elasticsearch
elasticsearch-5.5.1-1.noarch
安装参考:https://www.elastic.co/guide/en/elasticsearch/reference/current/install-elasticsearch.html
配置es源
1
2
3
4
5
6
7
8
9
10
|
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
cat /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
|
安装es
1
2
3
4
5
6
7
8
|
vi /etc/sysconfig/selinux
SELINUX=disabled
yum install -y java
java -version
yum install elasticsearch
mkdir -p /data/es-data
chown -R elasticsearch:elasticsearch /data/es-data/
|
es配置
1
2
3
4
5
6
7
8
9
|
grep '^[a-z]' /etc/elasticsearch/elasticsearch.yml
cluster.name: mulinux #集群名称
node.name: node1 #节点名称
path.data: /data/es-data
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
#discovery.zen.ping.unicast.hosts: ["192.168.84.12", "192.168.84.13"]#开启后使用单播,多节点时只需添加一个其他节点ip即可
|
启动es
1
2
3
4
|
egrep -v "^#|^$" /etc/sysconfig/elasticsearch
systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch
|
遇到报错:memory locking requested for elasticsearch process but memory is not locked
将bootstrap.memory_lock: true 改成bootstrap.memory_lock: false
访问:http://192.168.84.12:9200/
1
2
3
4
5
6
7
8
9
10
11
12
13
|
{
"name" : "node1",
"cluster_name" : "mulinux",
"cluster_uuid" : "E5r2BbPTTqSZytBSYRLekA",
"version" : {
"number" : "5.5.1",
"build_hash" : "19c13d0",
"build_date" : "2017-07-18T20:44:24.823Z",
"build_snapshot" : false,
"lucene_version" : "6.6.0"
},
"tagline" : "You Know, for Search"
}
|
访问restful api
curl -i -XGET ‘http://192.168.84.12:9200’/_count?pretty -d ‘{ “query”: {“match_all”:{}}}’
Logstash
参考:https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
logstash源配置
1
2
3
4
5
6
7
8
9
10
|
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
cat /etc/yum.repos.d/logstash.repo
[logstash-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
|
启动logstash并测试
1
2
3
4
5
6
|
yum install -y logstash
systemctl start logstash
/usr/share/logstash/bin/logstash -e 'input {stdin{}} output {stdout{}}'
/usr/share/logstash/bin/logstash -e 'input {stdin{}} output {stdout{ codec =>rubydebug }}'
/usr/share/logstash/bin/logstash -e 'input {stdin{}} output { elasticsearch {host => "192.168.84.12" protocol =>"http"}}'
|
配置logstash
1
2
3
4
5
6
7
8
9
|
https://www.elastic.co/guide/en/logstash/current/configuration.html
vi /etc/logstash/conf.d/01-logstash.conf
input { stdin { } }
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/01-logstash.conf
|
参考配置:
https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
https://www.elastic.co/guide/en/logstash/current/input-plugins.html
02-logstash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
cat /etc/logstash/conf.d/02-logstash.conf
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.84.12:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/02-logstash.conf
|
03-logstash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
cat /etc/logstash/conf.d/03-logstash.conf
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
file {
path => "/var/log/elasticsearch/mulinux.log"
type =>"es-error"
start_position => "beginning"
}
}
output {
if [type] == "system" {
elasticsearch {
hosts => ["192.168.84.12:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
if [type] == "es-error" {
elasticsearch {
hosts => ["192.168.84.12:9200"]
index => "es-error-%{+YYYY.MM.dd}"
}
}
}
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/03-logstash.conf
|
多行日志变成一个事件
vi /etc/logstash/conf.d/multiline.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
<!-- input {
stdin {
codec => multiline {
pattern => "pattern, a regexp"
negate => "true" or "false"
what => "previous" or "next"
}
}
} -->
input {
stdin {
codec => multiline {
pattern => "^\["
negate => true
what => "previous"
}
}
}
output {
stdout {
codec => "rubydebug"
}
}
|
03-logstash-2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
cat 03-logstash-2.conf
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
file {
path => "/var/log/elasticsearch/mulinux.log"
type =>"es-error"
start_position => "beginning"
codec => multiline {
pattern => "^\["
negate => true
what => "previous"
}
}
}
output {
if [type] == "system" {
elasticsearch {
hosts => ["192.168.84.12:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
if [type] == "es-error" {
elasticsearch {
hosts => ["192.168.84.12:9200"]
index => "es-error-%{+YYYY.MM.dd}"
}
}
}
|
kibana
安装参考:https://www.elastic.co/guide/en/kibana/current/install.html
安装kibana
rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch
vi /etc/yum.repos.d/kibana.repo
yum install -y kibana
vi /etc/kibana/kibana.yml
kibana配置
1
2
3
4
|
server.port: 5601
server.host: "192.168.84.12"
elasticsearch.url: "http://192.168.84.12:9200"
kibana.index: ".kibana"
|
启动kibana
1
2
3
|
systemctl daemon-reload
systemctl enable kibana
systemctl start kibana
|
访问
http://192.168.84.12:5601/
备注
前提是运行了logstash:/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/03-logstash-2.conf
创建默认索引
Mulinux