FileBeat+ELK的搭建(v7.11.2)

最新推荐文章于 2024-07-27 18:24:42 发布
最新推荐文章于 2024-07-27 18:24:42 发布
阅读量431 收藏
点赞数 1
分类专栏: linux学习
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_43753178/article/details/115752336
版权

FileBeat+ELK的搭建(v7.11.2)

架构图:

在这里插入图片描述

JDK的安装:

在安装es之前必须安装jdk,我这里安装jdk-11.0.1;

下载地址:https://jdk.java.net/archive/

jdk11与之前版本不同,安装好的文件夹里没有jre文件,环境变量配置更简单了;

我习惯将文件放在/data/dtstack目录下;

在这里插入图片描述

执行安装命令;

[root@ergou dtstack]# tar -zxvf openjdk-11.0.1_linux-x64_bin.tar.gz

在 /etc/profile.d/ 文件夹下创建 java.sh 文件;

[root@ergou dtstack]# vim /etc/profile.d/java.sh
[root@ergou dtstack]# cat /etc/profile.d/java.sh
JAVA_HOME=/data/dtstack/jdk-11.0.1 #jdk文件路径
PATH=$PATH:$JAVA_HOME/bin
export JAVA_HOME PATH

使java.sh文件生效;

[root@ergou dtstack]# source  /etc/profile.d/java.sh

验证jdk;

[root@ergou dtstack]# java -version
openjdk version "11.0.1" 2018-10-16
OpenJDK Runtime Environment 18.9 (build 11.0.1+13)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.1+13, mixed mode)

ELK的安装之Elasticsearch安装:

下载地址:https://www.elastic.co/cn/downloads/

安装elasticsearch:

[root@ergou dtstack]# tar -zxvf elasticsearch-7.11.2-linux-x86_64.tar.gz
[root@ergou dtstack]# cd elasticsearch-7.11.2/config
[root@ergou ~]mkdir  -p /usr/elk/elasticsearch-7.11.2/data
[root@ergou ~]mkdir  -p /usr/elk/elasticsearch-7.11.2/logs
[root@ergou dtstack]# vim elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
 cluster.name: es-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
 node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
 path.data: /usr/elk/elasticsearch-7.11.2/data
#
# Path to log files:
#
 path.logs: /usr/elk/elasticsearch-7.11.2/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
 network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
 http.port: 9200
#
 http.cors.enabled: true
 http.cors.allow-origin: "*"
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
 cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

配置完之后,因为ElasticSearch使用非root用户启动,所以创建一个用户,这里我创建用户elk密码也是elk,然后授权目录;

[root@ergou ~]#useradd elk
[root@ergou ~]#passwd elk
Changing password for user elk.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@ergou ~]# chown -R elk:elk /data/dtstack/elasticsearch-7.11.2/
[root@ergou ~]# chown -R elk:elk /usr/elk/elasticsearch-7.11.2/

修改进程文件配置信息:

[root@ergou ~]#vim /etc/security/limits.conf
//在文件末尾添加下面的参数值
* soft nofile 65536
* hard nofile 131072
[root@ergou ~]#vim /etc/sysctl.conf
vm.max_map_count=655360
保存后,执行:
sysctl -p

启动elasticsearch:

[root@ergou ~]# su elk
[elk@ergou ~]$ cd /data/dtstack/elasticsearch-7.11.2/
[elk@ergou elasticsearch-7.11.2]$ ls
bin  config  jdk  lib  LICENSE.txt  logs  modules  NOTICE.txt  plugins  README.asciidoc   
[elk@ergou elasticsearch-7.11.2]$ ./bin/elasticsearch
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[elk@ergou elasticsearch-7.11.2]$ ss -tnl
State      Recv-Q Send-Q        Local Address:Port                       Peer Address:Port
LISTEN     0      128                       *:22                                    *:*
LISTEN     0      100               127.0.0.1:25                                    *:*
LISTEN     0      128                      :::9200                                 :::*
LISTEN     0      128                      :::9300                                 :::*
LISTEN     0      128                      :::22                                   :::*
LISTEN     0      100                     ::1:25                                   :::*

ELK的安装之Filebeat安装:

安装:

