ELKSTACK

最新推荐文章于 2024-02-22 02:11:15 发布

XMJDCH

最新推荐文章于 2024-02-22 02:11:15 发布

阅读量414

点赞数

本文链接：https://blog.csdn.net/XMJDCH/article/details/79127637

版权

ELKSTACK:
    日志分析

内存锁定
需要依赖与JAVA环境
[root@elk1 ~]# ls
elasticsearch-2.3.3.rpm
[root@elk1 ~]# rpm -ivh elasticsearch-2.3.3.rpm 
[root@elk1 ~]# cd /etc/elasticsearch/
[root@elk1 elasticsearch]# ls
elasticsearch.yml  logging.yml  scripts
[root@elk1 elasticsearch]# cd /var/lib/elasticsearch/
[root@elk1 elasticsearch]# pwd
/var/lib/elasticsearch
[root@elk1 elasticsearch]# vim /etc/elasticsearch/elasticsearch.yml 

[root@elk1 elasticsearch]# /etc/init.d/elasticsearch start
which: no java in (/sbin:/usr/sbin:/bin:/usr/bin)
Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME
[root@elk1 elasticsearch]# cd
[root@elk1 ~]# rpm -ivh jdk-8u121-linux-x64.rpm 
[root@elk1 plugins]# /etc/init.d/elasticsearch start
Starting elasticsearch:                                    [  OK  ]
[root@elk1 ~]# rpm -ql elasticsearch
[root@elk1 plugins]# yum install unzip -y
[root@elk1 ~]# unzip -d  /usr/share/elasticsearch/plugins elasticsearch-head-master.zip 
[root@elk1 elasticsearch-head-master]# netstat -antlp
 0 ::ffff:172.25.30.1:9200     :::*                        LISTEN      1640/java           
tcp        0      0 ::ffff:172.25.30.1:9300     :::*                        LISTEN      1640/java   
[root@elk1 ~]# cd /usr/share/elasticsearch/
[root@elk1 elasticsearch]# ls
bin  lib  LICENSE.txt  modules  NOTICE.txt  plugins  README.textile
[root@elk1 elasticsearch]# cd plugins/
[root@elk1 plugins]# ls
elasticsearch-head-master
[root@elk1 plugins]# cd elasticsearch-head-master/
[root@elk1 elasticsearch-head-master]# ls
elasticsearch-head.sublime-project  LICENCE                       _site
Gruntfile.js                        package.json                  src
grunt_fileSets.js                   plugin-descriptor.properties  test
index.html                          README.textile
[root@elk1 elasticsearch-head-master]#    

&&浏览器访问：http://172.25.30.1:9200/




[root@elk1 ~]# /usr/share/elasticsearch/bin/plugin install file:/root/elasticsearch-head-master.zip 
-> Installing from file:/root/elasticsearch-head-master.zip...
Trying file:/root/elasticsearch-head-master.zip ...
Downloading .........DONE
Verifying file:/root/elasticsearch-head-master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed head into /usr/share/elasticsearch/plugins/head

http://172.25.30.1:9200/_plugin/head/
    ***创建图形界面

&&创建集群

[root@elk2 ~]# rpm -ivh jdk-8u121-linux-x64.rpm elasticsearch-2.3.3.rpm 
[root@elk1 ~]# scp /etc/elasticsearch/elasticsearch.yml root@172.25.30.2:/etc/elasticsearch/
[root@elk1 ~]# scp /etc/elasticsearch/elasticsearch.yml root@172.25.30.3:/etc/elasticsearch/
vim /etc/elasticsearch/elasticsearch.yml 
.....
cluster.name: my-es
node.name: elk1 #需要主机名解析
path.data: /var/lib/elasticsearch
bootstrap.mlockall: true
network.host: 172.25.30.1
http.port: 9200
discovery.zen.ping.unicast.hosts: ["elk1", "elk2", "elk3"]
....
/etc/init.d/elasticsearch start

&&集群成功
粗的表示实体，细的表示副本

*五角星：主分片服务器
绿色：集群OK
红色：坏





API方式采集数据：
JSON格式：

API操作索引
[root@elk1 ~]# rpm -ivh logstash-2.3.3-1.noarch.rpm 
Preparing...                                                            (100########################################### [100%]
   1:logstash                                                           (  1########################################### [100%]
[root@elk1 logstash]# ./bin/logstash -e 'input { stdin {} } output { elasticsearch { hosts => ["172.25.30.1"] index => "logstash-%{+YYYY.MM.dd}" } }'
Settings: Default pipeline workers: 1
Pipeline main started
hello xiaxiaofan