ELK-6.5.3学习笔记–elk基础环境安装

时间 2020-05-12

标签 elk 6.5.3 学习笔记基础环境安装繁體版

原文原文链接

<article class="article-content"> <div class="read-time" style="color:#F86B06"><center>本文预计阅读时间 13 分钟</center></div><div id="toc-container"> <div id="toc">javascript

文章目录[隐藏]html

<ul> <li><a href="#toc-1" rel="nofollow" data-original-title="" title="">1，准备工做。</a></li> <li><a href="#toc-2" rel="nofollow" data-original-title="" title="">2，安装elasticsearch。</a></li> <li><a href="#toc-3" rel="nofollow" data-original-title="" title="">3，安装logstash。</a></li> <li><a href="#toc-4" rel="nofollow" data-original-title="" title="">4，安装kibana</a></li> </ul> </div> </div> 以往都是纸上谈兵，毕竟事情也都由部门其余小伙伴承担了，所以本身虽然也整理了笔记，当真的须要部署起来的时候，却发现并无这个能力，此次也几经磨难，总算修成正果，特此记录一下。 首先来快速将一个简易的环境部署起来。 其中防火墙关闭，selinux关闭等的就很少说了，系统是CentOS-7.3，干净并且初始化过了的环境。 <h3><a name="toc-1" data-original-title="" title=""></a>1，准备工做。</h3> <ul> <li>安装一些依赖包。</li> </ul> <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">yum -y install lrzsz vim curl wget java ntpdate && ntpdate -u cn.pool.ntp.org</code></li></ol></pre> 这里java环境是很是重要的，若是不经过yum安装，源码方式也是能够的。但要注意配置好环境变量。 <ul> <li>配置yum源。</li> </ul> 添加源： <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">cat > /etc/yum.repos.d/elk.repo << EOF</code></li><li class="L1"><code class="line-numbers">[elasticsearch-6.x]</code></li><li class="L2"><code class="line-numbers">name=Elasticsearch repository for 6.x packages</code></li><li class="L3"><code class="line-numbers">baseurl=https://artifacts.elastic.co/packages/6.x/yum</code></li><li class="L4"><code class="line-numbers">gpgcheck=1</code></li><li class="L5"><code class="line-numbers">gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch</code></li><li class="L6"><code class="line-numbers">enabled=1</code></li><li class="L7"><code class="line-numbers">autorefresh=1</code></li><li class="L8"><code class="line-numbers">type=rpm-md</code></li><li class="L9"><code class="line-numbers">EOF</code></li></ol></pre> 导入key： <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch</code></li></ol></pre> <code>若是执行这一步报错，则有多是主机时间问题，能够同步一下主机时间，再执行！</code> <blockquote> 注：一开始我想着把elk三个安装包都缓存下来，这样之后安装起来就会方便的多了，因而我这么作了，可是后来发现，通过缓存的包安装的elk集群，使用的时候是一种没有受权的状态，后来想起正常安装时有这样一个导入key的操做，思来想去，大概就是跟这一步有关系了。最后仍是老老实实的经过这样一个流程方式进行安装了。 </blockquote> <h3><a name="toc-2" data-original-title="" title=""></a>2，安装elasticsearch。</h3> 直接yum安装。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">yum -y install elasticsearch</code></li></ol></pre> 启动服务。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">systemctl daemon-reload</code></li><li class="L1"><code class="line-numbers">systemctl enable elasticsearch.service</code></li><li class="L2"><code class="line-numbers">systemctl start elasticsearch.service</code></li><li class="L3"><code class="line-numbers">systemctl status elasticsearch.service</code></li><li class="L4"><code class="line-numbers"></code></li><li class="L5"><code class="line-numbers">curl localhost:9200</code></li></ol></pre> 调整一下配置文件： <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">[root@elk ~]$egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml</code></li><li class="L1"><code class="line-numbers">cluster.name: my-application</code></li><li class="L2"><code class="line-numbers">node.name: node-1</code></li><li class="L3"><code class="line-numbers">path.data: /logs/elasticsearch6</code></li><li class="L4"><code class="line-numbers">path.logs: /logs/elasticsearch6/log</code></li><li class="L5"><code class="line-numbers">network.host: 0.0.0.0</code></li><li class="L6"><code class="line-numbers">http.port: 9200</code></li><li class="L7"><code class="line-numbers">discovery.zen.ping.unicast.hosts: ["elk-node1"]</code></li><li class="L8"><code class="line-numbers">discovery.zen.minimum_master_nodes: 1</code></li><li class="L9"><code class="line-numbers">xpack.security.enabled: false</code></li></ol></pre> <ul> <li><code>cluster.name</code>：自定义集群名，相同集群内的节点设置相同的集群名</li> <li><code>node.name</code>：自定义节点名，建议统一采用节点hostname</li> <li><code>path.data</code>：data存储路径，这里更改为自定义以应对日志的big。</li> <li><code>path.logs</code>：log存储路径，是为es本身的日志。</li> <li>注意建立上边两项定义的两个文件目录。不然会启动失败。