[root@ergou dtstack]# tar  -zxvf filebeat-7.11.2-linux-x86_64.tar.gz
[root@ergou dtstack]# cd /data/dtstack/filebeat-7.11.2-linux-x86_64

编辑配置文件:

# ============================== Filebeat inputs ===============================
#将多份log写入一个索引
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /root/nginx/logs/access.log
  fields:
    log_topics: "nginx"   #用于区分是谁的log
  fields_under_root: true
- type: log
  enabled: true
  paths:
    - /home/ELK/elasticsearch-7.11.1/logs/gc.log
  fields:
    log_topics: "elasticsearch"
  fields_under_root: true
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.50.116:9200"]
  indices:
    - index: "test-log-%{+yyyy.MM.dd}"    #指定的索引名称
    
# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
   hosts: ["192.168.255.192:5044"]

启动filebeat:

[root@ergou filebeat-7.11.2-linux-x86_64]# nohup ./filebeat -e -c filebeat.yml -d "publish" &

ELK的安装之Logstash安装:

[root@ergou dtstack]# tar zxvf  logstash-7.11.2-linux-x86_64.tar.gz

找到/config目录下的logstash-sample.conf文件,修改配置:

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
file{
path => ['/var/log/nginx/*.log']
type => 'nginx_log'
start_position => "beginning"
    }
}
output {
elasticsearch {
hosts => ["http://192.168.255.192:9200"]
index => "user-%{+YYYY.MM.dd}"
       }
}

启动Logstash(root用户)

nohup ./bin/logstash -f /data/dtstack/logstash-7.11.2/config/logstash-sample.conf &

input表示输入源,output表示输出,还可以配置filter过滤,架构如下:

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EvcsUH7M-1618543273141)(C:\Users\Administrator\Pictures\elk\logstash架构图.webp)]

ELK的安装之Kibana安装:

[root@ergou dtstack]# tar -zxvf kibana-7.11.2-linux-x86_64.tar.gz
[root@ergou dtstack]# chown -R elk:elk /data/dtstack/kibana-7.11.2-linux-x86_64
[root@ergou dtstack]# cd kibana-7.11.2-linux-x86_64/config/
[root@ergou config]# vim kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
  server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
  server.host: "192.168.255.192"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
  elasticsearch.hosts: ["http://192.168.255.192:9200"]

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"

# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Enables you to specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"

启动Kibana(用普通用户elk)

