[37.9s], memory [113.8mb]->[116.2mb]/[491.6mb], all_pools {[young] [3.6mb]->[2.1mb]/[66.5mb]}{[survivor] [361.1kb]->[508kb]/[8.3mb]}{[old] [109.8mb]->[113.6mb]/[416.8mb]}
Sep 22, 2015 10:57:39 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
INFO: [logstash-debian-23118-13460] [gc][young][457][7938] duration [941ms], collections [1]/[1s], total [941ms]/[48.7s], memory [110.9mb]->[114.2mb]/[491.6mb], all_pools {[young] [894.6kb]->[4.1mb]/[66.5mb]}{[survivor] [512kb]->[512kb]/[8.3mb]}{[old] [109.5mb]->[109.5mb]/[416.8mb]}
Sep 22, 2015 11:00:42 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
INFO: [logstash-debian-23118-13460] [gc][young][635][11214] duration [703ms], collections [1]/[2.7s], total [703ms]/[1.1m], memory [158.2mb]->[160.1mb]/[491.6mb], all_pools {[young] [3.7mb]->[2mb]/[66.5mb]}{[survivor] [512kb]->[509.4kb]/[8.3mb]}{[old] [153.9mb]->[157.5mb]/[416.8mb]}
Sep 22, 2015 11:01:33 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
WARNING: [logstash-debian-23118-13460] [gc][young][684][12144] duration [1s], collections [1]/[2.4s], total [1s]/[1.2m], memory [201.6mb]->[200mb]/[491.6mb], all_pools {[young] [4.1mb]->[50.1kb]/[66.5mb]}{[survivor] [512kb]->[512kb]/[8.3mb]}{[old] [197mb]->[199.5mb]/[416.8mb]}
Sep 22, 2015 11:02:17 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
WARNING: [logstash-debian-23118-13460] [gc][young][727][12972] duration [1.3s], collections [1]/[1s], total [1.3s]/[1.3m], memory [186.5mb]->[188mb]/[491.6mb], all_pools {[young] [2.2mb]->[4.1mb]/[66.5mb]}{[survivor] [512kb]->[512kb]/[8.3mb]}{[old] [183.7mb]->[183.4mb]/[416.8mb]}
Sep 22, 2015 11:04:40 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
WARNING: [logstash-debian-23118-13460] [gc][young][864][15273] duration [1.3s], collections [1]/[2.9s], total [1.3s]/[1.6m], memory [122.9mb]->[125.8mb]/[491.6mb], all_pools {[young] [2.6mb]->[1.9mb]/[66.5mb]}{[survivor] [512kb]->[511.9kb]/[8.3mb]}{[old] [119.7mb]->[123.3mb]/[416.8mb]}
Sep 22, 2015 11:05:30 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
WARNING: [logstash-debian-23118-13460] [gc][young][912][16079] duration [1.3s], collections [1]/[2.5s], total [1.3s]/[1.7m], memory [183.9mb]->[181.4mb]/[491.6mb], all_pools {[young] [4.1mb]->[101.1kb]/[66.5mb]}{[survivor] [510.1kb]->[499.7kb]/[8.3mb]}{[old] [179.3mb]->[180.8mb]/[416.8mb]}
Sep 22, 2015 11:06:16 AM org.elasticsearch.monitor.jvm.JvmMonitorService$JvmMonitor monitorLongGc
INFO: [logstash-debian-23118-13460] [gc][young][956][16816] duration [915ms], collections [1]/[2s], total [915ms]/[1.8m], memory [175.2mb]->[144.9mb]/[491.6mb], all_pools {[young] [3.7mb]->[12.5kb]/[66.5mb]}{[survivor] [357.1kb]->[259.6kb]/[8.3mb]}{[old] [171.2mb]->[144.6mb]/[416.8mb]}
 
