ELK软件安装包以及搭建ELK群集实现高可用
ELK软件安装包
如图所示:搭建ELK群集
一、通过YUM方式安装
ELK的安装流程:https://www.elastic.co/guide/en/elasticsearch/reference/7.5/rpm.html#rpm-repo
1.下载并安装公共签名的密钥:
[root@elk01 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
2.编辑ELK的安装仓库。
[root@elk01 ~]# vim /etc/yum.repos.d/elk.repo
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
3.安装Elasticsearch
[root@elk01 ~]# yum -y install --enablerepo=elasticsearch elasticsearch
二、通过下载方式安装。
1.编辑hosts文件。(elk02同理)
[root@elk01 ~]# vim /etc/hosts
192.168.200.30 elk01
192.168.200.40 elk02
2.配置ELK。(elk02同理,注意IP地址))
1)修改配置文件。
[root@elk01 ~]# vim /etc/elasticsearch/elasticsearch.yml
18 cluster.name: elk 群集名字
25 node.name: elk01 节点的名字
58 network.host: 192.168.200.30 节点的IP地址
59 http.port:9200 端口
72 discovery.seed_hosts: ["elk01","elk02"] 两个节点加入群集
2)配置守护进行程序并启动服务。
[root@elk01 ~]# systemctl daemon-reload
[root@elk01 ~]# systemctl start elasticsearch.service
或:[root@elk01 ~]# /etc/init.d/elasticsearch start
[root@elk01 ~]# systemctl enable elasticsearch.service
[root@elk01 ~]# netstat -anptu | grep 9200
或:[root@elk01 ~]# ss -tnl
3)检查是否配置成功。
http://192.168.200.30:9200/
http://192.168.200.30:9200/_cluster/state
http://192.168.200.30:9200/_cluster/health
3.安装elasticsearch-head的依赖程序。(elk02同理)
1)安装node
[root@elk01 node]# ./configure && make && make install
2)安装phantomjs
[root@elk01 /]# ln -s /usr/local/phantomjs/bin/* /usr/local/bin/
4.安装elasticsearch-head。(elk02同理,修改IP地址)
1)安装elasticsearch-head的管理命令。
[root@elk01 ~]# mv elasticsearch-head-master /usr/local/elasticsearch-head
[root@elk01 ~]# cd /usr/local/elasticsearch-head/
[root@elk01 elasticsearch-head]# npm install 安装npm
2)修改elasticsearch主配置文件加载elasticsearch-head
[root@elk01 ~]# vim /etc/elasticsearch/elasticsearch.yml
69 http.cors.enabled: true
70 http.cors.allow-origin: "*"
[root@elk01 /]# vim /usr/local/elasticsearch-head/Gruntfile.js
93 hostname:'192.168.200.30',
94 port: 9100,
3)配置elasticsearch-head连接elasticsearch。
[root@elk01 /]# vim /usr/local/elasticsearch-head/_site/app.js
4329 this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.200.30:9200";
4)启动服务elasticsearch-head
[root@elk01 elasticsearch-head]# npm run start &
5.安装kibana(elk02同理,注意IP地址)
1)使用rpm安装
[root@elk01 ~]# rpm -ivh kibana-5.5.1-x86_64.rpm
2)修改配置文件
[root@elk01 ~]# vim /etc/kibana/kibana.yml
3 server.port: 5601
9 server.host: 0.0.0.0"
24 elasticsearch.url: "http://192.168.200.30:9200"
34 kibana.index: ".kibana"
3)启动服务设置为开机自启。
[root@elk01 ~]# systemctl start kibana.service
[root@elk01 ~]# systemctl enable kibana.service
http://192.168.200.30:5601
6.安装logstash(需要监控服务器端时配置)
1)使用rpm安装
[root@elk01 ~]# rpm -ivh logstash-5.5.1.rpm
2)启动及优化服务
[root@elk01 ~]# systemctl start logstash.service
[root@elk01 ~]# systemctl enable logstash.service
[root@elk01 ~]# ln -s /usr/share/logstash/bin/logstash /usr/local/bin/
3)创建logstash存储配置文件目录
[root@elk01 ~]# mkdir -p /usr/share/logstash/config
[root@elk01 ~]# ln -s /etc/logstash/* /usr/share/logstash/config/
7.客户端配置logstash写入测试数据。
1)安装logstart和优化命令。
[root@apache01 ~]# rpm -ivh logstash-5.5.1.rpm
[root@apache01 ~]# ln -s /usr/share/logstash/bin/logstash /usr/local/bin/
2)安装apache。
[root@apache01 ~]# yum -y install httpd
3)配置监控apache的错误日志
[root@apache01 ~]# vim /etc/logstash/conf.d/apache_error.conf
input {
file {
path => "/var/log/httpd/error_log"
type => "error"
start_position=> "beginning"
}
}
output {
if [type] == "error" {
elasticsearch {
hosts => ["192.168.200.30:9200"]
index => "apache_error-%{+YYYY.MM.dd}"
}
}
}
4)启动服务,设置为开机自启。
[root@apache01 ~]# systemctl restart logstash.service
[root@apache01 ~]# systemctl enable logstash.service
5)客户端查看测试文件是否写错。
[root@apache01 ~]# logstash -f /etc/logstash/conf.d/apache_error.conf
6)客户端测试
