机器环境:logstash-6.3.1+kibana-6.3.1+elasticsearch-6.3.1
一、redis
1. 安装redis服务端
sudo apt-get install redis-server
2. 检查redis服务进程
ps -aux| grep redis
redis 6783 0.1 0.0 58548 2432 ? Ssl 18:14 0:00 /usr/bin/redis-server 127.0.0.1:6379
lee 6869 0.0 0.0 21536 1000 pts/0 S+ 18:15 0:00 grep --color=auto redis
3. 检查redis服务器状态
netstat -nlt | grep 6379
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 ::1:6379 :::* LISTEN
sudo /etc/init.d/redis-server status
● redis-server.service - Advanced key-value store
Loaded: loaded (/lib/systemd/system/redis-server.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2018-07-19 18:14:47 CST; 2min 35s ago
Docs: http://redis.io/documentation,
man:redis-server(1)
Main PID: 6783 (redis-server)
Tasks: 4 (limit: 4915)
CGroup: /system.slice/redis-server.service
└─6783 /usr/bin/redis-server 127.0.0.1:6379
4. 客户端方位redis
redis-cli
127.0.0.1:6379> help
127.0.0.1:6379> set lee1 "lee"
OK
127.0.0.1:6379> get lee1
"lee"
让数字自增
127.0.0.1:6379> set lee2 1
OK
127.0.0.1:6379> INCR lee2
(integer) 2
增加一个列表记录lee3
127.0.0.1:6379> LPUSH lee3 a
(integer) 1
127.0.0.1:6379> RPUSH lee3 b
(integer) 2
127.0.0.1:6379> LRANGE lee3 0 3
1) "a"
2) "b"
增加一个哈希表lee4
127.0.0.1:6379> HSET lee4 name "lee"
(integer) 1
127.0.0.1:6379> HSET lee4 emmail "abc@mail.com"
(integer) 1
127.0.0.1:6379> HGET lee4 name
"lee"
127.0.0.1:6379> HGETALL lee4
1) "name"
2) "lee"
3) "emmail"
4) "abc@mail.com"
增加一个哈希表记录lee5
127.0.0.1:6379> HMSET lee5 username jing password jg age 21
OK
127.0.0.1:6379> HMSET lee username
(error) ERR wrong number of arguments for 'hmset' command
127.0.0.1:6379> HMSET lee5 username age
OK
127.0.0.1:6379> HMGET lee5 username age
1) "age"
2) "21"
删除记录
127.0.0.1:6379> keys *
1) "lee5"
2) "lee2"
3) "lee3"
4) "lee4"
5) "lee1"
6) "lee"
127.0.0.1:6379> del lee
(integer) 1
127.0.0.1:6379> del lee5
(integer) 1
127.0.0.1:6379> keys *
1) "lee2"
2) "lee3"
3) "lee4"
4) "lee1"
查询key的list集合数量:llen
127.0.0.1:6379> llen lee3
(integer) 2
清除所有数据:flushdb
127.0.0.1:6379> flushdb
OK
127.0.0.1:6379> keys *
(empty list or set)
5. 修改redis配置
默认情况下,访问redis服务器是不需要密码的,为了增加安全性需要设置redis服务器访问密码,设置为gitgit
sudo vi /etc/redis/redis.conf
取消requirepass注释
requirepass gitgit
注释bind
# bind 127.0.0.1 ::1
修改后,重启redis服务器
sudo /etc/init.d/redis-server restart
127.0.0.1:6379> keys *
(error) NOAUTH Authentication required.
