linuxs搭建elk

最新推荐文章于 2024-05-16 11:33:14 发布
最新推荐文章于 2024-05-16 11:33:14 发布
阅读量1.5k 收藏 2
点赞数
分类专栏: java 其他技术 linuxs eleasticSearch
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/pengbin790000/article/details/79267420
版权
java 同时被 3 个专栏收录
118 篇文章 0 订阅
订阅专栏
其他技术
53 篇文章 0 订阅
订阅专栏
eleasticSearch
18 篇文章 1 订阅
订阅专栏

一、使用背景

    当生产环境有很多服务器、很多业务模块的日志需要每时每刻查看时

二、环境

系统:ubuntu14

JDK:1.8

Elasticsearch-6.1

Logstash-6.1

kibana-6.1

三、安装

1、安装JDK

下载JDK:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

本环境下载的是64位tar.gz包,将安装包拷贝至安装服务器/usr/local目录

[root@localhost ~]# cd /usr/local/ 
[root@localhost local]# tar -xzvf jdk-8u111-linux-x64.tar.gz

配置环境变量

[root@localhost local]# vim /etc/profile

将下面的内容添加至文件末尾(假如服务器需要多个JDK版本,为了ELK不影响其它系统,也可以将环境变量的内容稍后添加到ELK的启动脚本中)

JAVA_HOME=/usr/local/jdk1.8.0_111
JRE_HOME=/usr/local/jdk1.8.0_111/jre
CLASSPATH=.:$JAVA_HOME/lib:/dt.jar:$JAVA_HOME/lib/tools.jar
PATH=$PATH:$JAVA_HOME/bin
export  JAVA_HOME
export  JRE_HOME

ulimit -u 16384

ulimit -n 65536

[root@localhost local]# source /etc/profile  确认修改

配置limit相关参数

[root@localhost local]# vim /etc/security/limits.conf
添加以下内容

* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536

创建运行ELK的用户

[root@localhost local]# groupadd elk

[root@localhost local]# useradd -g elk elk

当然也可以设置密码:

useradd www            # 创建用户
passwd www             # 设置该用户名密码

创建ELK运行目录

[root@localhost local]# mkdir /elk
[root@localhost local]# chown -R elk:elk /elk

关闭防火墙:

[root@localhost ~]# iptables -F

以上全部是root用户完成

2、安装ELK

以下由elk用户操作

以elk用户登录服务器

下载ELK安装包:https://www.elastic.co/downloads,并上传到服务器且解压,解压命令:tar -xzvf 包名

不过也可以下载zip格式的,那么解压命令就是 unzip

配置Elasticsearch

vim config/elasticsearch.yml

增加:network.host: 0.0.0.0   用来让外网访问

查看ip地址:ifconifg

保存退出

启动Elasticsearch -------------必须在elk用户下

./bin/elasticsearch     

/elk/elasticsearch-6.2.4/bin/elasticsearch

后台启动:

./bin/elasticsearch -d

查看进程:

ps -ef|grep elasticsearch

 

用浏览器访问:http://127.0.0.1:9200   或者外网访问192.168.47.131:9200   用chorme或者firefox

Elasticsearch安装完毕

安装logstash

logstash是ELK中负责收集和过滤日志的

 

编写配置文件如下  (log4j.conf):

 

input {
    log4j {
	mode => "server"
        host => "192.168.112.131"
        port => 4560
    }
}

output {
    stdout {
      codec => rubydebug
    }
    elasticsearch{
        hosts => ["192.168.112.131:9200"]
        index => "log4j-%{+YYYY.MM.dd}"
        document_type => "log4j_type"
    }
}

或者:

input {
  tcp {
    host => "192.168.47.131"
    port => "4560"
    codec => json
  }
  stdin{

  }
}

filter {
  kv {
    remove_field => ["source","endOfBatch","loggerName","threadId","threadPriority","port","@version","thread","loggerFqcn","message","timeMillis"]
  }
  mutate {  
   remove_field => ["timestamp"]  
  }

}

output {
    stdout {
      codec => rubydebug
    }
    if "_jsonparsefailure" not in [tags] {
      elasticsearch{
          hosts => ["192.168.47.131:9200"]
          index => "tim_mis-%{+YYYY.MM.dd}"
      }
    }
}

 

 

 

 

 

 

启动logstash

 

/elk/logstash-6.1.2/bin/logstash -f /elk/logstash-6.1.2/config/log4j.conf 

/elk/logstash-6.2.4/bin/logstash -f /elk/logstash-6.2.4/config/log4j2_tim.conf 

 

但是有时候会因为内存不够无法启动

vim /elk/logstash-6.2.4/config/jvm.options 因为是只读文件,所以保存要    :w !sudo tee %  退出使用:q!

