CentOS7 搭建ELK笔记
程序员文章站
2022-06-04 10:12:35
...
系统环境
[aaa@qq.com ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
[aaa@qq.com ~]# getenforce
Permissive
[aaa@qq.com ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
10月 12 13:16:16 elk systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 12 13:16:17 elk systemd[1]: Started firewalld - dynamic firewall daemon.
10月 12 13:19:54 elk systemd[1]: Stopping firewalld - dynamic firewall daemon...
10月 12 13:19:55 elk systemd[1]: Stopped firewalld - dynamic firewall daemon.
Java 版本(怎么安装Java这里就不讲了,网上教程一堆,下载好所需的rpm包rpm -ivh 安装即可)
[aaa@qq.com ~]# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
下载所需RPM 包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.7.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.7.0.rpm
wget http://nginx.org/packages/rhel/7/x86_64/RPMS/nginx-1.18.0-1.el7.ngx.x86_64.rpm
开始安装
安装Elasticsearch
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
rpm --install elasticsearch-7.7.0-x86_64.rpm
设置开机自起
systemctl daemon-reload
systemctl enable elasticsearch
启动elasticsearch
systemctl start elasticsearch
通过curl命令查看运行状态
修改配置文件
vim /etc/elasticsearch/elasticsearch.yml
修改内容
#集群名称
cluster.name: test-el
#节点名称
node.name: node-1
#监听IP
network.host: 0.0.0.0
#初始化设置
cluster.initial_master_nodes: ["node-1", "node-2"]
重启elasticsearch
systemctl restart elasticsearch
通过浏览器访问el
安装kibana
rpm -ivh kibana-7.7.0-x86_64.rpm
设置开机自起
systemctl daemon-reload
systemctl enable kibana
修改配置文件
vim /etc/kibana/kibana.yml
修改内容
#服务端口
server.port: 5601
#监听地址
server.host: "0.0.0.0"
#elasticsearch 的地址+端口
elasticsearch.hosts: ["http://192.168.75.238:9200"]
#语言
i18n.locale: "zh-CN"
启动kibana
systemctl start kibana
浏览器访问
PS: 我是安装完成后才写的笔记,所以这边有的图没有了,打开浏览器输入地址+端口后出现的图片就没放了。
安装nginx 并启动
rpm -ivh nginx-1.18.0-1.el7.ngx.x86_64.rpm
nginx
nginx 日志默认路径
/var/log/nginx/access.log
安装logstash
rpm -ivh logstash-7.7.0.rpm
设置开机自起
systemctl daemon-reload
systemctl enable logstash
启动logstash
systemctl start logstash
Logstash收集Nginx访问日志并输出到Elasticsearch
设置nginx 日志文件权限
chmod -R 755 /var/log/nginx/access.log
查看现有索引
curl http://10.15.5.225:9200/_cat/indices
PS: yellow那行是添加完之后才有的,这边可以先忽略
创建nginx日志对应的配置文件
vim /etc/logstash/conf.d/nginx_log.conf
文件内容
[aaa@qq.com ~]# cat /etc/logstash/conf.d/nginx_log.conf
input {
file {
path => ["/var/log/nginx/access.log"]
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
elasticsearch {
hosts => ["10.15.5.225:9200"]
index => "nginx-access"
}
}
重启logstash
systemctl restart logstash
再次查看Elasticsearch现有索引,就和我上面发的图一样了。
kibana设置
展开左侧菜单,点击“management”
Kibana区块点击“索引模式”,点击“创建索引模式”按钮
在输入框输入值nginx-access,我这边之前创建了,所以这边下面会显示已有~,输完之后点击下一步,选择时间字段为“@timestamp”,点击“创建索引模式”按钮。我这边就不放第二步的截图了。。
展开左侧菜单,点击“Discover”,选择我们刚才创建的索引
选择索引
选择时间节点
好了,初步的配置使用就到这里了~
下一篇: 【技术调研】最强Node-RED初探总结