++elk官网:www.elastic.co++
filebeat: 搜集日志
Elasticsearch: 存储日志
Kibana: 查寻和可视化日志;
elasticsearch部署
elasticsearch下载地址:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.2.tar.gz==================================================================
elasticsearch的安装,它依赖于java的环境,所以得先配置java环境
tar xf jdk-1.8.0_211.tar.gz -C /usr/local/ ##给JDK解压,指定路径为/usr/local下
vim /etc/profile: ##配置环境变量
export JAVA_HOME=/usr/local/jdk1.8.0_121
export PATH=$JAVA_HOME:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar安装elasticsearch :
tar xf elasticsearch-5.2.2.tar.gz -C /usr/local/ ##指定解压的路径
cd /usr/local/elasticsearch-5.2.2
chown -R alex.alex /usr/local/elasticsearch-5.2.2
su - alex ./bin/elasticsearch -d ##elasticsearch不能root启动 修改elasticsearch的配置文件:
cat /usr/local/elasticsearch-5.2.2/config/elasticsearch.yml
path.data:/data/elasticsearch/data
path.logs:/data/elasticsearch/logs
network.host:0.0.0.0
http.cors.enabled:true
http.cors.allow-origin:"*"elasticsearch对内核系统参数有规定,所以设置内核参数:
==ulimit -n 查看当前环境的参数. 如果大于或者等于65536 就可以了==
#! 或者修改为: (elasticsearch启动不能用root 所以其他用户的环境也要大于65536)
cat /etc/security/limits.conf
soft nproc 65536
hard nproc 65536
soft nofile 65536
hard nofile 65536
cat /etc/sysctl.conf
vm.max_map_count= 262144
sysctl -p ###查看参数修改ulimit遇到的问题. 以上值都修改了,也重启了,就是不生效.
==! {查看/etc/Profile 脚本里面有个 " ulimit -n " 把他的值修改为65536}==
其次要注意的就是权限问题. 最好把elasticsearch整个目录设置为启动的普通用户为用户主目录.
用alex 启动elasticsearch服务
su - alex
./usr/local/elasticsearch-5.2.2/bin/elasticsearch & netstart -antupl |grep :9200 curl localhost:9200filebeat安装
filebeat下载地址:
wget https://www.elastic.co/downloads/beats/filebeat配置文件是filebeat.yml
vim filebeat.yml
host ["serverIP:9200"]
index "myIP-%{+yyyy.MM.dd}"** filebeat 可以指定多配置启动.
kibana 安装文档:
wge https://artifacts.elastic.co/downloads/kibana/kibana-6.0.1-linux-x86_64.tar.gz
tar xf kibana-6.0.1-linux-x86_64.tar.gz配置文件修改如下:
cat kibana.yml |grep -v "#" |grep -v "^$"
server.port: 5000
server.host: "0.0.0.0"
elasticsearch.url: "http://116.62.167.119:9200"遇到的问题
如果elasticsearch和kibana 是商业版的有账号和密码
filebeat 配置文件中配置如下:
filebeat.prospectors:
- input_type: log
paths:
- /data/app_logs/shoot-pay-uat/*.log
output.elasticsearch:
hosts: ["es-cn-0pp0gy1kt000a0iqg.elasticsearch.aliyuncs.com:9200"]
username: "elastic"
password: "Misadmin123"
index: "shoot-pay-uat-%{+yyyy.MM.dd}"cerebro
下载地址:https://github.com/KELiON/cerebro/releases #选择合适版本
解压:tar xf cerebro-xxx
配置文件为==config/application== 配置如下
secret = "ki:s:[[@=Ag?QI`W2jMwkY:eqvrJ]JqoJyi2axj3ZvOv^/KavOT4ViJSv?6YY4[N"
basePath = "/"
rest.history.size = 50 // defaults to 50 if not specified
data.path = "./cerebro.db"
auth = {
}
hosts = [
{
host = "http://118.31.188.238:9200"
name = "elasticsearch"
}
]#
启动脚本在/bin/cerebro && 启动:
nohup ./usr/local/cerebro/bin/cerebro &
#
用浏览器访问:
cerebro_server-ip:9000 #9000为默认端口
原文地址:http://blog.51cto.com/11804562/2103845