-Xms256m  

-Xmx1g

 

 

代表启动成功

 

安装kibana

解压:

tar -zxvf kibana-6.2.4-linux-x86_64.tar.gz

修改配置文件:

vim /elk/kibana-6.2.4-linux-x86_64/config/kibana.yml

# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "192.168.3.59"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
# to Kibana. This setting cannot end in a slash.
#server.basePath: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://192.168.3.59:9200"

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "user"
#elasticsearch.password: "pass"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files validate that your Elasticsearch backend uses the same key files.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 0

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# The default locale. This locale can be used in certain circumstances to substitute any missing
# translations.
#i18n.defaultLocale: "en"

 

 

 

保存退出

启动kibana

/elk/kibana-6.1.2-linux-x86_64/bin/kibana

http://192.168.47.131:5601

 

 

因此:全部启动顺序如下:

切换elk用户:

nohup xxxxxxx &    // 后台启动

/elk/elasticsearch-6.2.4/bin/elasticsearch

/elk/logstash-6.2.4/bin/logstash -f /elk/logstash-6.2.4/config/log4j2_tim.conf 

/elk/kibana-6.2.4-linux-x86_64/bin/kibana

其他参考:

ELK 系统 搭建  https://blog.csdn.net/fxbin123/article/details/79983245(有更好的优化,并且该博主下有kibana的使用介绍)

