欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

CentOS7 搭建ELK笔记

程序员文章站 2022-06-04 10:12:35
...
系统环境
[aaa@qq.com ~]# cat /etc/redhat-release 
CentOS Linux release 7.6.1810 (Core) 
[aaa@qq.com ~]# getenforce 
Permissive
[aaa@qq.com ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

10月 12 13:16:16 elk systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 12 13:16:17 elk systemd[1]: Started firewalld - dynamic firewall daemon.
10月 12 13:19:54 elk systemd[1]: Stopping firewalld - dynamic firewall daemon...
10月 12 13:19:55 elk systemd[1]: Stopped firewalld - dynamic firewall daemon.

Java 版本(怎么安装Java这里就不讲了,网上教程一堆,下载好所需的rpm包rpm -ivh 安装即可)
[aaa@qq.com ~]# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)

下载所需RPM 包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.7.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.7.0.rpm
wget http://nginx.org/packages/rhel/7/x86_64/RPMS/nginx-1.18.0-1.el7.ngx.x86_64.rpm
开始安装
安装Elasticsearch
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
rpm --install elasticsearch-7.7.0-x86_64.rpm
设置开机自起
systemctl daemon-reload
systemctl enable elasticsearch
启动elasticsearch
systemctl start elasticsearch

CentOS7 搭建ELK笔记

通过curl命令查看运行状态

CentOS7 搭建ELK笔记

修改配置文件
vim /etc/elasticsearch/elasticsearch.yml
修改内容
#集群名称
cluster.name: test-el
#节点名称
node.name: node-1
#监听IP
network.host: 0.0.0.0
#初始化设置
cluster.initial_master_nodes: ["node-1", "node-2"]
重启elasticsearch
systemctl restart elasticsearch
通过浏览器访问el

CentOS7 搭建ELK笔记

安装kibana
rpm -ivh kibana-7.7.0-x86_64.rpm
设置开机自起
systemctl daemon-reload
systemctl enable kibana
修改配置文件
vim /etc/kibana/kibana.yml
修改内容
#服务端口
server.port: 5601
#监听地址
server.host: "0.0.0.0"
#elasticsearch 的地址+端口
elasticsearch.hosts: ["http://192.168.75.238:9200"]
#语言
i18n.locale: "zh-CN"
启动kibana
systemctl start kibana

CentOS7 搭建ELK笔记

浏览器访问

CentOS7 搭建ELK笔记
PS: 我是安装完成后才写的笔记,所以这边有的图没有了,打开浏览器输入地址+端口后出现的图片就没放了。

安装nginx 并启动
rpm -ivh nginx-1.18.0-1.el7.ngx.x86_64.rpm
nginx

CentOS7 搭建ELK笔记

nginx 日志默认路径
/var/log/nginx/access.log
安装logstash
rpm -ivh logstash-7.7.0.rpm
设置开机自起
systemctl daemon-reload
systemctl enable logstash
启动logstash
systemctl start logstash

CentOS7 搭建ELK笔记

Logstash收集Nginx访问日志并输出到Elasticsearch
设置nginx 日志文件权限
chmod -R 755 /var/log/nginx/access.log
查看现有索引
curl http://10.15.5.225:9200/_cat/indices

CentOS7 搭建ELK笔记
PS: yellow那行是添加完之后才有的,这边可以先忽略

创建nginx日志对应的配置文件
vim /etc/logstash/conf.d/nginx_log.conf
文件内容
[aaa@qq.com ~]# cat /etc/logstash/conf.d/nginx_log.conf 
input {
    file {
        path => ["/var/log/nginx/access.log"]
        start_position => "beginning"
    }
 }

filter {
        grok {
                match => { "message" => "%{COMBINEDAPACHELOG}" }
        }
}

output {
        elasticsearch {
                hosts => ["10.15.5.225:9200"]
                index => "nginx-access"
        }
}

重启logstash
systemctl restart logstash
再次查看Elasticsearch现有索引,就和我上面发的图一样了。

CentOS7 搭建ELK笔记

kibana设置

展开左侧菜单,点击“management”
CentOS7 搭建ELK笔记
Kibana区块点击“索引模式”,点击“创建索引模式”按钮
CentOS7 搭建ELK笔记
CentOS7 搭建ELK笔记

在输入框输入值nginx-access,我这边之前创建了,所以这边下面会显示已有~,输完之后点击下一步,选择时间字段为“@timestamp”,点击“创建索引模式”按钮。我这边就不放第二步的截图了。。

CentOS7 搭建ELK笔记

展开左侧菜单,点击“Discover”,选择我们刚才创建的索引

CentOS7 搭建ELK笔记
选择索引
CentOS7 搭建ELK笔记
选择时间节点
CentOS7 搭建ELK笔记
CentOS7 搭建ELK笔记

好了,初步的配置使用就到这里了~