1. Logstash

1.1 安裝

注：安裝在需要收集日志的機器上。

cd /data/softs sudo wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz sudo tar -zxf logstash-2.4.0.tar.gz sudo mv logstash-2.4.0 /usr/local/logstash

1.2 創建配置

cd /usr/local/logstash sudo vim logstash.conf

輸入：

input {file {path => ["/data/logs/error/program.error.log"]type => "error"tags => ["error"]start_position => "beginning"#sincedb_path => "/dev/null"codec => "json"}file {path => ["/data/logs/error/program.warning.log"]type => "warning"tags => ["warning"]start_position => "beginning"#sincedb_path => "/dev/null"codec => "json"}#file {# path => ["/data/logs/access/nginx.access.log"]# type => "access"# tags => ["access"]# start_position => "beginning"# codec => "json"#} } output {if "error" in [tags] {elasticsearch {hosts => "10.0.0.23:9200"index => "error_log"}stdout { codec=> rubydebug }}if "warning" in [tags] {elasticsearch {hosts => "10.0.0.23:9200"index => "warning_log"}stdout { codec=> rubydebug }}if "access" in [tags] {elasticsearch {hosts => "10.0.0.23:9200"#index => "access_log"index => "access_log_%{+YYYY.MM.dd}"}stdout { }} }

1.3 啟動

sudo /usr/local/logstash/bin/logstash agent -f /usr/local/logstash/logstash.conf 2>>/data/logs/error/logstash.error.log &

2. ElasticSearch集群（三臺）

2.1 安裝

# 安裝JDKsudo yum -y install java-1.8.0-openjdk# 下載ES RPM包sudo wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-2.4.0.rpm# 安裝rpm -ivh elasticsearch-5.2.0.rpm# 開機啟動sudo /bin/systemctl daemon-reloadsudo /bin/systemctl enable elasticsearch.service

2.2 配置

2.2.1 elasticsearch01

# 更改配置 sudo vim /etc/elasticsearch/elasticsearch.ymlpath.data: /data/components/elasticsearchpath.plugins: /data/components/elasticsearch/pluginsnode.name: zt-elk01path.logs: /data/logs/network.host: 10.0.0.23http.port: 9200discovery.zen.ping.unicast.hosts: ["10.0.0.24","10.0.0.25"]# 重啟sudo systemctl enable elasticsearch.servicesudo systemctl restart elasticsearch.service

2.2.2 elasticsearch02

# 更改配置 sudo vim /etc/elasticsearch/elasticsearch.ymlpath.data: /data/components/elasticsearchpath.plugins: /data/components/elasticsearch/pluginscluster.name: zt-elknode.name: zt-elk02path.logs: /data/logs/network.host: 10.0.0.24http.port: 9200discovery.zen.ping.unicast.hosts: ["10.0.0.23","10.0.0.25"]# 重啟sudo systemctl enable elasticsearch.servicesudo systemctl restart elasticsearch.service

2.2.3 elasticsearch03

# 更改配置 sudo vim /etc/elasticsearch/elasticsearch.ymlpath.data: /data/components/elasticsearchpath.plugins: /data/components/elasticsearch/pluginscluster.name: zt-elknode.name: zt-elk03path.logs: /data/logs/network.host: 10.0.0.25http.port: 9200discovery.zen.ping.unicast.hosts: ["10.0.0.23","10.0.0.24"]# 重啟sudo systemctl enable elasticsearch.servicesudo systemctl restart elasticsearch.service

3. 安裝Kibana

3.1 安裝

注：安裝在能對外訪問的機器上。

cd /data/softs sudo wget https://download.elastic.co/kibana/kibana/kibana-4.6.0-linux-x86_64.tar.gz sudo tar -zxf kibana-4.6.0-linux-x86_64.tar.gz sudo mv kibana-4.6.0-linux-x86_64 /usr/local/kibana

3.2 配置

更改相關配置：

cd /usr/local/kibana vim config/kibana.ymlserver.port: 5601 server.host: "127.0.0.1"elasticsearch.url: "http://10.0.0.23:9200"

3.3 啟動

sudo /usr/local/kibana/bin/kibana

4. tips

4.1 刪除索引

curl -XDELETE 'http://127.0.0.1:9200/applog' 《新程序員》：云原生和全面數字化實踐50位技術專家共同創作，文字、視頻、音頻交互閱讀

總結

以上是生活随笔為你收集整理的【ELK】ELK集群搭建（ElasticSearch Logstash Kinaba）的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。