Elasticsearch、Logstash、Kibana实施日志监控部署

为什么80%的码农都做不了架构师？>>>   

下载：

Elasticsearch

[root@iZ23zw1ss97Z app]# wget -P /app/download/ https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.3.3/elasticsearch-2.3.3.tar.gz
--2017-01-02 10:41:33--  https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.3.3/elasticsearch-2.3.3.tar.gz
Resolving download.elastic.co (download.elastic.co)... 184.73.156.41, 54.243.108.41, 54.225.188.6, ...
Connecting to download.elastic.co (download.elastic.co)|184.73.156.41|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27542289 (26M) [application/gzip]
Saving to: ‘/app/download/elasticsearch-2.3.3.tar.gz’

100%[===================================================================================================>] 27,542,289  2.93MB/s   in 11s    

2017-01-02 10:41:46 (2.30 MB/s) - ‘/app/download/elasticsearch-2.3.3.tar.gz’ saved [27542289/27542289]

[root@iZ23zw1ss97Z app]# 

Logtash

[root@iZ23zw1ss97Z app]# wget -P /app/download/ https://download.elastic.co/logstash/logstash/logstash-2.3.2.tar.gz

Kibana

[root@iZ23zw1ss97Z app]# wget -P /app/download/ https://download.elastic.co/kibana/kibana/kibana-4.5.1-linux-x64.tar.gz

安装，这里解压即可，无需编译：

[root@iZ23zw1ss97Z app]# cd download
[root@iZ23zw1ss97Z download]# tar -xvzf elasticsearch-2.3.3.tar.gz
...#省略
[root@iZ23zw1ss97Z download]# tar -xvzf logstash-2.3.2.tar.gz
...#省略
[root@iZ23zw1ss97Z download]# tar -xvzf kibana-4.5.1-linux-x64.tar.gz
...#省略

首先Elasticsearch，需要Jdk环境（这里省略...），以非root用户启动，要不会报错。

[root@iZ23zw1ss97Z ~]# cd /app/download/elasticsearch-2.3.3
[root@iZ23zw1ss97Z elasticsearch-2.3.3]# bin/elasticsearch -d  ###(-d 是指后台启动)###

其次Logtash，在根目录创建logtash.conf文件（用此文件来启动）

input {
    file {
        path => "/usr/local/nginx/logs/access.log" #你的日志文件
        start_position => beginning
        ignore_older => 0
    }
}

filter {

     grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
     }
     geoip {
        source => "clientip"
     }
}
          
output { 
     elasticsearch {
        hosts => ["localhost:9200"] 
        index => "logstash-%{+YYYY.MM.dd}"
     } 
}        

启动logtash，出现下面这段信息，表示启动成功：

[root@iZ23zw1ss97Z ~]cd /app/download/logstash-2.3.2
[root@iZ23zw1ss97Z logstash-2.3.2]# bin/logstash -f logstash.conf
Setting: Default pipeline workers:1
Pipeline main started

然后启动Kibana，

[root@iZ23zw1ss97Z kibana-4.5.1-linux-x64]# vi conf/kibaba.yml
#修改host，编辑内容：
elasticsearch.url: "http://localhost:9200"
[root@iZ23zw1ss97Z kibana-4.5.1-linux-x64]# bin/kibana

访问上边的复制最后一行去访问就可以了，默认端口是5601

转载于:https://my.oschina.net/90888/blog/821845