Centos7.0 安装ELK(5.5.1版本)

安装环境:

操作系统:centos7.0

elasticsearch:5.5.1

kibana:5.5.1

logstash:5.5.1

JDK:jdk1.8.0_101

下载地址:https://www.elastic.co/downloads

JDK的安装此处就不做说明,自行百度。

首先文件下载存放至/data/ELK,目录看个人习惯存放。

文件列表:

elasticsearch-5.5.1.tar.gz

kibana-5.5.1-linux-x86_64.tar.gz

logstash-5.5.1.tar.gz

安装elasticsearch

创建elasticsearch组与用户及设置密码:

[root@bigdata2 bin]# groupadd elsearchgroup //创建elasticserch组
[root@bigdata2 bin]# useradd -g elsearchgroup elsearchuser //创建elasticserch用户
[root@bigdata2 bin]# passwd elsearchuser //设置elasticserch用户的密码
Changing password for user elsearchuser.
New password:
BAD PASSWORD: The password contains the user name in some form
Retype new password:
passwd: all authentication tokens updated successfully.
[root@bigdata2 ELK]# cd /data/ELK/
[root@bigdata2 ELK]# chown -R elsearchuser:elsearchgroup elasticsearch //将文件夹拥有者赋给elsearchuser
[root@bigdata2 ELK]# su elsearchuser //切换到elsearchuser用户
[elsearchuser@bigdata2 ELK]$ chmod -R +x elasticsearch //授予该文件及遍历子文件夹可执行权限

修改配置文件

[elsearchuser@bigdata2 ELK]$vi /data/ELK/elasticsearch/conf/elasticsearch.yml

将network.host 改为本机地址或者0.0.0.0即可。

启动服务器

[elsearchuser@bigdata2 ELK]$/data/ELK/elasticsearch/bin/elasticsearch -d #-d 为后台运行

安装logstash

[root@bigdata2 ELK]# tar -zxvf logstash-5.5.1.tar.gz
[root@bigdata2 ELK]# mv logstash-5.5.1 logstash
[root@bigdata2 ELK]# cd logstash/bin
[root@bigdata2 ELK]# touchlogstash.sh
插入以下shell脚本内容:

#!/bin/sh  
# -*- coding: utf-8 -*-  
#  
#  
# Authors:huwj  
# Purpose: control ./logstash.sh start|stop|force-stop|status|restart   
#  
#  
# customer env  
name=logstash  
pidfile="/var/run/${name}.pid"  
LS_HOME=/data/ELK/logstash  
export PATH=/sbin:/usr/sbin:/bin:/usr/bin:${LS_HOME}/bin  
# must use root   
if [ `id -u` -ne 0 ]; then  
   echo "You need root privileges to run this script"  
   exit 1  
fi  
# optimizations  
LS_HEAP_SIZE="1024m"  
LS_OPEN_FILES=102400  
# logstash comm  
# LS_OPTS="--debug"  
LS_OPTS="--quiet"  
LS_LOG_DIR=${LS_HOME}/logs  
LS_CONF_DIR="${LS_HOME}/etc/logstash.d"  
[ ! -d ${LS_HOME} ] && mkdir -p ${LS_HOME}  
[ ! -d ${LS_LOG_DIR} ] && mkdir -p ${LS_LOG_DIR}  
[ ! -d ${LS_CONF_DIR} ] && mkdir -p ${LS_CONF_DIR}  
program=${LS_HOME}/bin/${name}  
args="-f ${LS_CONF_DIR} -l ${LS_LOG_DIR} ${LS_OPTS}"  
start() {  
  LS_JAVA_OPTS="${LS_JAVA_OPTS} -Djava.io.tmpdir=${LS_HOME}"  
  HOME=${LS_HOME}  
  export PATH HOME LS_HEAP_SIZE LS_JAVA_OPTS LS_USE_GC_LOGGING  
  ulimit -n ${LS_OPEN_FILES}  
  # Run the program!  
  bash -c "  
    cd $LS_HOME  
    ulimit -n ${LS_OPEN_FILES}  
    exec \"$program\" $args  
  " 2> "${LS_LOG_DIR}/${name}-error.log" &>/dev/null &  
  echo $! > $pidfile  
  echo "${name} started."  
  return 0  
}  
stop() {  
  if status ; then  
    pid=`cat "$pidfile"`  
    echo "Killing ${name} (pid $pid) with SIGTERM"  
    kill -TERM $pid  
    for i in 1 2 3 4 5 ; do  
      echo "Waiting ${name} (pid $pid) to die..."  
      status || break  
      sleep 1  
    done  
    if status ; then  
      echo "${name} stop failed; still running."  
    else  
      echo "${name} stopped."  
    fi  
  fi  
}  
status() {  
  if [ -f "$pidfile" ] ; then  
    pid=`cat "$pidfile"`  
    if kill -0 $pid > /dev/null 2> /dev/null ; then  
      return 0  
    else  
      return 2  
    fi  
  else  
    return 3  
  fi  
}  
force_stop() {  
  if status ; then  
    stop  
    status && kill -KILL `cat "$pidfile"`  
  fi  
}  
case "$1" in  
  start)  
    status  
    code=$?  
    if [ $code -eq 0 ]; then  
      echo "${name} is already running"  
    else  
      start  
      code=$?  
    fi  
    exit $code  
    ;;  
  stop) stop ;;  
  force-stop) force_stop ;;  
  status)   
    status  
    code=$?  
    if [ $code -eq 0 ] ; then  
      echo "${name} is running"  
    else  
      echo "${name} is not running"  
    fi  
    exit $code  
    ;;  
  restart)   
       
    stop && start   
    ;;  
  *)  
    echo "Usage: ${SCRIPTNAME} {start|stop|force-stop|status|restart}" >&2  
    exit 3  
  ;;  
esac  
exit $?


退出保存:wq
[root@bigdata2 ELK]# chmod +x logstash.sh //授予可执行权限
[root@bigdata2 ELK]# ./logstash.sh start //启动服务

安装kibana

[root@bigdata2 ELK]# tar -zxvf kibana-5.5.1.tar.gz
[root@bigdata2 ELK]# mv kibana-5.5.1 kibana
[root@bigdata2 ELK]# cd kibana/config
[root@bigdata2 kibana]# vi kibana.yml
修改以下配置
server.host 为0.0.0.0
elasticsearch.url: "http://192.168.40.249:9200" //本机可以直接填写localhost
[root@bigdata2 kibana]# cd ../bin
[root@bigdata2 bin]#nohup kibana & //后台运行

服务启动完成后,在浏览器中访问地址: http://192.168.40.249:5601


添加索引的正则,如上图,我的日志索引是lymtest,我就输入正则为 lymtest*,保存,添加成功


然后选择Discover模块,就可以查询采集的日志信息


到此,ELK 5.5.1就完成了搭建。

相关文章

文章浏览阅读903次。4.清除缓存目录(/var/cache/yum)下的软件...
文章浏览阅读1.5k次。Python 是一种高级解释性编程语言,已被...
文章浏览阅读2.6k次。打开终端或控制台,以root或具有sudo权...
文章浏览阅读744次,点赞24次,收藏26次。目标:通过AppSrv为...
文章浏览阅读1.1w次,点赞8次,收藏26次。chmod命令来自于英...
文章浏览阅读1.2k次。yum源的URL地址,本例中是文件系统的路...