elk是目前很流行的实时日志分析系统,E=elasticsearch,L=logstash,K=kibana
version:
elasticsearch:1.4.0
logstash:1.4.2
kibana:3.1.2
nginx:1.2.2
下面是单机搭建ELK的过程:
1 依赖
java环境是logstash和elasticsearch都需要的,在logstash和elasticsearch所在的主机上安装最新的版本的java环境。
确认java环境是否安装好,输入下面的命令:
$ java -version
输出:
java version "1.7.0_79"
OpenJDK Runtime Environment (rhel-2.5.5.3.el6_6-x86_64 u79-b14)
OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)
1 logstash
-安装
$ wget https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz
$ tar zxvf logstash-1.4.2.tar.gz
-验证
$ cd /path/to/logstash/
$ bin/logstash -e 'input { stdin { } } output { stdout {} }'
hello world
2014-11-13T02:46:46.340+0000 linux hello world
2 Elasticsearch
-安装
$ wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.0.tar.gz
$ tar zxvf elasticsearch-1.4.0.tar.gz
-运行
$ cd /path/to/elasticsearch
$ bin/elasticsearch -d
正常启动elasticsearch会输出一下信息:
[2014-11-12 18:04:14,250][INFO ][node ] [Thunderclap] version[1.4.0], pid[25882], build[bc94bd8/2014-11-05T14:26:12Z]
[2014-11-12 18:04:14,251][INFO ][node ] [Thunderclap] initializing ...
[2014-11-12 18:04:14,256][INFO ][plugins ] [Thunderclap] loaded [], sites []
[2014-11-12 18:04:16,527][INFO ][node ] [Thunderclap] initialized
[2014-11-12 18:04:16,528][INFO ][node ] [Thunderclap] starting ...
[2014-11-12 18:04:16,820][INFO ][transport ] [Thunderclap] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.205.252:9300]}
[2014-11-12 18:04:16,839][INFO ][discovery ] [Thunderclap] elasticsearch/AWsqNT85SbytA3OYMKvekQ
[2014-11-12 18:04:20,625][INFO ][cluster.service ] [Thunderclap] new_master [Thunderclap][AWsqNT85SbytA3OYMKvekQ][linux][inet[/192.168.205.252:9300]], reason: zen-disco-join (elected_as_master)
[2014-11-12 18:04:20,647][INFO ][http ] [Thunderclap] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.205.252:9200]}
[2014-11-12 18:04:20,647][INFO ][node ] [Thunderclap] started
-* 验证*
可以直接通过HTTP协议访问Elasticsearch,默认端口为9200:
$ curl -X GET http://localhost:9200
{
"status" : 200,
"name" : "Spellcheck",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "1.4.0",
"build_hash" : "bc94bd81298f81c656893ab1ddddd30a99356066",
"build_timestamp" : "2014-11-05T14:26:12Z",
"build_snapshot" : false,
"lucene_version" : "4.10.2"
},
"tagline" : "You Know, for Search"
}
3 kibana
-安装
$ wget https://download.elasticsearch.org/kibana/kibana/kibana-3.1.2.tar.gz
$ tar zxvf kibana-3.1.2.tar.gz
-启动
启动kibana3需要一个web server,使用nginx作为kibana的web server,配置过程如下:
1 将解压后的kibana文件夹下的内容copy到/var/www/kibana
$ mkdir -p /var/www/kibana && cp -r /path/to/kibana /var/www/kibana
2 配置nginx的/etc/nginx/conf.d/default.conf
#
# The default server
#
server {
listen 8088;
server_name _;
#charset koi8-r;
#access_log logs/kibana.access.log main;
location / {
root /var/www/kibana;
index index.html index.htm;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
-验证
在浏览器中输入kibana所在主机的ip:8088,但会出现链接不上elasticsearch的情况,修改/var/www/kibana/config.js中的
elasticsearch: "http://"+window.location.hostname+":9200",
为
elasticsearch: "http://ip_of_elasticsearch:9200",
然后修改Elasticsearch的配置文件elasticsearch.yml,增加以下配置:
http.cors.enabled: true
再次访问就会出现kibana的欢迎界面。