一:安装elasticsearch
1:下载
[root@ghs wget]# wget -c https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.1.1.tar.gz
2:解压并移动到/usr/local目录下
[root@ghs wget]# tar -zxvf elasticsearch-5.1.1.tar.gz
[root@ghs wget]# mv elasticsearch-5.1.1 /usr/local/elk
3:编辑配置文件
cluster.name: elktest
node.name: node-1
path.data: /usr/local/elk
path.logs: /usr/local/elk/log
network.host: 0.0.0.0
http.port: 9200
##由于启动elasticsearch ROOT用户不能启动,所以我们创建个普通用户
4:创建用户并设置属主
[root@ghs wget]# useradd test
[root@ghs wget]# chown -R test /usr/local/elk
5:切换到test用户启动elasticsearch
[test@ghs ~]$ /usr/local/elk/bin/elasticsearch -d
6:查看监听端口是否已启动
[test@ghs ~]$netstat -lnpt
tcp6 0 0 :::9200 :::* LISTEN 3125/java
tcp6 0 0 :::9300 :::* LISTEN 3125/java
#elasticsearch默认是监听9200 9300端口号,看到这两个端口表示已启动成功
7:在浏览器输入ip+端口访问192.168.1.201:9200显示如下
二:安装logstash
1:下载
[root@ghs wget]# wget -c https://artifacts.elastic.co/downloads/logstash/logstash-5.1.1.tar.gz
2:解压并移动到/usr/local/elk目录下
[root@ghs wget]# tar -zxvf logstash-5.1.1.tar.gz
[root@ghs wget]# mv logstash-5.1.1.tar.gz /usr/local/elk/logstash
3:在/etc/profile设置变量,并刷新
[root@ghs wget]# vim /etc/profile
export PATH=/usr/local/elk/logstash/bin:$PATH //设置logstash变量的路径
刷新文件
[root@ghs wget]# source /etc/profilge
4:启动logstash
logstash有两种启动,分别加参数-e和-f !-e用来快速测试不用修改配置文件,用来调试;-f指定配置文件启动(主要)基本配置完成,下面进行启动测试
(1)使用-e 测试,启动后输入hell ghs 它会在后面输出2017-11-23T06:35:53.819Z 0.0.0.0 hell ghs
[root@ghs wget]# logstash -e "input {stdin{}} output {stdout{}}"
hell ghs
Sending Logstash's logs to /usr/local/elk/logstash-5.1.1/logs which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
[2017-11-23T14:35:53,811][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
[2017-11-23T14:35:53,831][INFO ][logstash.pipeline ] Pipeline main started
2017-11-23T06:35:53.819Z 0.0.0.0 hell ghs
[2017-11-23T14:35:53,922][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
(2)使用-f 测试,编辑个配置文件加入以下内容
[root@ghs wget]# vim test.conf
input {
stdin{}
}
output {
stdout {
codec => rubydebug{}
}
}
启动后显示如下
[root@ghs ~]# logstash -f test.conf
Sending Logstash's logs to /usr/local/elk/logstash-5.1.1/logs which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
[2017-11-23T14:42:34,539][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
[2017-11-23T14:42:34,559][INFO ][logstash.pipeline ] Pipeline main started
[2017-11-23T14:42:34,659][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
{
"@timestamp" => 2017-11-23T06:43:39.033Z,
"@version" => "1",
"host" => "0.0.0.0",
"message" => "",
"tags" => []
}
三:安装kiana
1:下载
[root@ghs ~]# https://artifacts.elastic.co/downloads/kibana/kibana-5.1.1-linux-x86_64.tar.gz
2:解压并移动到/usr/local/elk目录下
[root@ghs ~]# tar -zxvf kibana-5.1.1-linux-x86_64.tar.gz
[root@ghs ~]# mv kibana-5.1.1 /usr/local/elk/kiana
3:编辑kibana配置文件,加入以下内容
[root@ghs ~]# vim /usr/local/elk/kibana/config/kibana.yml
server.port: 5601 //开启监听端口
server.host: "192.168.1.201" //主机IP
elasticsearch.url: "http://192.168.1.201:9200" //elasticsearch的ip地址
4:启动kibana程序
[root@ghs ~]# nohup /usr/local/elk/kibana/bin/kibana > /dev/null &
5:打开浏览器ip+端口访问http://192.168.1.201:5601
