ELK介绍、安装es、测试(查看集群状态)、总结
ELK介绍、安装es、测试(查看集群状态)、总结html
ELK介绍java
需求背景node
业务发展愈来愈庞大,服务器愈来愈多linux
各类访问日志、应用日志、错误日志量愈来愈多git
开发人员排查问题,须要到服务器上查日志,不方便web
运营人员须要一些数据,须要咱们运维到服务器上分析日志json
ELK介绍vim
官网https://www.elastic.co/cn/安全
中文指南https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/detailsbash
ELK Stack (5.0版本以后) Elastic Stack == (ELK Stack + Beats)
ELK Stack包含:ElasticSearch、Logstash、Kibana
ElasticSearch是一个搜索引擎,用来搜索、分析、存储日志。它是分布式的,也就是说能够横向扩容,能够自动发现,索引自动分片,总之很强大。文档https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html
Logstash用来采集日志,把日志解析为json格式交给ElasticSearch。
Kibana是一个数据可视化组件,把处理后的结果经过web界面展现
Beats在这里是一个轻量级日志采集器,其实Beats家族有5个成员
早期的ELK架构中使用Logstash收集、解析日志,可是Logstash对内存、cpu、io等资源消耗比较高。相比 Logstash,Beats所占系统的CPU和内存几乎能够忽略不计
x-pack对Elastic Stack提供了安全、警报、监控、报表、图表于一身的扩展包,是收费的
ELK架构
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
27.2 ELK安装准备工做
准备3台机器128,130,133
角色划分:
1.3台所有安装elasticsearch(后续简称es) ,1主节点128,2数据节点130,133
2.es主128上安装kibana
3.1台es数据节点130上安装logstash (beats先不装)
4.3台机器所有安装jdk8(openjdk便可)
yum install -y java-1.8.0-openjdk
实例:
[root@axinlinux-01 ~]# vim /etc/hosts #先写一个hosts。三台机器都写
192.168.208.128 axinlinux-01
192.168.208.130 axinlinux-02
192.168.208.133 axinlinux-03
[root@axinlinux-02 ~]# vim /etc/hosts
[root@axinlinux-03 ~]# vim /etc/hosts
[root@axinlinux-02 ~]# yum install -y java-1.8.0-openjdk #三个机器分别安装opebjdk。其余两台都手动安装过啦,就不须要了
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ELK安装 – 安装es
官方文档 https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html
如下操做3台机器上都要执行
1.rpm - -import https://artifacts.elastic.co/GPG-KEY-elasticsearch
#就是搞一个yum源
简单说就是要导入密钥。 涉及到一个安全验证。
https://www.cnblogs.com/musang/p/5856259.html
2.vim /etc/yum.repos.d/elastic.repo //加入以下内容
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
3.yum install -y elasticsearch //而后安装
若是,yum速度太慢。也能够直接下载rpm文件,而后安装
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm
rpm -ivh elasticsearch-6.0.0.rpm
实例:
[root@axinlinux-01 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch #三台机器都要执行
[root@axinlinux-01 ~]# vim /etc/yum.repos.d/elastic.repo #三台机器都要执行。文件名写什么均可以,关键是后缀名要为.repo
[elasticsearch-6.x] name=Elasticsearch repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
[root@axinlinux-01 ~]# yum list |grep elastic
apm-server.i686 6.8.0-1 elasticsearch-6.x apm-server.x86_64 6.8.0-1 elasticsearch-6.x auditbeat.i686 6.8.0-1 elasticsearch-6.x auditbeat.x86_64 6.8.0-1 elasticsearch-6.x elasticsearch.noarch 6.8.0-1 elasticsearch-6.x filebeat.i686 6.8.0-1 elasticsearch-6.x filebeat.x86_64 6.8.0-1 elasticsearch-6.x heartbeat-elastic.i686 6.8.0-1 elasticsearch-6.x heartbeat-elastic.x86_64 6.8.0-1 elasticsearch-6.x journalbeat.i686 6.8.0-1 elasticsearch-6.x journalbeat.x86_64 6.8.0-1 elasticsearch-6.x kibana.x86_64 6.8.0-1 elasticsearch-6.x kibana-oss.x86_64 6.3.0-1 elasticsearch-6.x logstash.noarch 1:6.8.0-1 elasticsearch-6.x metricbeat.i686 6.8.0-1 elasticsearch-6.x metricbeat.x86_64 6.8.0-1 elasticsearch-6.x packetbeat.i686 6.8.0-1 elasticsearch-6.x packetbeat.x86_64 6.8.0-1 elasticsearch-6.x pcp-pmda-elasticsearch.x86_64 4.1.0-5.el7_6 updates rsyslog-elasticsearch.x86_64 8.24.0-34.el7 base
elasticsearch.noarch 6.5.4-1 elasticsearch-6.x #就是这个直接yum。可是速度太慢了,能够去官网下载的rpm包,而后再rpm -ivh的
yum install -y elasticsearch //也能够直接下载rpm文件,而后安装
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm
rpm -ivh elasticsearch-6.0.0.rpm
yum install -y elasticsearch.noarch 6.5.4-1 elasticsearch-6.x
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
配置es
elasticsearch配置文件/etc/elasticsearch和/etc/sysconfig/elasticsearch
参考https://www.elastic.co/guide/en/elasticsearch/reference/6.0/rpm.html
1.在128上(主节点)编辑配置文件vi /etc/elasticsearch/elasticsearch.yml//增长或更改
cluster.name: aminglinux #集群的名字
node.master: true//意思是该节点为主节点
node.data: false 意思是否是data节点。以上这两行是要加进去的
network.host: 192.168.208.128 #在哪一个ip上监听端口。只监听一个内网ip就好了
discovery.zen.ping.unicast.hosts: ["192.168.133.130", "192.168.133.132", "192.168.133.133"] #定义有哪些机器。能够写ip。也能够写主机名(需定义hosts)
2.在132和133上一样编辑配置文件vi /etc/elasticsearch/elasticsearch.yml//增长或更改
cluster.name: aminglinux
node.master: false
node.data: true
network.host: 192.168.208.130(所在机器的ip)
discovery.zen.ping.unicast.hosts: ["192.168.133.130", "192.168.133.132", "192.168.133.133"]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ELK安装 – 安装x-pack(可省略、收费!)