4、查看kibana日志
cat  /opt/kibanalog/nohup .out 
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "msg" : "No existing kibana index found" , "time" : "2015-09-22T02:53:28.503Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "msg" : "Listening on 10.1.10.185:5601" , "time" : "2015-09-22T02:53:28.538Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:29 GMT" , "if-none-match" : "W/\"6f9-3043805189\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57468}, "res" :{ "statusCode" :304, "responseTime" :6, "contentLength" :0}, "msg" : "GET / 304 - 6ms" , "time" : "2015-09-22T02:53:49.894Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/main.css?_b=7562" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/css,*/*;q=0.1" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"335dc-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57468}, "res" :{ "statusCode" :304, "responseTime" :18, "contentLength" :0}, "msg" : "GET /styles/main.css?_b=7562 304 - 18ms" , "time" : "2015-09-22T02:53:49.964Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/images/initial_load.gif" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "image/png,image/*;q=0.8,*/*;q=0.5" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:29 GMT" , "if-none-match" : "W/\"2e9e-3043805189\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57468}, "res" :{ "statusCode" :304, "responseTime" :2, "contentLength" :0}, "msg" : "GET /images/initial_load.gif 304 - 2ms" , "time" : "2015-09-22T02:53:49.968Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/bower_components/requirejs/require.js?_b=7562" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "*/*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:29 GMT" , "if-none-match" : "W/\"14703-3043805189\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57469}, "res" :{ "statusCode" :304, "responseTime" :1, "contentLength" :0}, "msg" : "GET /bower_components/requirejs/require.js?_b=7562 304 - 1ms" , "time" : "2015-09-22T02:53:49.969Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/require.config.js?_b=7562" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "*/*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:29 GMT" , "if-none-match" : "W/\"a66-3043805189\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :304, "responseTime" :2, "contentLength" :0}, "msg" : "GET /require.config.js?_b=7562 304 - 2ms" , "time" : "2015-09-22T02:53:49.970Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57471}, "res" :{ "statusCode" :304, "responseTime" :3, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 3ms" , "time" : "2015-09-22T02:53:49.970Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/index.js?_b=7562" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "*/*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:29 GMT" , "if-none-match" : "W/\"5489a7-3043805189\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57472}, "res" :{ "statusCode" :304, "responseTime" :1, "contentLength" :0}, "msg" : "GET /index.js?_b=7562 304 - 1ms" , "time" : "2015-09-22T02:53:50.037Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57468}, "res" :{ "statusCode" :304, "responseTime" :0, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 0ms" , "time" : "2015-09-22T02:53:50.203Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/config?_b=7562" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" , "if-none-match" : "W/\"151-5c053bf3\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57469}, "res" :{ "statusCode" :304, "responseTime" :3, "contentLength" :0}, "msg" : "GET /config?_b=7562 304 - 3ms" , "time" : "2015-09-22T02:53:50.492Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/elasticsearch/?_=1442890430562" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :12, "contentLength" :333}, "msg" : "GET /?_=1442890430562 200 - 12ms" , "time" : "2015-09-22T02:53:50.883Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57471}, "res" :{ "statusCode" :304, "responseTime" :0, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 0ms" , "time" : "2015-09-22T02:53:50.923Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57472}, "res" :{ "statusCode" :304, "responseTime" :0, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 0ms" , "time" : "2015-09-22T02:53:50.926Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57468}, "res" :{ "statusCode" :304, "responseTime" :1, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 1ms" , "time" : "2015-09-22T02:53:50.929Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/elasticsearch/_nodes?_=1442890430791" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :63, "contentLength" :5943}, "msg" : "GET /_nodes?_=1442890430791 200 - 63ms" , "time" : "2015-09-22T02:53:51.153Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "HEAD" , "url" : "/elasticsearch/.kibana" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :404, "responseTime" :6, "contentLength" :0}, "msg" : "HEAD /.kibana 404 - 6ms" , "time" : "2015-09-22T02:53:51.171Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "POST" , "url" : "/elasticsearch/.kibana" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "content-type" : "application/json;charset=utf-8" , "referer" : "http://10.1.10.185:5601/" , "content-length" : "35" , "connection" : "keep-alive" , "pragma" : "no-cache" , "cache-control" : "no-cache" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :546, "contentLength" :21}, "msg" : "POST /.kibana 200 - 