</li> </ul> <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">mkdir -p /logs/elasticsearch6/log</code></li><li class="L1"><code class="line-numbers">cd /logs</code></li><li class="L2"><code class="line-numbers">chown -R elasticsearch.elasticsearch elasticsearch6/</code></li></ol></pre> <ul> <li>注意要更改对应目录的权限，不然es启动会报以下错误。</li> </ul> <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">[root@elk logs]$systemctl status elasticsearch</code></li><li class="L1"><code class="line-numbers">● elasticsearch.service - Elasticsearch</code></li><li class="L2"><code class="line-numbers"> Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)</code></li><li class="L3"><code class="line-numbers"> Active: failed (Result: exit-code) since Fri 2018-12-14 15:12:48 CST; 5min ago</code></li><li class="L4"><code class="line-numbers"> Docs: http://www.elastic.co</code></li><li class="L5"><code class="line-numbers"> Process: 79428 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)</code></li><li class="L6"><code class="line-numbers"> Main PID: 79428 (code=exited, status=1/FAILURE)</code></li><li class="L7"><code class="line-numbers">Dec 14 15:12:48 elk elasticsearch[79428]: 2018-12-14 15:12:48,084 main ERROR Null object returned for RollingFile in Appenders.</code></li><li class="L8"><code class="line-numbers">Dec 14 15:12:48 elk elasticsearch[79428]: 2018-12-14 15:12:48,084 main ERROR Unable to locate appender "rolling" for logger config "root"</code></li><li class="L9"><code class="line-numbers">Dec 14 15:12:48 elk elasticsearch[79428]: 2018-12-14 15:12:48,084 main ERROR Unable to locate appender "index_indexing_slowlog_rolling" for logger config "index.indexing.slowlog.index"</code></li><li class="L0"><code class="line-numbers">Dec 14 15:12:48 elk elasticsearch[79428]: 2018-12-14 15:12:48,084 main ERROR Unable to locate appender "audit_rolling" for logger config "org.elasticsearch.xpack.security....gAuditTrail"</code></li><li class="L1"><code class="line-numbers">Dec 14 15:12:48 elk elasticsearch[79428]: 2018-12-14 15:12:48,084 main ERROR Unable to locate appender "index_search_slowlog_rolling" for logger config "index.search.slowlog"</code></li><li class="L2"><code class="line-numbers">Dec 14 15:12:48 elk elasticsearch[79428]: 2018-12-14 15:12:48,084 main ERROR Unable to locate appender "deprecated_audit_rolling" for logger config "org.elasticsearch.xpac...gAuditTrail"</code></li><li class="L3"><code class="line-numbers">Dec 14 15:12:48 elk elasticsearch[79428]: 2018-12-14 15:12:48,085 main ERROR Unable to locate appender "deprecation_rolling" for logger config "org.elasticsearch.deprecation"</code></li><li class="L4"><code class="line-numbers">Dec 14 15:12:48 elk systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE</code></li><li class="L5"><code class="line-numbers">Dec 14 15:12:48 elk systemd[1]: Unit elasticsearch.service entered failed state.</code></li><li class="L6"><code class="line-numbers">Dec 14 15:12:48 elk systemd[1]: elasticsearch.service failed.</code></li><li class="L7"><code class="line-numbers">Hint: Some lines were ellipsized, use -l to show in full.</code></li></ol></pre> <ul> <li><code>network.host</code>：es监听地址，采用<code>"0.0.0.0"</code>，表示容许全部设备访问。</li> <li><code>http.port</code>：es监听端口，可不取消注释，默认即此端口。</li> <li><code>discovery.zen.ping.unicast.hosts</code>：集群节点发现列表，也可采用ip的形式</li> <li><code>discovery.zen.minimum_master_nodes</code>：若是暂时是单节点部署，能够设置成1</li> <li><code>xpack.security.enabled</code>：添加这条，这条是配置kibana的安全机制，暂时关闭。</li> </ul> 重启es。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">systemctl restart elasticsearch.service</code></li><li class="L1"><code class="line-numbers">systemctl status elasticsearch.service</code></li></ol></pre> <h3><a name="toc-3" data-original-title="" title=""></a>3，安装logstash。</h3> 直接yum安装。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">yum -y install logstash</code></li></ol></pre> 配置logstash。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">[root@elk ~]$egrep -v "^#|^$" /etc/logstash/logstash.yml</code></li><li class="L1"><code class="line-numbers">path.data: /var/lib/logstash</code></li><li class="L2"><code class="line-numbers">path.config: /etc/logstash/conf.d</code></li><li class="L3"><code class="line-numbers">path.logs: /var/log/logstash</code></li></ol></pre> 这个地方重要的是第二条配置，同许多应用相似的，这里定义了一个include的目录，之后咱们的多个应用实例就能够直接放置在这个目录下了，这里做为了解，后边并不会应用配置好的logstash，缘由在后边会说。 