ELK

ELK

elk是目前很流行的实时日志分析系统,E=elasticsearch,L=logstash,K=kibana
version:
elasticsearch:1.4.0
logstash:1.4.2
kibana:3.1.2
nginx:1.2.2

下面是单机搭建ELK的过程:
1 依赖
java环境是logstash和elasticsearch都需要的,在logstash和elasticsearch所在的主机上安装最新的版本的java环境。
确认java环境是否安装好,输入下面的命令:
$ java -version
输出:

java version "1.7.0_79"
OpenJDK Runtime Environment (rhel-2.5.5.3.el6_6-x86_64 u79-b14)
OpenJDK 64-Bit Server VM (build 24.79-b02, mixed mode)

1 logstash
-安装
$ wget https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz
$ tar zxvf logstash-1.4.2.tar.gz

-验证

$ cd /path/to/logstash/
$ bin/logstash -e 'input { stdin { } } output { stdout {} }'
hello world
2014-11-13T02:46:46.340+0000 linux hello world

2 Elasticsearch
-安装

$ wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.0.tar.gz
$ tar zxvf elasticsearch-1.4.0.tar.gz

-运行

$ cd /path/to/elasticsearch
$ bin/elasticsearch -d

正常启动elasticsearch会输出一下信息:

[2014-11-12 18:04:14,250][INFO ][node                     ] [Thunderclap] version[1.4.0], pid[25882], build[bc94bd8/2014-11-05T14:26:12Z]
[2014-11-12 18:04:14,251][INFO ][node                     ] [Thunderclap] initializing ...
[2014-11-12 18:04:14,256][INFO ][plugins                  ] [Thunderclap] loaded [], sites []
[2014-11-12 18:04:16,527][INFO ][node                     ] [Thunderclap] initialized
[2014-11-12 18:04:16,528][INFO ][node                     ] [Thunderclap] starting ...
[2014-11-12 18:04:16,820][INFO ][transport                ] [Thunderclap] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.205.252:9300]}
[2014-11-12 18:04:16,839][INFO ][discovery                ] [Thunderclap] elasticsearch/AWsqNT85SbytA3OYMKvekQ
[2014-11-12 18:04:20,625][INFO ][cluster.service          ] [Thunderclap] new_master [Thunderclap][AWsqNT85SbytA3OYMKvekQ][linux][inet[/192.168.205.252:9300]], reason: zen-disco-join (elected_as_master)
[2014-11-12 18:04:20,647][INFO ][http                     ] [Thunderclap] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.205.252:9200]}
[2014-11-12 18:04:20,647][INFO ][node                     ] [Thunderclap] started

-* 验证*
可以直接通过HTTP协议访问Elasticsearch,默认端口为9200:

$ curl -X GET http://localhost:9200
{
  "status" : 200,
  "name" : "Spellcheck",
  "cluster_name" : "elasticsearch",
  "version" : {
    "number" : "1.4.0",
    "build_hash" : "bc94bd81298f81c656893ab1ddddd30a99356066",
    "build_timestamp" : "2014-11-05T14:26:12Z",
    "build_snapshot" : false,
    "lucene_version" : "4.10.2"
  },
  "tagline" : "You Know, for Search"
}

3 kibana
-安装

$ wget https://download.elasticsearch.org/kibana/kibana/kibana-3.1.2.tar.gz
$ tar zxvf kibana-3.1.2.tar.gz 

-启动
启动kibana3需要一个web server,使用nginx作为kibana的web server,配置过程如下:
1 将解压后的kibana文件夹下的内容copy到/var/www/kibana

$ mkdir -p /var/www/kibana && cp -r /path/to/kibana /var/www/kibana

2 配置nginx的/etc/nginx/conf.d/default.conf

#
# The default server
#
server {
    listen       8088;
    server_name  _;

    #charset koi8-r;

    #access_log  logs/kibana.access.log  main;

    location / {
        root   /var/www/kibana;
        index  index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    #location ~ \.php$ {
    #    root           html;
    #    fastcgi_pass   127.0.0.1:9000;
    #    fastcgi_index  index.php;
    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    #    include        fastcgi_params;
    #}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}

-验证
在浏览器中输入kibana所在主机的ip:8088,但会出现链接不上elasticsearch的情况,修改/var/www/kibana/config.js中的

elasticsearch: "http://"+window.location.hostname+":9200",

elasticsearch: "http://ip_of_elasticsearch:9200",

然后修改Elasticsearch的配置文件elasticsearch.yml,增加以下配置:

http.cors.enabled: true

再次访问就会出现kibana的欢迎界面。

你可能感兴趣的:(logs,elk)