一:elasticsearch部署
- 修改配置文件(config/elasticsearch.yum)
cluster.name: my-application #ELK集群名称
network.host: 0.0.0.0 #elasticsearch 监听地址,默认为localhost
http.port: 9200 #elasticsearch 监听端口,默认问9200
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
- 编辑limits.conf 文件
vim /etc/security/limits.conf
*soft nofile 65536
* hard nofile 65536
- 编辑visysctl.conf文件
这里是引用
vi /etc/sysctl.conf
vm.max_map_count=655360
执行 sysctl -p
- 启动elasticsearch
bin/elasticsearch &
查看9200端口是否占用
netwart -ant
- 网页访问http://ip:9200 检测是否正常
二、logstash部署
- 在、config下新增logstash.conf文件具体配置如下
#从日志文件中获取信息
input {
stdin {}
}
#过滤
filter {
grok {
patterns_dir => ["/home/keepgostudio/download/logstash-5.2.0/patterns"]
match => {
"message" => ["%{PARAMS_APACHELOG}", "%{NO_PARAMS_APACHELOG}"]
}
remove_field => ["host", "timestamp", "httpversion", "@version"]
}
kv {
source => "params"
field_split => "&?"
}
geoip {
source => "ip"
fields => ["country_name", "region_name", "city_name", "latitude", "longitude"]
target => "location"
}
#输出
output {
elasticsearch {
hosts => ["192.168.1.44:9200"]
index => "logstash-test-%{type}-%{host}"
}
}
- 启动logstash
bin/logstash -f /config/logstash.conf &
三、安装kibana
- 修改config/xia kibana.yml配置文件
server.port: 5601
server.host: "192.168.1.100"
elasticsearch.url: "http://192.168.1.100:9200"
- 启动kibana
bin/kibana &
- 访问
http://IP:5601