546ms" , "time" : "2015-09-22T02:53:51.726Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/elasticsearch/_cluster/health/.kibana?wait_for_status=yellow&_=1442890431632" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :467, "contentLength" :313}, "msg" : "GET /_cluster/health/.kibana?wait_for_status=yellow&_=1442890431632 200 - 467ms" , "time" : "2015-09-22T02:53:52.398Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "POST" , "url" : "/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1442890430199" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "content-type" : "application/json;charset=utf-8" , "referer" : "http://10.1.10.185:5601/" , "content-length" : "62" , "connection" : "keep-alive" , "pragma" : "no-cache" , "cache-control" : "no-cache" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :60, "contentLength" :76}, "msg" : "POST /_mget?timeout=0&ignore_unavailable=true&preference=1442890430199 200 - 60ms" , "time" : "2015-09-22T02:53:52.665Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "POST" , "url" : "/elasticsearch/.kibana/config/4.1.2" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "content-type" : "application/json;charset=utf-8" , "referer" : "http://10.1.10.185:5601/" , "content-length" : "17" , "connection" : "keep-alive" , "pragma" : "no-cache" , "cache-control" : "no-cache" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :201, "responseTime" :33, "contentLength" :79}, "msg" : "POST /.kibana/config/4.1.2 201 - 33ms" , "time" : "2015-09-22T02:53:52.908Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "POST" , "url" : "/elasticsearch/_mget?timeout=0&ignore_unavailable=true&preference=1442890430199" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "content-type" : "application/json;charset=utf-8" , "referer" : "http://10.1.10.185:5601/" , "content-length" : "62" , "connection" : "keep-alive" , "pragma" : "no-cache" , "cache-control" : "no-cache" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :6, "contentLength" :116}, "msg" : "POST /_mget?timeout=0&ignore_unavailable=true&preference=1442890430199 200 - 6ms" , "time" : "2015-09-22T02:53:53.126Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "POST" , "url" : "/elasticsearch/.kibana/index-pattern/_search?fields=" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "content-type" : "application/json;charset=utf-8" , "referer" : "http://10.1.10.185:5601/" , "content-length" : "44" , "connection" : "keep-alive" , "pragma" : "no-cache" , "cache-control" : "no-cache" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :152, "contentLength" :124}, "msg" : "POST /.kibana/index-pattern/_search?fields= 200 - 152ms" , "time" : "2015-09-22T02:53:53.529Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57469}, "res" :{ "statusCode" :304, "responseTime" :1, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 1ms" , "time" : "2015-09-22T02:53:54.035Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57471}, "res" :{ "statusCode" :304, "responseTime" :0, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 0ms" , "time" : "2015-09-22T02:53:54.036Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/styles/theme/elk.ico" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:30 GMT" , "if-none-match" : "W/\"47e-873763449\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57472}, "res" :{ "statusCode" :304, "responseTime" :9, "contentLength" :0}, "msg" : "GET /styles/theme/elk.ico 304 - 9ms" , "time" : "2015-09-22T02:53:54.051Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/elasticsearch/logstash-*/_mapping/field/*?ignore_unavailable=false&allow_no_indices=false&include_defaults=true&_=1442890433545" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/json, text/plain, */*" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/" , "connection" : "keep-alive" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :200, "responseTime" :235, "contentLength" :11412}, "msg" : "GET /logstash-*/_mapping/field/*?ignore_unavailable=false&allow_no_indices=false&include_defaults=true&_=1442890433545 200 - 235ms" , "time" : "2015-09-22T02:53:54.096Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/images/no_border.png" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "image/png,image/*;q=0.8,*/*;q=0.5" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "gzip, deflate" , "referer" : "http://10.1.10.185:5601/styles/main.css?_b=7562" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:29 GMT" , "if-none-match" : "W/\"10ab-3043805189\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57470}, "res" :{ "statusCode" :304, "responseTime" :2, "contentLength" :0}, "msg" : "GET /images/no_border.png 304 - 2ms" , "time" : "2015-09-22T02:53:54.377Z" , "v" :0}
{ "name" : "Kibana" , "hostname" : "debian" , "pid" :23238, "level" :30, "req" :{ "method" : "GET" , "url" : "/bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0" , "headers" :{ "host" : "10.1.10.185:5601" , "user-agent" : "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" , "accept" : "application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8" , "accept-language" : "zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3" , "accept-encoding" : "identity" , "referer" : "http://10.1.10.185:5601/styles/main.css?_b=7562" , "connection" : "keep-alive" , "if-modified-since" : "Tue, 08 Sep 2015 20:12:29 GMT" , "if-none-match" : "W/\"ffac-3043805189\"" }, "remoteAddress" : "10.1.10.131" , "remotePort" :57468}, "res" :{ "statusCode" :304, "responseTime" :1, "contentLength" :0}, "msg" : "GET /bower_components/font-awesome/fonts/fontawesome-webfont.woff?v=4.2.0 304 - 1ms" , "time" : "2015-09-22T02:53:54.378Z" , "v" :0}
 
