ELK 6.3.1安装与部署

机器环境：logstash-6.3.1+kibana-6.3.1+elasticsearch-6.3.1

一、redis

1. 安装redis服务端

sudo apt-get install redis-server

2. 检查redis服务进程

ps -aux| grep redis

redis 6783 0.1 0.0 58548 2432 ? Ssl 18:14 0:00 /usr/bin/redis-server 127.0.0.1:6379

lee 6869 0.0 0.0 21536 1000 pts/0 S+ 18:15 0:00 grep --color=auto redis

3. 检查redis服务器状态

netstat -nlt | grep 6379

tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN

tcp6 0 0 ::1:6379 :::* LISTEN



sudo /etc/init.d/redis-server status

● redis-server.service - Advanced key-value store

Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)

Active: active (running) since Thu 2018-07-19 18:14:47 CST; 2min 35s ago

Docs: http://redis.io/documentation,

man:redis-server(1)

Main PID: 6783 (redis-server)

Tasks: 4 (limit: 4915)

CGroup: /system.slice/redis-server.service

└─6783 /usr/bin/redis-server 127.0.0.1:6379

4. 客户端方位redis

redis-cli

127.0.0.1:6379> help

127.0.0.1:6379> set lee1 "lee"

OK

127.0.0.1:6379> get lee1

"lee"



让数字自增

127.0.0.1:6379> set lee2 1

OK

127.0.0.1:6379> INCR lee2

(integer) 2



增加一个列表记录lee3

127.0.0.1:6379> LPUSH lee3 a

(integer) 1

127.0.0.1:6379> RPUSH lee3 b

(integer) 2

127.0.0.1:6379> LRANGE lee3 0 3

1) "a"

2) "b"



增加一个哈希表lee4

127.0.0.1:6379> HSET lee4 name "lee"

(integer) 1

127.0.0.1:6379> HSET lee4 emmail "abc@mail.com"

(integer) 1

127.0.0.1:6379> HGET lee4 name

"lee"

127.0.0.1:6379> HGETALL lee4

1) "name"

2) "lee"

3) "emmail"

4) "abc@mail.com"



增加一个哈希表记录lee5

127.0.0.1:6379> HMSET lee5 username jing password jg age 21

OK

127.0.0.1:6379> HMSET lee username

(error) ERR wrong number of arguments for 'hmset' command

127.0.0.1:6379> HMSET lee5 username age

OK

127.0.0.1:6379> HMGET lee5 username age

1) "age"

2) "21"



删除记录

127.0.0.1:6379> keys *

1) "lee5"

2) "lee2"

3) "lee3"

4) "lee4"

5) "lee1"

6) "lee"

127.0.0.1:6379> del lee

(integer) 1

127.0.0.1:6379> del lee5

(integer) 1

127.0.0.1:6379> keys *

1) "lee2"

2) "lee3"

3) "lee4"

4) "lee1"

查询key的list集合数量：llen

127.0.0.1:6379> llen lee3

(integer) 2

清除所有数据：flushdb

127.0.0.1:6379> flushdb

OK

127.0.0.1:6379> keys *

(empty list or set)

5. 修改redis配置

默认情况下，访问redis服务器是不需要密码的，为了增加安全性需要设置redis服务器访问密码，设置为gitgit

sudo vi /etc/redis/redis.conf

取消requirepass注释

requirepass gitgit

注释bind

# bind 127.0.0.1 ::1

修改后，重启redis服务器

sudo /etc/init.d/redis-server restart

127.0.0.1:6379> keys *

(error) NOAUTH Authentication required.

127.0.0.1:6379> quit

登陆并输入密码

lee@lee:/opt/modules$ redis-cli -a gitgit

127.0.0.1:6379> keys *

1) "lee1"

2) "lee4"

3) "lee3"

4) "lee2"

检查redis服务器占用端口

netstat -nlt | grep 6379

tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN

tcp6 0 0 :::6379 :::* LISTEN

网络监听从之前的127.0.0.1:3306变为0.0.0.0:3306，表示redis允许远程登陆访问。

 

远程访问redis服务器

ssh lee

redis-cli -a gitgit -h lee

lee:6379> keys *

1) "lee1"

2) "lee4"

3) "lee3"

4) "lee2"

远程访问正常

 

二、安装Elasticsearch

1.解压缩

tar -zxf elasticsearch-6.3.1.tar.gz -C /opt/modules/

2. 启动并验证

后台启动：bin/elasticsearch -d

测试验证

curl -X get http://localhost:9200

{

"name" : "gnSjJFS",

"cluster_name" : "elasticsearch",

"cluster_uuid" : "EKDzK8IfQKG6Jdrbc6TJbw",

"version" : {

"number" : "6.3.1",

"build_flavor" : "default",

"build_type" : "tar",

"build_hash" : "eb782d0",

"build_date" : "2018-06-29T21:59:26.107521Z",

"build_snapshot" : false,

"lucene_version" : "7.3.1",

"minimum_wire_compatibility_version" : "5.6.0",

"minimum_index_compatibility_version" : "5.0.0"

},

"tagline" : "You Know, for Search"

