ELK搭建-生产级|Java 开发实战 1话不多说,直接开

发表于

【话不多说】

1.话不多说,直接开干,多次搭建,准确无误

下载不了,请到官网下载!!!

wget artifacts.elastic.co/downloads/e…
wget artifacts.elastic.co/downloads/k…
wget artifacts.elastic.co/downloads/b…
wget artifacts.elastic.co/downloads/l…

tar -xzvf elasticsearch-6.7.2.tar.gz -C /usr/local/
tar -xzvf kibana-6.7.2-linux-x86_64.tar.gz -C /usr/local/
tar -xzvf filebeat-6.7.2-linux-x86_64.tar.gz -C /usr/local/
tar -xzvf logstash-6.7.2.tar.gz -C /usr/local/

首先安装jdk环境
#############################################################

1
2
3
4
5
6
7
8
9
10
11
12
ini复制代码rpm -ivh jdk-8u202-linux-x64.rpm
pid="sed -i '/export JAVA_HOME/d' /etc/profile"
eval $pid
pid="sed -i '/export CLASSPATH/d' /etc/profile"
eval $pid
cat >> /etc/profile <<EOF
export JAVA_HOME=/usr/java/jdk1.8.0_152
export CLASSPATH=%JAVA_HOME%/lib:%JAVA_HOME%/jre/lib
export PATH=\$PATH:\$JAVA_HOME/bin
EOF
source /etc/profile
java -version

#############################################################
#给elasticsearch用户授权
groupadd elasticsearch
useradd elasticsearch -g elasticsearch
chown -R elasticsearch.elasticsearch /usr/local/elasticsearch-6.7.2
chown -R elasticsearch.elasticsearch /usr/local/kibana-6.7.2-linux-x86_64/config
chown -R elasticsearch.elasticsearch /usr/local/filebeat-6.7.2-linux-x86_64
hostnamectl set-hostname elk-server
systemctl stop firewalld.service
systemctl disable firewalld.service

1
2
3
4
5
6
7
8
9
10
bash复制代码cat >> /etc/security/limits.conf << EOF
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
EOF

cat >> /etc/sysctl.conf << EOF
vm.max_map_count=655360 
EOF

sysctl -p

su - elasticsearch

/usr/local/elasticsearch-6.7.2/bin/elasticsearch -d

vi /usr/local/elasticsearch-6.7.2/config/elasticsearch.yml 修改network:0.0.0.0

curl http://127.0.0.1:9200

vi /usr/local/logstash-6.7.2/config/logstash.yml

需要root创建给elasticsearch用户权限

#################################################

path.data: /data/logstash/data

path.logs: /data/logstash/logs

#################################################

vi /usr/local/logstash-6.7.2/default.conf

#################################################

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
ini复制代码input {
  beats {
    host => "192.168.244.200"
    port => 5044
    codec => plain {
          charset => "UTF-8"
    }
  }
}

output {
  elasticsearch {
    hosts => "127.0.0.1:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

##########################################
根据自己需要更改

1
2
3
4
bash复制代码vi /usr/local/logstash-6.7.2/config/jvm.options       # 修改jvm内存 1g
vi /usr/local/elasticsearch-6.7.2/config/jvm.options  # 修改jvm内存 1g
nohup /usr/local/logstash-6.7.2/bin/logstash -f /usr/local/logstash-6.7.2/default.conf --config.reload.automatic > logstash.log 2>&1 &
vi /usr/local/kibana-6.7.2-linux-x86_64/config/kibana.yml

############################################

1
2
3
yaml复制代码server.port: 5601
server.host: "192.168.2.207"  云服务器0.0.0.0
elasticsearch.url: "http://localhost:9200"

############################################

1
bash复制代码nohup /usr/local/kibana-6.7.2-linux-x86_64/bin/kibana > kibana.log 2>&1 &

#// 通过filebeat收集日志,发送到logstash(生产一般在这里配置log的地址)

1
bash复制代码vi /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml

############################################

1
2
3
4
5
6
7
8
lua复制代码filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
output.logstash:
  hosts: ["localhost:5044"]
 注释掉output.elasticsearch

############################################

1
bash复制代码nohup /usr/local/filebeat-6.7.2-linux-x86_64/filebeat -e -c /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml -d "publish" > filebeat.log 2>&1 &

#最后,多看看su - elasticsearch里面的3个日志报错。

1,一般没出日志都是filebeat没配置好logstash,或是elsasearch、logstash状态有问题,或是配置文件错误导致

2,一般日志找不到有可能是时间戳无法分隔的问题

3,Docker目录位置:- /var/new_lib/docker/containers//-json.log

4,服务器时间与真实时间不一致

时间修正:root 用户

1
2
3
4
5
6
7
8
bash复制代码#######################
yum install -y ntpdate
yes | cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate us.pool.ntp.org
crontab -l >/tmp/crontab.bak
echo "*/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP" >> /tmp/crontab.bak
crontab /tmp/crontab.bak
#######################

参考网址:

blog.51cto.com/andyxu/2124…

blog.csdn.net/boling_cava…

本文转载自: 掘金

开发者博客 – 和开发相关的 这里全都有

0%