而后定义此logstash再也不使用系统管理启动，而是之后经过命令行来起对应的logstash实例。 同时建立软连接，从而让系统可以在<code>/usr/share/logstash</code>下读取到相对应的logstash配置信息。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">systemctl disable logstash.service</code></li><li class="L1"><code class="line-numbers">ln -s /etc/logstash /usr/share/logstash/config</code></li></ol></pre> 而后logstash先放在这里，不用启动，对应的日志等操做，后边就会介绍了。 <h3><a name="toc-4" data-original-title="" title=""></a>4，安装kibana</h3> 直接yum安装。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">yum -y install kibana</code></li></ol></pre> 配置kibana。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">[root@elk ~]$egrep -v "^#|^$" /etc/kibana/kibana.yml</code></li><li class="L1"><code class="line-numbers">server.port: 5601</code></li><li class="L2"><code class="line-numbers">server.host: "0.0.0.0"</code></li><li class="L3"><code class="line-numbers">elasticsearch.url: "http://10.100.120.82:9200"</code></li><li class="L4"><code class="line-numbers">kibana.index: ".newkibana"</code></li><li class="L5"><code class="line-numbers">xpack.security.enabled: false #添加这条，这条是配置kibana的安全机制，暂时关闭。</code></li></ol></pre> <ul> <li><code>kibana.index</code>：原来默认是<code>".kibana"</code>，可是新版本的kibana启动以后发现没法访问，访问以后抛出一个异常：<code>kibana server is not ready yet</code>，那么回来把配置更改为<code>".newkibana"</code>，而后重启kibana，再次访问，便可成功。</li> </ul> 启动kibana。 <pre class="prettyprint linenums"><ol class="linenums"><li class="L0"><code class="line-numbers">systemctl enable kibana.service</code></li><li class="L1"><code class="line-numbers">systemctl restart kibana</code></li><li class="L2"><code class="line-numbers">systemctl status kibana</code></li></ol></pre> 到这儿，基本上，做为单台的elk主机上的工做基本上已经完成，能够说很是简单，而，戏，也今后刚刚开始而已。 <hr><div class="s-weixin-one" style="margin:10px auto 20px;width:25pc"><div class="weimg-one" style="padding:5px;border:1px dashed #ccc"> <img src="http://www.eryajf.net/wp-content/uploads/2018/12/2018120715213483.png" alt="weinxin" style="float:left;margin:0 10px 0 0;width:30%;height:auto"><div class="weixin-h" style="float:left;width:65%">扫码订阅本站，第一时间得到更新</div><div style="float:left;width:65%;color:#999" class="weixin-h-w">微信扫描二维码，订阅咱们网站的动态，另外不定时发送WordPress小技巧，你能够随时退订，欢迎订阅哦~</div><div class="clear"></div></div></div><hr><div class="open-message">二丫讲梵 , 版权全部丨如未注明 , 均为原创丨本网站采用<a href="http://www.eryajf.net/go?url=http://creativecommons.org/licenses/by-nc-sa/3.0/" rel="nofollow" target="_blank" title="" data-original-title="BY-NC-SA受权协议">BY-NC-SA</a>协议进行受权 , 转载请注明<a href="http://www.eryajf.net/2351.html" target="_blank" title="" data-original-title="<一>ELK-6.5.3学习笔记–elk基础环境安装"><一>ELK-6.5.3学习笔记–elk基础环境安装</a>！</div> <div class="article-social"> <a href="javascript:;" data-action="ding" data-id="2351" id="Addlike" class="action" data-original-title="" title="">喜欢 (6)</a><style>.article-social .weixin:hover{background:#fff;}</style><a class="weixin" style="border-bottom:0px;font-size:15pt;cursor:pointer;" data-original-title="" title="">赏<div class="weixin-popover"><div class="popover bottom in"><div class="arrow"></div><div class="popover-title"><center>[若是想支持本站，可支付宝赞助]</center></div><div class="popover-content"><img width="200px" height="200px" src="https://ae01.alicdn.com/kf/HTB17dqke21G3KVjSZFk761K4XXav.png"></div></div></div></a>分享 (0)<div class="action-popover"><div class="popover top in"><div class="arrow"></div><div class="popover-content"><a href="#" class="sinaweibo fa fa-weibo" data-cmd="tsina" title="" data-original-title="分享到新浪微博"></a><a href="#" class="bds_qzone fa fa-star" data-cmd="qzone" title="" data-original-title="分享到QQ空间"></a><a href="#" class="qq fa fa-qq" data-cmd="sqq" title="" data-original-title="分享到QQ好友"></a><a href="#" class="bds_renren fa fa-renren" data-cmd="renren" title="" data-original-title="分享到人人网"></a><a href="#" class="bds_weixin fa fa-weixin" data-cmd="weixin" title="" data-original-title="分享到微信"></a><a href="#" class="bds_more fa fa-ellipsis-h" data-cmd="more" data-original-title="" title=""></a></div></div></div></div> 原文地址：http://www.eryajf.net/2351.html</article>java