CentOS7搭建ELK6.0.1
1.准备工作:
源码包路径:/usr/local/src/
elasticsearch: elasticsearch-6.0.1.tar.gz
kibana: kibana-6.0.1-linux-x86_64.tar.gz
logstash: logstash-6.0.1.tar.gz
jdk: jdk-8u65-linux-x64.gz
2.安装java环境
cd /usr/local/src
tar zxf jdk-8u65-linux-x64.gz -C /usr/local/
ln -s jdk1.8.0_65 jdk
echo "PATH=/usr/local/jdk/bin:$PATH" >> /etc/profile
source /etc/profile
3.ELK环境配置
#修改系统文件
vi /etc/security/limits.conf
#增加的内容
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096
#修改系统文件vi /etc/security/limits.d/20-nproc.conf
#调整成以下配置
* soft nproc 4096
root soft nproc unlimited
#修改系统文件vi /etc/sysctl.conf
#增加的内容
vm.max_map_count=655360
fs.file-max=655360
sysctl -p
#创建ELK用户useradd elk
4.Elasticsearch 部署
mkdir /usr/local/elk6.0.1
cd /usr/local/src/
tar zxf elasticsearch-6.0.1.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/elasticsearch-6.0.1 elasticsearch
修改配置文件:
vim kibana/config/kibana.yml
vi elasticsearch/config/elasticsearch.yml
cluster.name: es-cluster # 集群名称
node.name: node-master # master节点名称
node.master: true # 是否为master
node.data: true # 是否为数据节点
path.data: /home/apps/elasticsearch # 数据保存路径
path.logs: /home/logs/elasticsearch # 日志路径
network.host: 172.16.8.8 # 监听IP,若为0.0.0.0 表示监听全网IP
http.port: 9200 # 端口
discovery.zen.ping.unicast.hosts: ["172.16.8.8:9200"] # 配置自动发现的主机
discovery.zen.minimum_master_nodes: 1 # 配置只有一个master
创建数据目录:mkdir -p /home/apps/elasticsearch /home/logs/elasticsearch
修改权限,开放端口访问
chown -R elk:elk /usr/local/elk6.0.1 elasticsearch /home/apps/elasticsearch /home/logs/elasticsearch
firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --add-port=9300/tcp --permanent
firewall-cmd --reload
启动服务:
su - elk;
/usr/local/elasticsearch/bin/elasticsearch -d
查看健康状态(如果返回status=green表示正常):curl http://172.16.8.8:9200/_cluster/health?pretty
5.Logstash 部署
cd /usr/local/src/
tar zxf logstash-6.0.1.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/logstash-6.0.1 logstash
修改配置文件:
vi logstash/config/logstash.yml
path.logs: /home/logs/logstash # 日志路径
创建数据目录 && 授权:
mkdir -p /home/logs/logstash
chown -R elk:elk elk6.0.1/logstash-6.0.1 logstash /home/logs/logstash
6.Logstash 安装JDBC插件/usr/local/logstash/bin/logstash-plugin install logstash-input-jdbc
编写配置文件:
vi /usr/local/logstash/config/mysqsl-jdbc.conf
input {
stdin {}
jdbc {
jdbc_driver_library => "/usr/local/logstash/mysql-connector-java-5.1.3.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://192.168.0.211:3306/main"
jdbc_user => "ops"
jdbc_password => "123"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
#statement_filepath => "jdbc.sql"
statement => "SELECT * from qp_inquiry"
schedule => "* * * * *"
type => "jdbc"
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => "172.16.8.8:9200"
index => "mysql_query"
document_id => "%{id}"
}
stdout {
codec => json_lines
}
}
检查配置 && 启动logstash服务
/usr/local/bin/logstash -f config/mysqsl-jdbc.conf --config.test_and_exit
/usr/local/bin/logstash -f config/mysqsl-jdbc.conf
7.kibana 部署
cd /usr/local/src/
tar zxf kibana-6.0.1-linux-x86_64.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/kibana-6.0.1-linux-x86_64 kibana
修改配置文件:
vi kibana/config/kibana.yml
server.port: 5601 # 端口
server.host: "172.16.8.8" # 监听IP
elasticsearch.url: "http://172.16.8.8:9200" # 配置ES的IP:PORT
修改权限,开放端口访问
chown -R elk:elk elk6.0.1/kibana-6.0.1-linux-x86_64 kibana
firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload
切换账号,启动服务
su - elk;
nohup /usr/local/kibana/bin/kibana &
访问:
浏览器访问: 172.16.8.8:5601