• [2017-07-18]ELK安装笔记



    ELK

    1. ElasticSearch
    2. LogStash
    3. Kibana

    Server:CentOS 7

    采用RPM导入官方源方式进行安装

    rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
    

    /etc/yum.repo.d/建立文件elastic.repo,内容如下

    [elastic-5.x]
    name=Elasticsearch repository for 5.x packages
    baseurl=https://artifacts.elastic.co/packages/5.x/yum
    gpgcheck=1
    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    autorefresh=1
    type=rpm-md
    

    1. ElasticSearch

    执行sudo yum install elasticsearch

    ElasticSearch默认data目录为/var/lib/elasticsearch
    迁移索引文件步骤示例(从默认路径迁移到/data)

    #停止es服务
    ...
    cp -r /var/lib/elasticsearch/ /data/elasticsearch/
    chown -R elasticsearch:elasticsearch /data/elasticsearch/
    mv /var/lib/elasticsearch/nodes /var/lib/elasticsearch/tmp_nodes
    ...
    #启用es服务
    

    2. LogStash

    执行sudo yum install logstash

    如果执行systemctl list-unit-files|grep logstash未找到logstash.service,
    则在/etc/systemd/system目录下新建logstash.service,内容如下

    [Unit]
    Description=logstash
    
    [Service]
    Type=simple
    User=logstash
    Group=logstash
    # Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
    # Prefixing the path with '-' makes it try to load, but if the file doesn't
    # exist, it continues onward.
    EnvironmentFile=-/etc/default/logstash
    EnvironmentFile=-/etc/sysconfig/logstash
    ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
    Restart=always
    WorkingDirectory=/
    Nice=19
    LimitNOFILE=16384
    
    [Install]
    WantedBy=multi-user.target
    

    Logstash 配置持久化缓冲队列

    3. Kibana

    执行sudo yum install kibana

    配置端口和Host,在/etc/kibana/kibana.yml中启用

    server.port: 5601
    server.host: "your_host_or_ip"
    

    4. Filebeat

    执行sudo yum install filebeat

    5. X-Pack(Kibana开启认证机制)

    • (必选)执行sudo /usr/share/elasticsearch/bin/elasticsearch-plugin install x-pack
    • (必选)执行sudo /usr/share/kibana/bin/kibana-plugin install x-pack
    • (可选)执行sudo /usr/share/logstash/bin/logstash-plugin install x-pack

    启用x-pack后,需要到各组件配置文件中修改账号密码。默认账号密码为:

    • elastic : changeme
    • kibana : changeme
    • logstash_system: changeme

    其中内建账号elastic的权限最高

    [personball@centos-linux ~]$ curl -XGET http://elastic:changeme@localhost:9200/_xpack/security/user
    {
        "elastic": {
            "username": "elastic",
            "roles": ["superuser"],
            "full_name": null,
            "email": null,
            "metadata": {
                "_reserved": true
            },
            "enabled": true
        },
        "kibana": {
            "username": "kibana",
            "roles": ["kibana_system"],
            "full_name": null,
            "email": null,
            "metadata": {
                "_reserved": true
            },
            "enabled": true
        },
        "logstash_system": {
            "username": "logstash_system",
            "roles": ["logstash_system"],
            "full_name": null,
            "email": null,
            "metadata": {
                "_reserved": true
            },
            "enabled": true
        }
    }
    [personball@centos-linux ~]$
    

    访问elasticsearch携带账号密码示例

    curl -XGET http://elastic:changeme@localhost:9200/
    

    /etc/kibana/kibana.yml配置更新,设置好elasticsearch的访问密码

    server.port: 5601
    server.host: "10.211.55.5"
    elasticsearch.url: "http://localhost:9200"
    elasticsearch.username: "elastic"
    elasticsearch.password: "changeme"
    

    /etc/logstash/conf.d/各配置更新,设置好output访问elasticsearch的访问密码

    elasticsearch {
        hosts => ["localhost:9200"]
        user => "elastic"
        password => "changeme"
    }
    

    6. Metricbeat 系统级监控

    sudo yum install metricbeat

    导入Dashboard /usr/share/metricbeat/scripts/import_dashboards -es http://elastic:changeme@localhost:9200/
    (根据导入的查询和视图,添加自己的过滤器,可以较快建立可用的Dashboard)

    Metricbeate配置

    win2008 无法执行ps脚本安装Metricbeat的问题

    以管理员身份打开cmd,执行sc安装服务,命令如下

    sc create metricbeat displayName= metricbeat binPath= "C:\metricbeat-5.5.0-windows-x86_64\metricbeat.exe -c C:\metricbeat-5.5.0-windows-x86_64\metricbeat.yml -path.home C:\metricbeat-5.5.0-windows-x86_64 -path.data C:\ProgramData\metricbeat" start= auto
  • 相关阅读:
    人生的诗·260~264节
    唐诗宋词·151~155节
    人生的诗·270~274节
    人生的诗·265~269节
    人生的诗·255~259节
    唐诗宋词学习·146~150节
    唐诗宋词学习·156~160节
    加载时xml 报 未能映射路径"***.xml"
    我喜欢的语言总结语句
    关于图片延迟的一点思路
  • 原文地址:https://www.cnblogs.com/personball/p/7455939.html
Copyright © 2020-2023  润新知