软件包软件包下载:

https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.1.tar.gz

https://artifacts.elastic.co/downloads/kibana/kibana-5.4.1-linux-x86_64.tar.gz

https://artifacts.elastic.co/downloads/logstash/logstash-5.4.1.tar.gz

https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.4.1-linux-x86_64.tar.gz

https://www.elastic.co/cn/downloads/
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.

1.准备工作:

yum install -y java-1.8.0-openjdk
hostnamectl set-hostname elk           #修改主机名
systemctl stop firewalld                  #关闭firewalld
setenforce 0

tar zxvf elasticsearch-5.4.1.tar.gz && tar zxvf logstash-5.4.1.tar.gz && tar zxvf kibana-5.4.1-linux-x86_64.tar.gz

 mv  logstash-5.4.1 /usr/local/logstash
 mv  elasticsearch-5.4.1 /usr/local/elasticsearch
 mv  kibana-5.4.1-linux-x86_64 /usr/local/kibana
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.

2.安装logstash
解压后是没有logstash的配置文件的,需要手动创建一个,上面截图的log.conf就是我手动创建的,为了测试,只是配置了简单的标准输入和标准输出,内容如下:

input {
      stdin { }
}

output {
       stdout {
              codec => rubydebug {}
       }
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.

尝试启动logstash并验证是否配置成功,在logstash的解压目录下执行命令: ./bin/logstash -f config/log.conf,出现如下截图表明配置成功,从启动信息中也能看出日志路径,端口等信息
在交互里随便输入测试hello log,看看输出吧ELK+redis搭建_ELK
3.安装elasticsearch

yum install -y java-1.8.0-openjdk
hostnamectl set-hostname elk           #修改主机名
systemctl stop firewalld                  #关闭firewalld
setenforce 0
  • 1.
  • 2.
  • 3.
  • 4.

编辑elasticsearch.yml

[root@elk ~]# egrep -v "^#|^$" /usr/local/elasticsearch/config/elasticsearch.yml 
cluster.name: my-application
node.name: elk
path.data: /usr/local/elasticsearch/data
path.logs: /usr/local/elasticsearch/logs
network.host: 172.16.90.37
http.port: 9200
discovery.seed_hosts: ["172.16.90.37"]
cluster.initial_master_nodes: ["172.16.90.37:9300"]
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
mkdir -p /usr/local/elasticsearch/data /usr/local/elasticsearch/logs
useradd elasticsearch
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch
echo "vm.max_map_count = 655360" >>/etc/sysctl.conf && sysctl -p
  • 1.
  • 2.
  • 3.
  • 4.

编辑/etc/security/limits.conf文件,新增以下内容

* soft nofile 65536 
* hard nofile 65536 
* soft nproc 65536 
* hard nproc 65536
  • 1.
  • 2.
  • 3.
  • 4.

elasticsearch不可用root用户启动,切换到elasticsearch用户运行:

su - elasticsearch 
cd /usr/local/elasticsearch 
bin/elasticsearch &
  • 1.
  • 2.
  • 3.

查看端口监听信息:ELK+redis搭建_ELK_02

在浏览器中查看:ELK+redis搭建_ELK_03

完成logstash和elasticsearch的安装后,就该开始集成他们俩了,回到logstash的配置文件log.conf,修改配置如下:输入还是标准输入,输出增添一个elasticsearch,hosts配置elasticsearch的地址和端口:

input {
		stdin { }
}
output {
		elasticsearch {
			hosts => "192.168.56.100:9200"
			index => "logstash-test"
		}
 stdout {
	codec => rubydebug {}
	}
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.

在启动logstash过程中检查并连接output端elasticsearch,输入测试字符串后,访问elasticsearch的api: http://192.168.56.100:9200/logstash-test/_search(logstash-test是logstash.conf中配置的索引index),可以看到如下:刚才输入的I hello 222已经在elasticsearch中可以查看到了ELK+redis搭建_ELK_04

4.安装kibana

cd /usr/local/kibana/config
vi /usr/local/kibana/config/kibana.yml
  • 1.
  • 2.

进入kibana的解压目录的config目录下,编辑kibana.yml,server.port:5601放开,server.host修改为kibana的安装服务器,配置elasticsearch的路径端口ELK+redis搭建_ELK_05

启动:/bin/kibana & ELK+redis搭建_ELK_06

再在logstash的交互中输入:Hello kaka,you are the chenELK+redis搭建_ELK_07
网页可以看见:ELK+redis搭建_ELK_08

5.接下来安装redis:
我需要的是centos 64位,我直接找到源后wget下载到当前目录:wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

然后进行安装:rpm -ivh epel-release-6-8.noarch.rpm
第三、安装redisyum install redis
在配置文件中配置:vi /etc/redis.conf

#bind 127.0.0.1   不要bind回环地址,不bind或bind局域网IP地址
port 6379
daemonize yes
protected-mode no
pidfile /var/run/redis_6379.pid
logfile /var/log/redis/redis.log
dbfilename dump.rdb
dir /var/lib/redis/
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.

启动redis-serverredis-server /etc/redis.conf

redis和ELK还没有对接成功,后面待更新!!!