[root@ergou config]# su elk
[elk@ergou config]$ cd /data/dtstack/kibana-7.11.2-linux-x86_64
[elk@ergou kibana-7.11.2-linux-x86_64]$ ls
bin     data         node          nohup.out   package.json  README.txt  x-pack
config  LICENSE.txt  node_modules  NOTICE.txt  plugins       src
[elk@ergou kibana-7.11.2-linux-x86_64]$ nohup ./bin/kibana &
[elk@ergou ~]$ ss -tnl
State      Recv-Q Send-Q        Local Address:Port                       Peer Address:Port
LISTEN     0      128                       *:22                                    *:*
LISTEN     0      100               127.0.0.1:25                                    *:*
LISTEN     0      128         192.168.255.192:5601                                  *:*
LISTEN     0      128                      :::9200                                 :::*
LISTEN     0      128                      :::9300                                 :::*
LISTEN     0      128                      :::22                                   :::*
LISTEN     0      100                     ::1:25                                   :::*
WIGER_52
关注
专栏目录
部署ELFK
sukapulai的博客
06-20 351
ELFK= ES + logstash+filebeat+kibana 安装elasticsearch—rpm包 优化最大内存大小和最大文件描述符的数量 安装Java环境 安装logstash 将 Apache 服务器的日志(访问的、错误的)添加到 Elasticsearch 并通过 Kibana 显示 设置 filebeat 的主配置文件 此时再去添加索而对于 Logstash 的 Filter,这个才是 Logst
ELK企业级日志分析系统】部署Filebeat+ELK详解
陌上花开,静待绽放!
07-12 1228
我们对年龄的恐惧,其实并不在于年纪增长所带来的苍老,而是恐惧随着年龄的增长,我们仍然—无所得。
filebeat+elk
weixin_44777619的博客
09-25 143
https://blog.csdn.net/qq_33406938/article/details/80307679
Filebeat安装部署及入门应用
最新发布
andrew_1219的博客
07-27 643
后续开发项目要用到 Filebeat 对日志做收集和处理。本文介绍了 ELK 技术中的 Filebeat,用于轻量级的日志收集和分析
FileBeat+ELK安装
qq_25321335的博客
05-14 918
一、概要 1、开发和测试环境查看日志有点麻烦,现在搭建一个ELK系统收集日志,方便查询和统计。每天所有开发、测试服务器的日志加起来200M左右,数据的准确性要求不是那么高,Logstash、Elasticsearch 单节点就够用了。 2、ELK是现在比较流行的日志收集解决方案,ELK是Elasticsearch、Logstash、Kibana的简称,这三者是核心套件,但并非全部。 3、下载...
原版Filebeat+ELK
Super_man54188的博客
01-06 244
在日常运维工作中,对于系统和业务日志的处理尤为重要。今天,在这里分享一下自己部署的Filebeat+ELK开源实时日志分析平台的记录过程,有不对的地方还望指出。 简单介绍: 日志主要包括系统日志、应用程序日志和安全日志。系统运维和开发人员可以通过日志了解服务器软硬件信息、检查配置过程中的错误及错误发生的原因。经常分析日志可以了解服务器的负荷,性能安全性,从而及时采取措施纠正错误。...
filebeat+ELK日志系统
weixin_30662109的博客
12-10 120
架构图 filebat logstash grok 地址 grok地址一 grok地址二(推荐使用) elasticsearch 基于elasticsearch6.3.2 elasticsearch(一) 之 elasticsearch初识 elasticsearch(二) 之 elasticsearch安装 elasticsearch(三) 之 elasticsearch目录介绍和配置文件详解...
elk+filebeat+kafka日志系统搭建.docx
07-05
本文将详细介绍如何在Linux环境下搭建ELK(Elasticsearch、Logstash、Kibana)+Filebeat+kafka日志系统。这个系统能够有效地收集、处理、存储和分析系统的日志数据,帮助监控和排查问题。 1. **Elasticsearch**:...
ELK+FileBeat+Kafka分布式系统搭建图文教程.docx
06-06
ELK+FileBeat+Kafka分布式系统搭建图文教程 本教程详细记录了ELK+FileBeat+Kafka分布式系统的搭建流程和步骤,为大家快速上手提供了详细的指导。本系统由FileBeat、Kafka、Logstash、Elasticsearch、Kibana五个组件...
ELK+Filebeat+Kafka+ZooKeeper构建日志分析平台
01-23
ELK+Filebeat+Kafka+ZooKeeper构建日志分析平台,架构图解
filebeat+ELK+kafka 架构体系 运行原理
我只是个小学生 能力有限 一直抱着学习的态度