八、clientB安装配置logstash(agent)
1、安装java环境
apt-get -y  install  openjdk-7-jdk
 
2、下载logstash
wget https: //download .elastic.co /logstash/logstash/packages/debian/logstash_1 .5.3-1_all.deb
 
3、安装logstash
dpkg -i logstash_1.5.3-1_all.deb
(Reading database ... 30338 files and directories currently installed.)
Unpacking logstash (from logstash_1.5.3-1_all.deb) ...
Setting up logstash (1:1.5.3-1) ...
 
4、配置(默认没有这个配置文件)
1)配置logstash_agent
cat  /etc/logstash/conf .d /logstash_agent .conf
input {
         file  {
                 type  =>  "message"
                 path => [ "/var/log/message'" ]
         }
}
output {
         redis {
                 host =>  "10.1.10.185"
                 data_type =>  "list"
                 key =>  "logstash:redis"
         }
}
 
5、启动服务
/etc/init .d /logstash  start
logstash started.
 
6、使用jps -mlv或 ps  -ef来查看下进程
ps  -ef| grep  logst
logstash  22932      1 16 15:19 pts /0     00:00:01  /usr/bin/java  -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless= true  -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir= /var/lib/logstash  -Xmx500m -Xss2048k -Djffi.boot.library.path= /opt/logstash/vendor/jruby/lib/jni  -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless= true  -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir= /var/lib/logstash  -Xbootclasspath /a : /opt/logstash/vendor/jruby/lib/jruby .jar -classpath : -Djruby.home= /opt/logstash/vendor/jruby  -Djruby.lib= /opt/logstash/vendor/jruby/lib  -Djruby.script=jruby -Djruby.shell= /bin/sh  org.jruby.Main --1.9  /opt/logstash/lib/bootstrap/environment .rb logstash /runner .rb agent -f  /etc/logstash/conf .d -l  /var/log/logstash/logstash .log
 
7、设置开机启动
update-rc.d logstash defaults
update-rc.d: using dependency based boot sequencing
 
九、参考文章:
https: //www .elastic.co /products
http: //wsgzao .github.io /post/elk/









本文转自 xdoujiang 51CTO博客,原文链接:http://blog.51cto.com/7938217/1697309,如需转载请自行联系原作者
文章标签:
日志服务
检索分析服务 Elasticsearch版
云数据库 Redis 版
NoSQL
Redis
Java
Windows
监控
关键词:
日志服务平台
日志服务elk
ELK日志
elk日志服务
ELK平台
相关实践学习
日志服务之使用Nginx模式采集日志
本文介绍如何通过日志服务控制台创建Nginx模式的Logtail配置快速采集Nginx日志并进行多维度分析。
余二五
目录
相关文章
阿里云瑶池数据库SelectDB
|
1月前
|
存储 监控 安全
《SelectDB 新一代日志存储分析平台解决方案》白皮书重磅发布|立即下载
作为基于 Apache Doris 打造的现代化数据仓库,SelectDB 不拘泥于传统数仓的限制,针对日志数据的特点引入了多项创新性技术,使用户可基于 SelectDB 构建开放、高性能、低成本、统一的日志存储分析平台, 截至目前已在近百家行业内知名企业中落地。
阿里云瑶池数据库SelectDB
174 0
《SelectDB 新一代日志存储分析平台解决方案》白皮书重磅发布|立即下载
嘟嘟嘟嘟嘟嘟
|
1月前
|
机器学习/深度学习 人工智能 DataWorks
人工智能平台PAI产品使用合集之在使用行调用时遇到一直卡在ps job的问题,并且无法在DataWorks上查看到相关日志,是什么导致的
阿里云人工智能平台PAI是一个功能强大、易于使用的AI开发平台,旨在降低AI开发门槛,加速创新,助力企业和开发者高效构建、部署和管理人工智能应用。其中包含了一系列相互协同的产品与服务,共同构成一个完整的人工智能开发与应用生态系统。以下是对PAI产品使用合集的概述,涵盖数据处理、模型开发、训练加速、模型部署及管理等多个环节。
嘟嘟嘟嘟嘟嘟
225 2
欢喜躲在眉梢里
|
24天前
|
存储 消息中间件 监控
日志收集分析器(ELK)
日志收集分析器(ELK)
欢喜躲在眉梢里
20 0
欢喜躲在眉梢里
|
24天前
|
消息中间件 NoSQL Kafka
日志收集平台项目nginx、kafka、zookeeper、filebeat搭建的基本配置(2)
日志收集平台项目nginx、kafka、zookeeper、filebeat搭建的基本配置(2)
欢喜躲在眉梢里
35 0
欢喜躲在眉梢里
|
24天前
|
消息中间件 应用服务中间件 Kafka
日志收集平台项目nginx、kafka、zookeeper、filebeat搭建的基本配置(1)
日志收集平台项目nginx、kafka、zookeeper、filebeat搭建的基本配置(1)
欢喜躲在眉梢里
14 0
让线程再跑一会
|
1月前
|
消息中间件 数据采集 关系型数据库
离线数仓(三)【业务日志采集平台搭建】(2)
离线数仓(三)【业务日志采集平台搭建】
让线程再跑一会
195 1
让线程再跑一会
|
1月前
|
消息中间件 前端开发 Kafka
离线数仓(二)【用户行为日志采集平台搭建】(1)
离线数仓(二)【用户行为日志采集平台搭建】
让线程再跑一会
30 1
让线程再跑一会
|
1月前
|
存储 消息中间件 Kafka
离线数仓(三)【业务日志采集平台搭建】(1)
离线数仓(三)【业务日志采集平台搭建】
让线程再跑一会
187 0
让线程再跑一会
|
1月前
|
消息中间件 存储 JSON
离线数仓(二)【用户行为日志采集平台搭建】(2)
离线数仓(二)【用户行为日志采集平台搭建】
让线程再跑一会
30 0
玉米侠爱吃玉米
|
2月前
|
存储 编解码 监控
实验模拟 搭建elk 日志分析系统
实验模拟 搭建elk 日志分析系统
玉米侠爱吃玉米
49 0