127.0.0.1:6379> quit
登陆并输入密码
lee@lee:/opt/modules$ redis-cli -a gitgit
127.0.0.1:6379> keys *
1) "lee1"
2) "lee4"
3) "lee3"
4) "lee2"
检查redis服务器占用端口
netstat -nlt | grep 6379
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp6 0 0 :::6379 :::* LISTEN
网络监听从之前的127.0.0.1:3306变为0.0.0.0:3306,表示redis允许远程登陆访问。
远程访问redis服务器
ssh lee
redis-cli -a gitgit -h lee
lee:6379> keys *
1) "lee1"
2) "lee4"
3) "lee3"
4) "lee2"
远程访问正常
二、安装Elasticsearch
1.解压缩
tar -zxf elasticsearch-6.3.1.tar.gz -C /opt/modules/
2. 启动并验证
后台启动:bin/elasticsearch -d
测试验证
curl -X get http://localhost:9200
{
"name" : "gnSjJFS",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "EKDzK8IfQKG6Jdrbc6TJbw",
"version" : {
"number" : "6.3.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "eb782d0",
"build_date" : "2018-06-29T21:59:26.107521Z",
"build_snapshot" : false,
"lucene_version" : "7.3.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
3. 常用命令
查询所有数据:
curl http://lee:9200/_search?pretty
{
"took" : 14,
"timed_out" : false,
"_shards" : {
"total" : 0,
"successful" : 0,
"skipped" : 0,
"failed" : 0
},
"hits" : {
"total" : 0,
"max_score" : 0.0,
"hits" : [ ]
}
}
查询集群健康状态:
curl -XGET http://localhost:9200/_cluster/health?pretty
{
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
删除所有数据:
curl -XDELETE 'http://lee:9200/_all'
{"acknowledged":true}
删除指定索引:
curl -XDELETE 'http://lee:9200/索引名称'
4. elasticsearch-head插件安装
4.1 作为ElasticSearch插件运行(6.2版本貌似不支持作为es插件运行)
elasticsearch/bin/plugin install mobz/elasticsearch-head
然后浏览器访问http://localhost:9200/进行查看
4.2 作为独立的webapp运行(推荐)
①安装node.js
先安装,nvm,即是Node Version Manager(Node版本管理器)
wget -qO- https://raw.githubusercontent.com/creationix/nvm/v0.33.2/install.sh | bash
②激活nvm
source ~/.nvm/nvm.sh
③激活完成后,安装node
nvm install node
④安装完成后,切换到该版本
nvm use node
安装grunt
grunt是基于Node.js的项目构建工具,可以进行打包压缩、测试、执行等等的工作,head插件就是通过grunt启动
cd /opt/modules/elasticsearch-6.3.1/elasticsearch-head/
npm install -g grunt-cli
执行后会生成node_modules文件夹,grunt -version检查是否安装成功。
安装Head插件
cd /usr/local/elk/elasticsearch/
git clone git://github.com/mobz/elasticsearch-head.git
cd elasticsearch-head/
npm install phantomjs-prebuilt@2.1.16 --ignore-scripts
npm install
npm audit
安装完成之后,修改服务器监听地址
目录:elasticsearch-head/Gruntfile.js,增加hostname属性,设置为*
connect: {
server: {
options: {
port: 9100,
hostname: '*',
base: '.',
keepalive: true
}
}
}
修改连接地址
目录:elasticsearch-head/_site/app.js,把localhost修改成你es的服务器地址,如:
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://lee:9200";
启动Head插件
使用 grunt server 或 npm run start 启动插件。
访问http://lee:9100/ 出现以下画面,代表启动成功
异常:点解 连接 按钮连接集群,发现无论如何点击都没有反应,还需要在es上进行以下设置,开启跨域访问支持
vim /usr/local/elk/elasticsearch/config/elasticsearch.yml 在最后添加以下三条属性:
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-credentials: true
重启Elasticsearch服务。然后再次访问http://lee:9100
elasticsearch安装x-pack插件之后,head插件就无法使用了,因为x-pack中加入了安全模块(security机制),这个时候需要在elasticseach.yml中再增加下面一行配置即可解决。
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
然后在每次使用head插件的时候,按照如下的格式输入,其中auth_user是es的用户名,auth_password是es的密码:
http://172.20.1.187:9100/?auth_user=elastic&auth_password=123456
三、安装Kibana
tar -zxf kibana-6.3.1-linux-x86_64.tar.gz -C /opt/modules/
启动
bin/kibana
测试验证
四、安装logstash
1. 解压
解压缩:
tar -zxf logstash-6.3.1.tar.gz -C /opt/modules/
2. 测试
测试logstash是否安装成功
bin/logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
helloworld~
{
"host" => "lee",
"@version" => "1",
"message" => "helloworld~",
"@timestamp" => 2018-07-23T01:44:58.594Z
}
3. 配置说明
如何执行按指定配置文件执行
bin/logstash –w 2 -f /etc/logstash/conf.d/test.conf
-w # 指定线程,默认是 cpu 核数
-f # 指定配置文件
-t # 测试配置文件是否正常
-b # 执行 filter 模块之前最大能积累的日志,数值越大性能越好,同时越占内存
# 日志导入 input { } # 日志筛选匹配处理 filter { } # 日志匹配输出 output { }
4. 配置实例
mkdir conf.d
vi conf.d/redis.conf
input {
redis {
host => "127.0.0.1"
port => "6379"
key => "logstash:demo"
password => "gitgit"
data_type => "list"
codec => "json"
type => "logstash-redis-demo"
tags => ["logstashdemo"]
}
}
output {
elasticsearch {
hosts => "127.0.0.1"
}
}
用这个配置文件启动logstash agent
bin/logstash -f conf.d/redis.conf
启动内置web
RPUSH logstash:demo "{\"time\":\"2018-07-01 10:12:23\",\"message\":\"logstash demo message\"}"
看看elasticsearch中的索引现状
curl 127.0.0.1:9200/_search?pretty=true