- Elasticsearch:一个开源分布式搜索引擎。分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载。
- Logstash:一个开源工具,对日志进行收集、过滤,并将其存储供以后使用。
- Kibana:一个开源和免费的工具,它可以为 Logstash 和 ElasticSearch 提供的日志生成友好的 Web 界面,可以帮助您汇总、分析和搜索重要数据日志。
1. Elasticsearch
安装 JDK:Linux 配置 JDK 环境
# 关闭防火墙
systemctl stop firewalld && systemctl disable firewalld
# firewall-cmd --add-port=9200/tcp --permanent
# firewall-cmd --add-port=9300/tcp --permanent
# firewall-cmd --add-port=5601/tcp --permanent
# firewall-cmd --reload
# 添加仓库
cat <<EOF | tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
# 引入 GPG key
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# 更新 yum
yum clean all
yum makecache
# 安装 Elasticsearch
yum install -y elasticsearch
systemctl daemon-reload
systemctl start elasticsearch && systemctl enable elasticsearch
systemctl status elasticsearch
curl localhost:9200
# 更改配置
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: my-application
node.name: master
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["master", "node-1"]
systemctl restart elasticsearch
2. Kibana
yum install -y kibana
systemctl start kibana && systemctl enable kibana
systemctl status kibana
curl localhost:5601 -L
vi /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
systemctl restart kibana
3. Logstash
yum install -y logstash
systemctl start logstash
systemctl status logstash
4. 测试
vi test.log
hello logstash!
vi test.conf
input {
file {
path => ["/root/test/test.log"]
sincedb_path => "/dev/null"
start_position => "beginning"
}
}
filter {
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
}
}
/usr/share/logstash/bin/logstash -f test.conf
访问:http://192.168.11.100:9200/_cat/indices?v
访问:http://192.168.11.100:9200/logstash-2021.04.28-000001/_search