热门文章

最新文章

  • 1
    Oracle自动清理日志脚本
  • 2
    Operations Manager 2007 中创建基于 NT 事件日志的警报生成规则-part6
  • 3
    使apache的日志文件里不记录图片文件
  • 4
    Log4Net异常日志记录在asp.net mvc3.0的应用
  • 5
    RedHat系统常用的日志文件详解三
  • 6
    镜像日志传输
  • 7
    Oracle 12c RAC 日志体系结构的变化
  • 8
    怎么样做好日志类的报警监控
  • 9
    管理日志-原创理论工具--技能方格图
  • 10
    由一条日志警告所做的调优分析
  • 1
    更优性能与性价比,从自建 ELK 迁移到 SLS 开始
    55618
  • 2
    ELK架构监控MySQL慢日志
    273
  • 3
    ELK架构
    59
  • 4
    【开发专题_03】unable to access ‘https://github.com/deviantony/docker-elk.git/‘: Failed connect to github
    93
  • 5
    日志分析对决:揭示 ELK 与 GrayLog 的优势和差异
    653
  • 6
    ELK技术栈 - Kibana 学习笔记
    55
  • 7
    ELK技术栈 - Elasticsearch 学习笔记(三)
    63
  • 8
    ELK技术栈 - Elasticsearch 学习笔记(二)
    222
  • 9
    ELK技术栈 - Elasticsearch 学习笔记(一)
    210
  • 10
    ELK技术栈 - logstash学习笔记(九)
    45

    • 相关课程

    更多
  • 基于MongoDB构建实时日志分析平台
  • 日志服务SLS实现云产品可观测
  • 日志服务 SLS 可观测数据分析平台介绍
  • 大数据知识图谱系列—基于ELK+Flink日志全观测最佳实践
  • 场景实践-基于阿里云Quick BI 对MOOC网站日志分析
  • 阿里云实时数仓实战 - 用户行为数仓搭建

    • 相关电子书

    更多
  • PostgresChina2018_赖思超_PostgreSQL10_hash索引的WAL日志修改版final
  • Kubernetes下日志实时采集、存储与计算实践
  • 日志数据采集与分析对接

    • 相关实验场景

    更多
  • 通过日志服务实现云资源OSS的安全审计
  • 如何将OSS数据导入至SLS中进行分析
  • 日志服务之使用Nginx模式采集日志
  • 使用阿里云Elasticsearch体验信息检索加速
  • 使用阿里云Elasticsearch快速搭建可观测系统
    • 下一篇
    通义千问API入门教程