3台机器上都要执行
cd /usr/share/elasticsearch/bin/ (可省略)
./elasticsearch-plugin install x-pack //若是速度慢,就下载x-pack压缩包(可省略)
cd /tmp/; wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.0.0.zip (可省略)
./elasticsearch-plugin install file:///tmp/x-pack-6.0.0.zip (可省略)
启动elasticsearch服务
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
如下操做只须要在130上执行
安装x-pack后就能够为内置用户设置密码了,以下
/usr/share/elasticsearch/bin/x-pack/setup-passwords interactive (可省略)
Sets the passwords for reserved users Commands -------- auto - Uses randomly generated passwords interactive - Uses passwords entered by a user Non-option arguments: command Option Description ------ ----------- -h, --help show help -s, --silent show minimal output -v, --verbose show verbose output ERROR: Missing command
curl localhost:9200 -u elastic //输入密码,能够查看到输出信息(可省略)
Enter host password for user 'elastic':
{
"name" : "axinlinux-01",
"cluster_name" : "aminglinux",
"cluster_uuid" : "_na_",
"version" : {
"number" : "6.8.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "65b6179",
"build_date" : "2019-05-15T20:06:13.172855Z",
"build_snapshot" : false,
"lucene_version" : "7.7.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ELK安装 – curl查看es(查看集群是否成功)
128(主节点)上执行
curl 'localhost:9200/_cluster/health?pretty' 健康检查(状态)
#咱们绑定的ip是内网(192.168.208.128),因此这里localhost要写成192.168.208.128.若是绑定的是0.0.0.0,就能够写localhost
curl 'localhost:9200/_cluster/state?pretty' 集群详细信息
{
"error" : {
"root_cause" : [
{
"type" : "master_not_discovered_exception",
"reason" : null
}
],
"type" : "master_not_discovered_exception",
"reason" : null
},
"status" : 503
}
参考 http://zhaoyanblog.com/archives/732.html
9200端口是cluster本身自己要通讯的
9300端口是他们数据传输的时候用到的
总结:
首先要安装rpm包(能够yum,但比较慢),而后rpm -ivh安装
主节点机器上配置配置文件vim /etc/elasticsearch/elasticsearch.yml
启动不了,能够查看日志: 1. /var/log/masssges
2. /var/log/elasticsearch/aminglinux.log
- 1. 109.ELK介绍、安装es、测试(查看集群状态)、总结
- 2. 查看ELK集群的状态命令
- 3. my29_PXC集群状态查看
- 4. nosql介绍 memrcached介绍 安装memcached 查看memcached状态
- 5. nosql介绍,memrcached介绍,安装memcached,查看memcachedq状态
- 6. nosql介绍、memrcached介绍、安装memcached、查看memcachedq状态
- 7. CDH集群安装&测试总结
- 8. Elasticsearch(008):es中cluster(集群)的查看、状态、操做
- 9. NoSQL、memcached介绍、安装memcached、查看memcached状态
- 10. 分布式ELK平台 、 ES集群安装 、 扩展插件 、 总结和答疑
- 更多相关文章...
- • HTTP状态码 - HTTP 教程
- • Swarm 集群管理 - Docker教程
- • 算法总结-二分查找法
- • Composer 安装与使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 109.ELK介绍、安装es、测试(查看集群状态)、总结
- 2. 查看ELK集群的状态命令
- 3. my29_PXC集群状态查看
- 4. nosql介绍 memrcached介绍 安装memcached 查看memcached状态
- 5. nosql介绍,memrcached介绍,安装memcached,查看memcachedq状态
- 6. nosql介绍、memrcached介绍、安装memcached、查看memcachedq状态
- 7. CDH集群安装&测试总结
- 8. Elasticsearch(008):es中cluster(集群)的查看、状态、操做
- 9. NoSQL、memcached介绍、安装memcached、查看memcached状态
- 10. 分布式ELK平台 、 ES集群安装 、 扩展插件 、 总结和答疑