}

3. 常用命令

查询所有数据：

curl http://lee:9200/_search?pretty

{

"took" : 14,

"timed_out" : false,

"_shards" : {

"total" : 0,

"successful" : 0,

"skipped" : 0,

"failed" : 0

},

"hits" : {

"total" : 0,

"max_score" : 0.0,

"hits" : [ ]

}

}

查询集群健康状态：

curl -XGET http://localhost:9200/_cluster/health?pretty

{

"cluster_name" : "elasticsearch",

"status" : "green",

"timed_out" : false,

"number_of_nodes" : 1,

"number_of_data_nodes" : 1,

"active_primary_shards" : 0,

"active_shards" : 0,

"relocating_shards" : 0,

"initializing_shards" : 0,

"unassigned_shards" : 0,

"delayed_unassigned_shards" : 0,

"number_of_pending_tasks" : 0,

"number_of_in_flight_fetch" : 0,

"task_max_waiting_in_queue_millis" : 0,

"active_shards_percent_as_number" : 100.0

}

删除所有数据：

curl -XDELETE 'http://lee:9200/_all'

{"acknowledged":true}

删除指定索引：

curl -XDELETE 'http://lee:9200/索引名称'

4. elasticsearch-head插件安装

4.1 作为ElasticSearch插件运行(6.2版本貌似不支持作为es插件运行)

elasticsearch/bin/plugin install mobz/elasticsearch-head

然后浏览器访问http://localhost:9200/进行查看

4.2 作为独立的webapp运行(推荐)

①安装node.js

先安装，nvm，即是Node Version Manager(Node版本管理器)

wget -qO- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh | bash

②激活nvm

source ~/.nvm/nvm.sh

③激活完成后，安装node

nvm install node

④安装完成后，切换到该版本

nvm use node

安装grunt

grunt是基于Node.js的项目构建工具，可以进行打包压缩、测试、执行等等的工作，head插件就是通过grunt启动

cd /opt/modules/elasticsearch-6.3.1/elasticsearch-head/

npm install -g grunt-cli

执行后会生成node_modules文件夹,grunt -version检查是否安装成功。

安装Head插件

cd /usr/local/elk/elasticsearch/

git clone git://github.com/mobz/elasticsearch-head.git

cd elasticsearch-head/

npm install phantomjs-prebuilt@2.1.16 --ignore-scripts

npm install

npm audit

安装完成之后，修改服务器监听地址

目录：elasticsearch-head/Gruntfile.js,增加hostname属性，设置为*

connect: {

server: {

options: {

port: 9100,

hostname: '*',

base: '.',

keepalive: true

}

}

}

修改连接地址

目录：elasticsearch-head/_site/app.js,把localhost修改成你es的服务器地址,如:

this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://lee:9200";

启动Head插件

使用 grunt server 或 npm run start 启动插件。

访问http://lee:9100/ 出现以下画面,代表启动成功

异常：点解 连接 按钮连接集群,发现无论如何点击都没有反应,还需要在es上进行以下设置,开启跨域访问支持

vim /usr/local/elk/elasticsearch/config/elasticsearch.yml 在最后添加以下三条属性：

http.cors.enabled: true

http.cors.allow-origin: "*"

http.cors.allow-credentials: true

重启Elasticsearch服务。然后再次访问http://lee:9100

elasticsearch安装x-pack插件之后,head插件就无法使用了,因为x-pack中加入了安全模块(security机制),这个时候需要在elasticseach.yml中再增加下面一行配置即可解决。

http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

然后在每次使用head插件的时候，按照如下的格式输入，其中auth_user是es的用户名,auth_password是es的密码：

http://172.20.1.187:9100/?auth_user=elastic&auth_password=123456

三、安装Kibana

tar -zxf kibana-6.3.1-linux-x86_64.tar.gz -C /opt/modules/

启动

bin/kibana

测试验证

登陆：http://lee:5601

四、安装logstash

1. 解压

解压缩：

tar -zxf logstash-6.3.1.tar.gz -C /opt/modules/

2. 测试

测试logstash是否安装成功

bin/logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'

helloworld~

{

"host" => "lee",

"@version" => "1",

"message" => "helloworld~",

"@timestamp" => 2018-07-23T01:44:58.594Z

}

3. 配置说明

如何执行按指定配置文件执行

bin/logstash –w 2 -f /etc/logstash/conf.d/test.conf

-w # 指定线程,默认是 cpu 核数 

-f # 指定配置文件 

-t # 测试配置文件是否正常 

-b # 执行 filter 模块之前最大能积累的日志,数值越大性能越好,同时越占内存

# 日志导入 input { } # 日志筛选匹配处理 filter { } # 日志匹配输出 output { }

4. 配置实例

mkdir conf.d

vi conf.d/redis.conf

input {

redis {

host => "127.0.0.1"

port => "6379"

key => "logstash:demo"

password => "gitgit"

data_type => "list"

codec => "json"

type => "logstash-redis-demo"

tags => ["logstashdemo"]

}

}

output {

elasticsearch {

hosts => "127.0.0.1"

}

}

用这个配置文件启动logstash agent

bin/logstash -f conf.d/redis.conf

启动内置web

RPUSH logstash:demo "{\"time\":\"2018-07-01 10:12:23\",\"message\":\"logstash demo message\"}"

看看elasticsearch中的索引现状

curl 127.0.0.1:9200/_search?pretty=true