大佬教程收集整理的这篇文章主要介绍了如何在CentOS 7上安装Elasticsearch,Logstash和Kibana(ELK堆栈),大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
# JDK下载地址:
http://www.Oracle.com/technetwork/java/javase/downloads
yum -y localinstall jdk-8u111-linux-x64.rpm
# or
rpm -ivh jdk-8u111-linux-x64.rpm
# https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo '[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/elasticsearch.repo
yum makecache
yum install elasticsearch -y
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
sudo systemctl stop elasticsearch.service
# 注释24行的 --quiet \
vim /etc/systemd/system/multi-user.target.wants/elasticsearch.service
sudo journalctl -f
sudo journalctl --unit elasticsearch
sudo journalctl --unit elasticsearch --since "2017-1-4 10:17:16"
# since 表示指定时间之前的记录
curl -XGET 'localhost:9200/?pretty'
{
"name" : "De-LRNO","cluster_name" : "elasticsearch","cluster_uuid" : "DeJzplWhQQK5uGitXr8jjA","version" : { "number" : "5.1.1","build_hash" : "5395e21","build_date" : "2016-12-06T12:36:15.409Z","build_snapshot" : false,"lucene_version" : "6.3.0" },"tagline" : "You KNow,for Search" }
[root@linuxprobe ~]# egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
[root@linuxprobe ~]# egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 10.1.1.53 # 默认localhost,自定义为ip
http.port: 9200
[root@linuxprobe elasticsearch]# egrep -v "^#|^$" /etc/sysconfig/elasticsearch
ES_HOME=/usr/share/elasticsearch
JAVA_HOME=/usr/java/jdk1.8.0_111
CONF_DIR=/etc/elasticsearch
data_dir=/var/lib/elasticsearch
LOG_DIR=/var/log/elasticsearch
PID_DIR=/var/run/elasticsearch
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo '[kibana-5.x]
name=Kibana repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/kibana.repo
yum makecache && yum install kibana -y
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
sudo systemctl start kibana.service
sudo systemctl stop kibana.service
# https://www.Nginx.com/resources/wiki/start/topics/tutorials/install/
echo '[Nginx]
name=Nginx repo
baseurl=http://Nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
' | sudo tee /etc/yum.repos.d/Nginx.repo
yum install Nginx httpd-tools -y
[root@linuxprobe ~]# htpasswd -c /etc/Nginx/htpasswd.users kibanaadmin
New password: # 自定义
Re-type new password:
Adding password for user kibanaadmin
[root@linuxprobe ~]# egrep -v "#|^$" /etc/Nginx/conf.d/kibana.conf
server {
listen 80;
server_name kibana.aniu.co;
access_log /var/log/Nginx/kibana.aniu.co.access.log main;
error_log /var/log/Nginx/kibana.aniu.co.access.log;
auth_basic "ReStricted Access";
auth_basic_user_file /etc/Nginx/htpasswd.users;
LOCATIOn / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# 启动Nginx并验证配置
sudo systemctl start Nginx
sudo systemctl enable Nginx
# 导入公共签名密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# 将以下内容添加到具有.repo后缀的文件中的/etc/yum.repos.d/目录中,如logstash.repo
echo '[logstash-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/logstash.repo
yum makecache && yum install logstash -y
cd /etc/pki/tls
sudo openssl req -subj '/CN=ELK_server_fqdn/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forWARDer.key -out certs/logstash-forWARDer.crt
# 注:ELK_server_fqdn自定义,示例如下:
[root@linuxprobe ~]# cd /etc/pki/tls
[root@linuxprobe tls]# sudo openssl req -subj '/CN=kibana.aniu.co/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forWARDer.key -out certs/logstash-forWARDer.crt
Generating a 2048 bit RSA private key
.+++
...........................................................................................................+++
wriTing new private key to 'private/logstash-forWARDer.key'
-----
sudo vi /etc/logstash/conf.d/01-beats-input.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forWARDer.crt"
ssl_key => "/etc/pki/tls/private/logstash-forWARDer.key"
}
}
sudo vim /etc/logstash/conf.d/10-syslog-filter.conf
filter {
if [type] == "syslog" { grok { @H_697_488@match => { "message" => "%{SYSLOGtimestAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at","%{@timestamp}" ]
add_field => [ "received_from","%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp","MMM d HH:mm:ss","MMM dd HH:mm:ss" ]
}
}
}
vim /etc/logstash/conf.d/logstash-simple.conf
input { stdin { } }
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
sudo systemctl start logstash.service
sudo systemctl enable logstash.service
cd /usr/local/src
curl -L -O https://download.elastic.co/beats/dashboards/beats-dashboards-1.1.0.zip
sudo yum -y install unzip
unzip beats-dashboards-*.zip
./load.sh
cd /usr/local/src
curl -O https://gist.githubusercontent.com/thisismitch/3429023e8438cc25b86c/raw/d8c479e2a1adcea8b1fe86570e42abab0f10f364/filebeat-index-template.json
# 注:执行命令的位置和json模板相同
[root@linuxprobe src]# curl -XPUT 'http://localhost:9200/_template/filebeat?pretty' -d@filebeat-index-template.json
{
"ackNowledged" : true
}
# 使用SCP远程实现复制
yum -y install openssh-clinets
#
scp /etc/pki/tls/certs/logstash-forWARDer.crt root@linux-node1:/tmp
# 注:如果不适用ip,记得在ELK服务器上设置hosts
[root@linux-node1 ~]# sudo mkdir -p /etc/pki/tls/certs
[root@linux-node1 ~]# sudo cp /tmp/logstash-forWARDer.crt /etc/pki/tls/certs/
sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch
#
echo '[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee /etc/yum.repos.d/elasticsearch.repo
yum makecache && yum install filebeat -y
sudo chkconfig --add filebeat
[root@linux-node1 ~]# egrep -v "#|^$" /etc/filebeat/filebeat.yml
filebeat.prospectors:
- input_type: log
paths:
- /var/log/secure # 新增
- /var/log/messages # 新增
- /var/log/*.log
output.elasticsearch:
hosts: ["localhost:9200"]
output.logstash:
hosts: ["kibana.aniu.co:5044"] # 修改为ELK上Logstash的连接方式
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forWARDer.crt"] # 新增
sudo systemctl start filebeat
sudo systemctl enable filebeat
以上是大佬教程为你收集整理的如何在CentOS 7上安装Elasticsearch,Logstash和Kibana(ELK堆栈)全部内容,希望文章能够帮你解决如何在CentOS 7上安装Elasticsearch,Logstash和Kibana(ELK堆栈)所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。