07-09 5395
Elasticsearch介绍 Elasticsearch是一个实时的分布式搜索和分析引擎,它可以用于全文搜索,结构化搜索以及分析,采用Java语言编写。目前,最新的版本是,它的主要特点如下: 实时搜索,实时分析 分布式架构、实时文件存储,并将每一个字段都编入索引 文档导向,所有的对象全部是文档\ 高可用性,易扩展,支持集群(Cluster)、分片和复制(Shards和Replicas) 接口友...
ELK+filebeat
12-18
elasticsearch logstash kibana filebeat
Filebeat+ELK
weixin_30725467的博客
05-26 142
Filebeat+ELK filebeat是logstash的升级版,从功能上来说肯定不如logstash,但是logstah比较耗费资源; filebeat安装 暂时依托于window系统 下载filebeat-5.4.0-windows-x86_64.zip 拷贝到指定目录 以管理员身份运行cmd cd d:\filebeat PowerShell.exe -Executi...
日志可视化方案:ELK+filebeat
Java笔记虾
01-17 1837
点击关注公众号,利用碎片时间学习一、ELK+filebeat系统介绍ELK是指Elasticsearch,Logstash 和 Kibana。集中式日志收集系统,将所有节点上的日志统一收集,管理,访问。ElasticSearch(简称ES),是一个实时的分布式搜索和分析引擎,它可以用于全文搜索,结构化搜索以及分析。Logstash,是一个数据收集引擎,主要用于进行数据收集、解析,并将数据发送给ES...
ELK+FileBeat日志分析系统
yunxi115的博客
06-05 856
ELK是三个开源软件的缩写,分别表示:Elasticsearch , Logstash, Kibana , 它们都是开源软件。新增了一个FileBeat,它是一个轻量级的日志收集处理工具(Agent),Filebeat占用资源少,适合于在各个服务器上搜集日志后传输给Logstash,官方也推荐此工具。Elasticsearch是个开源分布式搜索引擎,提供搜集、分析、存储数据三大功能。它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等。
Filebeat+ELK (grok、mutate、mutiline、date)详解
A1100886的博客
07-11 1677
语法:(?举例:捕获10或11和长度的十六进制数的queue_id可以使用表达式(?filter {grok {如果表达式匹配失败,会生成一个tags字段,字段值为 _grokparsefailure,需要重新检查上边的match配置解析是否正确。日志管理方案服务器数量较少时,rsyslog或脚本 收集、分割日志,统一汇总到专门存放日志的日志服务器保存管理查看日志可把需要的日志文件传到Windows主机上,使用专业的文本工具打开分析日志服务器数量较多时,ELK 收集日志,存储日志,展示日志。
Filebeat+ELK搭建日志分析系统
janthinasnail的博客
12-13 590
环境 centos7两台 192.168.186.128安装:Filebeat、Logstash(本来要放在129机器上,由于硬盘大小有限,暂时将Logstash放在128这台机器上进行测试) 192.168.186.129安装:Elasticsearch、Kibana 安装软件Filebeat+ELK(Elasticsearch、Logstash、Kibana) 一、安装Elasticsearch(以下用es进行简称) 1、下载并安装 # 下载 wget https://artifacts
FilebeatELK中的实战应用
qq_19663899的博客
11-05 1625
写在前面 由于使用分布式部署线上服务的原因,我们在查看日志的时候往往优化恩达的困难,尤其是在定位错误的时候无法找到对应错误所在的服务器,这时我们需要将所有的错误日志统一的收集起来进行集中查询. 技术栈 elasticsearch:用来存储日志,进行日志查询 logstash:用来处理日志,将日志格式调整存入es filebeat:将对应服务器上的日志收集起来发送到logstash kibana:...
Filebeat,Redis和ELK6.x集中式日志解决方案
Ghost_02的博客
01-22 6081
简介            ELK 不是一款软件,而是 Elasticsearch、Logstash 和 Kibana 三种软件产品的首字母缩写。这三者都是开源软件,通常配合使用,而且又先后归于 Elastic.co 公司名下,所以被简称为 ELK Stack。而redis作为一款性能优良的消息队列。更是适合用在此场景中。          下面是针对每个技术我的博客详解。      
Filebeat+ELK 部署
07-12
你好!对于部署FilebeatELK(Elasticsearch, Logstash, Kibana)的步骤,可以按照以下指南进行操作: 1. 安装Elasticsearch: - 在Elasticsearch官方网站上下载并安装适合您操作系统的版本。 - 解压文件并运行elasticsearch启动服务。 2. 安装Logstash: - 在Logstash官方网站上下载并安装适合您操作系统的版本。 - 解压文件并配置logstash.conf文件,该文件定义了如何处理和传输日志数据。 3. 安装Kibana: - 在Kibana官方网站上下载并安装适合您操作系统的版本。 - 解压文件并运行kibana启动服务。 4. 配置Filebeat: - 在Filebeat官方网站上下载并安装适合您操作系统的版本。 - 解压文件并配置filebeat.yml文件,该文件定义了Filebeat如何监视和发送日志数据。 5. 启动服务: - 依次启动Elasticsearch、Logstash、Kibana和Filebeat服务。 6. 验证部署: - 访问Kibana的Web界面(默认地址为http://localhost:5601),确保能够正确显示日志数据。 - 测试日志数据是否正确传输到Elasticsearch集群。 以上是一个基本的Filebeat+ELK部署过程。请根据您的需求和环境进行相应的配置和调整。如果有进一步的问题,请随时提问!
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值