CentOS7搭建ELK6.0.1
阿新 • • 發佈:2018-07-14
訪問 mysq elastic eal ech map 啟動 chown mysql CentOS7搭建ELK6.0.1
1.準備工作:
源碼包路徑:/usr/local/src/
elasticsearch: elasticsearch-6.0.1.tar.gz
kibana: kibana-6.0.1-linux-x86_64.tar.gz
logstash: logstash-6.0.1.tar.gz
jdk: jdk-8u65-linux-x64.gz
1.準備工作:
源碼包路徑:/usr/local/src/
elasticsearch: elasticsearch-6.0.1.tar.gz
kibana: kibana-6.0.1-linux-x86_64.tar.gz
logstash: logstash-6.0.1.tar.gz
jdk: jdk-8u65-linux-x64.gz
2.安裝java環境
cd /usr/local/src tar zxf jdk-8u65-linux-x64.gz -C /usr/local/ ln -s jdk1.8.0_65 jdk echo "PATH=/usr/local/jdk/bin:$PATH" >> /etc/profile source /etc/profile
3.ELK環境配置
#修改系統文件
vi /etc/security/limits.conf
#增加的內容
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096#修改系統文件vi /etc/security/limits.d/20-nproc.conf
#調整成以下配置
* soft nproc 4096
root soft nproc unlimited#修改系統文件vi /etc/sysctl.conf
#增加的內容 vm.max_map_count=655360 fs.file-max=655360 sysctl -p
#創建ELK用戶useradd elk
4.Elasticsearch 部署
mkdir /usr/local/elk6.0.1
cd /usr/local/src/
tar zxf elasticsearch-6.0.1.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/elasticsearch-6.0.1 elasticsearch修改配置文件:
vim kibana/config/kibana.yml vi elasticsearch/config/elasticsearch.yml cluster.name: es-cluster # 集群名稱 node.name: node-master # master節點名稱 node.master: true # 是否為master node.data: true # 是否為數據節點 path.data: /home/apps/elasticsearch # 數據保存路徑 path.logs: /home/logs/elasticsearch # 日誌路徑 network.host: 172.16.8.8 # 監聽IP,若為0.0.0.0 表示監聽全網IP http.port: 9200 # 端口 discovery.zen.ping.unicast.hosts: ["172.16.8.8:9200"] # 配置自動發現的主機 discovery.zen.minimum_master_nodes: 1 # 配置只有一個master
創建數據目錄:mkdir -p /home/apps/elasticsearch /home/logs/elasticsearch
修改權限,開放端口訪問
chown -R elk:elk /usr/local/elk6.0.1 elasticsearch /home/apps/elasticsearch /home/logs/elasticsearch
firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --add-port=9300/tcp --permanent
firewall-cmd --reload啟動服務:
su - elk;
/usr/local/elasticsearch/bin/elasticsearch -d查看健康狀態(如果返回status=green表示正常):curl http://172.16.8.8:9200/_cluster/health?pretty
5.Logstash 部署
cd /usr/local/src/
tar zxf logstash-6.0.1.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/logstash-6.0.1 logstash修改配置文件:
vi logstash/config/logstash.yml
path.logs: /home/logs/logstash # 日誌路徑創建數據目錄 && 授權:
mkdir -p /home/logs/logstash
chown -R elk:elk elk6.0.1/logstash-6.0.1 logstash /home/logs/logstash6.Logstash 安裝JDBC插件/usr/local/logstash/bin/logstash-plugin install logstash-input-jdbc
編寫配置文件:
vi /usr/local/logstash/config/mysqsl-jdbc.conf
input {
stdin {}
jdbc {
jdbc_driver_library => "/usr/local/logstash/mysql-connector-java-5.1.3.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://192.168.0.211:3306/main"
jdbc_user => "ops"
jdbc_password => "123"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
#statement_filepath => "jdbc.sql"
statement => "SELECT * from qp_inquiry"
schedule => "* * * * *"
type => "jdbc"
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => "172.16.8.8:9200"
index => "mysql_query"
document_id => "%{id}"
}
stdout {
codec => json_lines
}
}檢查配置 && 啟動logstash服務
/usr/local/bin/logstash -f config/mysqsl-jdbc.conf --config.test_and_exit
/usr/local/bin/logstash -f config/mysqsl-jdbc.conf7.kibana 部署
cd /usr/local/src/
tar zxf kibana-6.0.1-linux-x86_64.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/kibana-6.0.1-linux-x86_64 kibana修改配置文件:
vi kibana/config/kibana.yml
server.port: 5601 # 端口
server.host: "172.16.8.8" # 監聽IP
elasticsearch.url: "http://172.16.8.8:9200" # 配置ES的IP:PORT修改權限,開放端口訪問
chown -R elk:elk elk6.0.1/kibana-6.0.1-linux-x86_64 kibana
firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload切換賬號,啟動服務
su - elk;
nohup /usr/local/kibana/bin/kibana &訪問:
瀏覽器訪問: 172.16.8.8:5601
CentOS7搭建ELK6.0.1