ELK Stack最新版本测试一安装篇

elk stack最新版本测试一安装篇

咱们废话少说，直接切入正题
先看版本
filebeat1.0.0-rc2 logstash2.0.0-1 elasticsearch2.0.0 kibana4.2

那么多内容可以简单归结如下：
名词解释

elasticsearch 存储索引
kibana ui
kibana dashboard 可视化思维图
logstash input beats plugin 收集事件
elasticsearch output plugin 发送事务
filebeat 日志数据托运人shipper
topbeat 轻量级服务器监控
packetbeat 在线网络数据包分析




架构




一，客户端安装


filebeat架构




https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-installation


nginx日志客户端安装filebeat


安装filebeat
curl -l -o https://download.elastic.co/beats/filebeat/filebeat-1.0.0-rc2-x86_64.rpm
rpm-vi filebeat-1.0.0-rc2-x86_64.rpm
配置filebeat
/etc/filebeat/filebeat.yml


filebeat configuration:
filebeat:
prospectors:
-
paths:
- "/var/log/*.log"
fields:
type: syslog
output:
elasticsearch:
enabled: true
hosts: ["http://localhost:5043"]


启动filebeat


[root@backup01 filebeat]# curl -xput 'http://192.168.0.58:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json
{
"acknowledged" : true
}




topbeat
https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-getting-started.html


curl -l -o https://download.elastic.co/beats/topbeat/topbeat-1.0.0-rc2-x86_64.rpm
rpm -vih topbeat-1.0.0-rc2-x86_64.rpm


packetbeat
https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-getting-started.html
yum install libpcap
curl -l -o https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-rc2-x86_64.rpm
rpm -vi packetbeat-1.0.0-rc2-x86_64.rpm




二，服务器端安装


安装elk
https://www.elastic.co/guide/en/beats/libbeat/1.0.0-rc2/getting-started.html#logstash-setup


既可以分析日志，又可以监控服务器状态，还可以分析http协议等网络数据包。


elasticearch安装


yum install java-1.7.0-openjdk
curl -l -o https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-2.0.0.rpm
rpm -ivh elasticsearch-2.0.0.rpm


配置启动
cat /etc/elasticsearch/elasticsearch.yml |grep -ev "^$|^#"
path.data: /data
path.logs: /data/elklogs
network.host: 192.168.0.58


chmod elasticsearch:elasticsearch /data/elasticsearch/ -r
chmod elasticsearch:elasticsearch /data/elklogs/ -r


service elasticsearch start




测试elasticearch
[root@localhost ~]# curl http://127.0.0.1:9200
{
"name" : "redwing",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.0.0",
"build_hash" : "de54438d6af8f9340d50c5c786151783ce7d6be5",
"build_timestamp" : "2015-10-22t08:09:48z",
"build_snapshot" : false,
"lucene_version" : "5.2.1"
},
"tagline" : "you know, for search"
}




logstash安装（102.131）


curl -l -o https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.0.0-1.noarch.rpm
rpm -ivh logstash-2.0.0-1.noarch.rpm




logstash配置
cat nginxconf.json
input {
beats {
port => 5044
}
}


output {
elasticsearch {
hosts => "192.168.0.58:9200"
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+yyyy.mm.dd}"
document_type => "%{[@metadata][type]}"
}
}




kibana安装


curl -l -o https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz
tar xzvf kibana-4.2.0-linux-x64.tar.gz
cd kibana-4.2.0-linux-x64/
./bin/kibana


先修改kibana.yml 可设置端口号，elaticsearch
mv kibana-4.2.0-linux-x64 /var/kibana
nohup /var/kibana/bin/kibana -e http://192.168.0.58:9200 &


log [13:14:14.588] [info][status][plugin:kibana] status changed from uninitialized to green - ready
log [13:14:14.617] [info][status][plugin:elasticsearch] status changed from uninitialized to yellow - waiting for elasticsearch
log [13:14:14.630] [info][status][plugin:kbn_vislib_vis_types] status changed from uninitialized to green - ready
log [13:14:14.639] [info][status][plugin:markdown_vis] status changed from uninitialized to green - ready
log [13:14:14.646] [info][status][plugin:metric_vis] status changed from uninitialized to green - ready
log [13:14:14.655] [info][status][plugin:spymodes] status changed from uninitialized to green - ready
log [13:14:14.658] [info][status][plugin:statuspage] status changed from uninitialized to green - ready
log [13:14:14.661] [info][status][plugin:elasticsearch] status changed from yellow to green - kibana index ready
log [13:14:14.663] [info][status][plugin:table_vis] status changed from uninitialized to green - ready
log [13:14:14.675] [info][listening] server running at http://0.0.0.0:5601




kibana dashboard加载
curl -l -o http://download.elastic.co/beats/dashboards/beats-dashboards-1.0.0-rc2.tar.gz
tar xzvf beats-dashboards-1.0.0-rc2.tar.gz
cd beats-dashboards-1.0.0-rc2/
./load.sh


./load.sh http://192.168.0.58:9200
curl
loading search cache-transactions:
{"_index":".kibana","_type":"search","_id":"cache-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}
loading search db-transactions:
{"_index":".kibana","_type":"search","_id":"db-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}


最后测试索引的命令如下：
curl 192.168.0.58:9200/_cat/indices
yellow open .kibana 1 1 93 0 69kb 69kb
yellow open filebeat-2015.11.18 5 1 4109 0 2.9mb 2.9mb
详细配置可以参考配置篇
http://blog.chinaunix.net/uid-25057421-id-5576272.html