Centos6.5搭建ELK

安装JDK
#wget http://172.18.71.12:83/2Q2W261090F59DD53D8C9740EB6430C46EB03192EE29_unknown_229A95874D39CC9F5FE38A6EA9A2A49C92CE7A07_9/download.oracle.com/otn-pub/java/jdk/8u162-b12/0da788060d494f5095bf8624735fa2f1/jdk-8u162-linux-x64.tar.gz -P /usr/local/src/


配置JAVA环境

#tar -zxf jdk-8u162-linux-x64.tar.gz
#mv jdk1.8.0_162/ /usr/local/

#vim /etc/profile
追加
#JAVA
JAVA_HOME=/usr/local/jdk1.8.0_162
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME CLASSPATH PATH

//生效
# source /etc/profile

//测试
# java -version
java version "1.8.0_162"
Java(TM) SE Runtime Environment (build 1.8.0_162-b12)

Java HotSpot(TM) 64-Bit Server VM (build 25.162-b12, mixed mode)


Elasticsearch安装

系统环境配置

#useradd elk

# vim /etc/security/limits.conf
elk soft nproc 65536
elk hard nproc 65536
elk soft nofile 65536
elk hard nofile 6553

# vim /etc/security/limits.d/90-nproc.conf
elk          soft    nproc     4096
root       soft    nproc     unlimited

#vim /etc/sysctl.conf
添加
vm.max_map_count = 262144

下载elasticsearch

#wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.tar.gz

# tar -zxf elasticsearch-6.2.2.tar.gz 
# mv elasticsearch-6.2.2 /usr/local/ELK/
# mkdir /data/es-data
# mkdir /data/logs/es-logs
# chown elk.elk /data/es-data
# chown elk.elk /data/logs/es-logs

配置文件修改

# vim /usr/local/ELK/elasticsearch-6.2.2/config/elasticsearch.yml
//修改如下内容
cluster.name: test-elk
node.name: node-1
path.data: /data/es-data
path.logs: /data/logs/es-logs
network.host: 0.0.0.0
http.port: 9200
bootstrap.memory_lock: false
bootstrap.system_call_filter: false

启动

先切换到elk用户,执行

# su - elk
//启动,根据输出信息排错
$ cd /usr/local/ELK/elasticsearch-6.2.2/bin/
$ ./elasticsearch

//如顺利启动,可执行demo方式启动
# su - elk
$ cd /usr/local/ELK/elasticsearch-6.2.2/bin/
$ ./elasticsearch -d


验证:

http://IP:9200

如输出如下内容,则elasticsearch运行正常

{
  "name" : "node-1",
  "cluster_name" : "test-elk",
  "cluster_uuid" : "QbaVRtVZQ-OsrII1I9g61g",
  "version" : {
    "number" : "6.2.2",
    "build_hash" : "10b1edd",
    "build_date" : "2018-02-16T19:01:30.685723Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}


Logstash安装
#wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.2.tar.gz

#tar -zxf logstash-6.2.2.tar.gz
#mv logstash-6.2.2 /usr/local/ELK/

配置logstash
这是最简单的配置,勉强能用,高难的正在研究中....

$ vim /usr/local/ELK/logstash-6.2.2/config/elk.conf
input {
        file {
                type => "elk-hc_access"
                path => "/data/logs/www/hc.log"
                start_position => "beginning"
        }
        file {
                type => "elk-hc_error"
                path => "/data/logs/www/hc_err.log"
                start_position => "beginning"
        }
}

output {
        elasticsearch {
                hosts => ["xxx.xxx.xxx.102:9200"]
                index => "%{type}-%{+YYYY.MM.dd}"
                }
}

启动logstash

#su - elk
$ cd cd /usr/local/ELK/kibana-6.2.2-linux-x86_64/bin/
$ ./logstash -f /usr/local/ELK/logstash-6.2.2/config/elk.conf &

kibana安装
#wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.2-linux-x86_64.tar.gz

#tar -zxf kibana-6.2.2-linux-x86_64.tar.gz
#mv kibana-6.2.2-linux-x86_64 /usr/local/ELK/

配置Kibana

$vim kibana.yml
//取消注释,修改
server.port: 5601
server.host: "xxx.xxx.xxx.102"
elasticsearch.url: "http://localhost:9200"

启动Kibana

$ ./kibana &

Kibana登陆地址

http://xxx.xxx.xxx.102:5601

PS:

页面上
Management=>这里填你定义的elk-hc_access*或者elk-hc_error*

配置里
index => "%{type}-%{+YYYY.MM.dd}" 对应的是搜索elk-hc_access*时候显示:如 elk-hc_access-2018.03.14

杀死kibana
#fuser -n tcp 5601
#kill -9 pid

你可能感兴趣的:(我的运维笔记)