ELK日志分析平台搭建全过程    https://www.cnblogs.com/onetwo/p/6059231.html

Elasticsearch5.0 最新版本安装问题 http://blog.csdn.net/abcd_d_/article/details/53018927

ubuntu设置最大权限文件数量   http://blog.csdn.net/kimsoft/article/details/8024216

ELK实时日志分析平台部署搭建详细实现过程 http://www.linuxidc.com/Linux/2016-09/135137.htm

ElasticSearch6.X 下载与安装https://blog.csdn.net/fxbin123/article/details/79682876
 

夏微凉秋微暖
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Linux 安装elk
Chihirozy的博客
07-11 689
elk部署
Linux安装搭建ELK集群
我玩的很开心的博客
06-18 1768
Linux安装ELK 一、ES简介 ES是一个基于RESTful web接口并且构建在Apache Lucene之上的开源分布式搜索引擎。 特点是:高可用,高扩展,是一种NOSQL的数据存储工具 二、ES安装前的准备(elk安装包版本要求一致) 下载安装包: elasticsearch-6.2.2.tar.gz elasticsearch-head-master.zip kibana-6.2.2-linux-x86_64.tar.gz logstash-6.2.2.tar.gz node-v8.9.1-l
Linux搭建ELK日志分析系统
m0_61418822的博客
04-19 428
操作系统:本次搭建使用CentOS或Amazon linux等可以使用rpm命令的操作系统,使用其他操作系统在某些步骤进行适配性修改即可版本信息:ElasticSearch 6.8.10、Kibana 6.8.10。
Linux上面部署ELK
最新发布
2302_76160310的博客
05-16 905
path => "/etc/httpd/logs/access_log" //收集apache的访问日志。path => "/etc/httpd/logs/error_log" //收集apache的错误日志。discovery.zen.ping.unicast.hosts: ["node1", "node2"] //群集发现通过单播实现。#tar zxf /mnt/node-v8.2.1.tar.gz -C /usr/src //解压的目录不能有中文路径。
Linux部署搭建ELK
一口粥粥的博客
01-29 2829
ELK环境搭建主要安装说明下载安装Elasticsearch下载安装Logstash添加索引及mapping下载安装Kibana(按实际需求安装) 主要安装说明 Elasticsearch:数据存储 Logstash:数据收集过滤器 Filebeat:另一类数据收集器 Kibana:数据统计查询视图显示 安装系统环境:Linux(redhat) 下载安装Elasticsearch 参考链接:如何在 Linux,MacOS 及 Windows 上进行安装 Elasticsearch_Elastic-CSDN
Linux搭建ELK集群——史上最详细的图文详情
AloneCoding的博客
06-19 743
前期准备 搭建好一台ELK虚拟机,博主前面博客有详细的搭建过程,大家可以去参考搭建一下 本次ELK集群的搭建是在我之前博客搭建ELK环境基础上搭建的 复制多个虚拟机 修改复制的虚拟机ip地址和主机名(将ip地址和主机名改为和主机列表一致的内容) vi /etc/systconfig/network-scripts/ifcfg-enp0s3 vi /etc/hostname 将三个虚拟机都连接到moba 将三个虚拟机分别设置免密登录` ssh-keygen -t rsa -P "" 将三个虚拟机
LINUX搭建ELK(6(1)
2401_83620959的博客
04-28 891
运行 source /etc/profile,使/etc/profile文件生效。16、mysql的innodb如何定位锁问题,mysql如何减少主从复制延迟?2、在工作中,运维人员经常需要跟运营人员打交道,请问运营人员是做什么工作的?6、Squid、Varinsh和Nginx有什么区别,工作中你怎么选择?5、LVS、Nginx、HAproxy有什么区别?9、讲述一下Tomcat8005、8009、8080三个端口的含义?7、Tomcat和Resin有什么区别,工作中你怎么选择?
ELKlinux环境搭建步骤
weixin_42243889的博客
04-09 1350
1 上传jdk11,kibana-7.2.0-linux-x86_64.tar.gz,elasticsearch-7.2.0-linux-x86_64.tar.gz,elasticsearch-analysis-ik-7.2.0.zip包 特别注意,elasticsearch-analysis-ik的版本需要与elasticsearch的版本一致 2 安装解压jdk1 tar -zxvf jdk-11_linux-x64_bin.tar.gz vim /etc/profile 配置环境变量(i进入编
linux搭建ELK7.6.2版本
wangshaner0814的博客
03-09 324
1)创建安装目录 mkdir /usr/local/es/ (2)解压至安装目录 tar -zxvf elasticsearch-7.6.2-linux-x86_64.tar.gz -C /usr/local/es/ (3)解压至安装目录 修改配置/usr/local/es/elasticsearch-7.6.2/config/jvm.options,内存占用可以调小一点 (4)修改配置/usr/local/es/elasticsearch-7.6.2/config/elasticsearch.yml 1.
Linux——ELK日志分析系统
zj2059129607的博客
03-12 555
上传安装包elasticsearch-5.5.0.rpm,并使用rpm安装。Node1部署elasticearch-head插件,安装node组件。Node3上部署httpd+logstash,上传安装包使用rpm安装。安装elasticsearch,Node1 Node2 都配置。访问http://192.168.223.124:5601。访问http://192.168.223.123:9200。安装 elasticsearch-head 组件。安装phantomjs 组件。编辑自定义提交日志配置。
Linux安装elk
upward
05-22 984
Linux安装elk
linuxELK 7.11 安装包
07-21
Linux环境下,ELK(Elasticsearch、Logstash、Kibana)栈的搭建是一个常见的日志管理和分析解决方案。本文将详细介绍如何在Linux系统上安装和配置ELK 7.11版本。 首先,我们来看Elasticsearch。Elasticsearch是一个...
linu 搭建ELK(es+kibana+logstash)安装包
12-02
ELK是三个开源软件的缩写,分别表示:Elasticsearch , Logstash, Kibana , 它们都是开源软件。新增了一个FileBeat,它是一个轻量级的日志收集处理工具(Agent),Filebeat占用资源少,适合于在各个服务器上搜集日志后...
ELK资料linux搭建.tar
11-13
商品收缩 springboot 集成ES+kibana+logstash+Ik分词器
Linux系统设计-Hi-elk 基于Docker快速搭建elk服务镜像
01-10
Linux系统具有高效的网络功能和稳定的性能,因此被广泛应用于服务器领域,Linux是云计算的核心组成部分,被广泛用于构建云平台和云服务。许多知名的云计算服务提供商都采用Linux系统作为其基础架构,一些游戏平台和...
Linuxelk.zip
07-07
Linux中的ELK组合,全称为Elasticsearch、Logstash、Kibana,是日志管理和分析领域的一个流行解决方案。这个“elk.zip”文件显然包含了这三个核心组件的安装或配置文件,为用户提供了一站式的日志处理环境,免去了...
bilibili高级弹幕(代码弹幕)
热门推荐
夏微凉秋微暖的博客
03-30 1万+
1. var i = 0; function printdanmuku(){ interval(function() { i++; var w = Player.width; var h = Player.height; var cy = Utils.rand(0, h); var c = $.createComment("bilibilibilibilibilibilibilib
springMVC配置log4j2打印日志
夏微凉秋微暖的博客
11-14 6213
1.导入jar包: <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <!-- log4j日志文件管理包版本 --> <log4j.version>2....
CPU ThrottleStop 配置
夏微凉秋微暖的博客
05-24 5361
我需要在linux搭建ELK,请教我如何搭建
04-19
非常感谢您的提问。关于如何在Linux搭建ELK,可以按照以下步骤进行: 1. 下载并安装Java Development Kit(JDK) 2. 下载并安装Elasticsearch 3. 下载并安装Logstash 4. 下载并安装Kibana 5. 配置Elasticsearch 6. 配置Logstash 7. 配置Kibana 希望能够帮助您成功搭建ELK。如果您还有其他问题或者需要更详细的操作指导,请随时提出,我会尽力为您解答。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值