nJcx's Blog

生而不忧,死而不怖。得其时横刀天下,不得其时蓬头而行。

elk 实践


安装

下载 elk 组件备用

https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-6.2.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/beats/packetbeat/packetbeat-6.2.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/beats/auditbeat/auditbeat-6.2.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/beats/heartbeat/heartbeat-6.2.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.0.tar.gz
https://artifacts.elastic.co/downloads/kibana/kibana-6.2.0-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/logstash/logstash-6.2.0.tar.gz
https://artifacts.elastic.co/downloads/kibana-plugins/x-pack-6.2.0.zip/x-pack-6.2.0.zip
  • Packetbeat: 网络数据(收集网络流量数据)
  • Metricbeat: 指标 (收集系统、进程和文件系统级别的 CPU 和内存使用情况等数据)
  • Filebeat: 日志文件(收集文件数据)
  • Winlogbeat: windows事件日志(收集 Windows 事件日志数据)
  • Auditbeat:审计数据 (收集审计日志)
  • Heartbeat:运行时间监控 (收集系统运行时的数据)
  • Logstash: 过滤和传输
  • Elasticsearch : 存储与搜索引擎
  • Kibana:前端

安装jdk 和 scala (scala 和 kafka备用,可不装)

https://downloads.lightbend.com/scala/2.12.6/scala-2.12.6.tgz
http://mirrors.hust.edu.cn/apache/kafka/2.0.0/kafka_2.12-2.0.0.tgz
http://download.oracle.com/otn-pub/java/jdk/8u181-b13/96a7b8442fe848ef90c96a2fad6ed6d1/jdk-8u181-linux-x64.tar.gz
cd /opt && download  ALL  && tar -zxvf  ALL

配置环境变量

echo -e "export JAVA_HOME=/opt/jdk1.8.0_181 \n\
export JRE_HOME=\${JAVA_HOME}/jre \n\
export CLASSPATH=.:\${JAVA_HOME}/lib:\${JRE_HOME}/lib \n\
export PATH=\${JAVA_HOME}/bin:\$PATH \n\
export SCALA_HOME=/opt/scala-2.12.6 \n\
export PATH=\$PATH:\$SCALA_HOME/bin \n\
" >> /etc/profile && source /etc/profile

配置 elasticsearch

两个节点: 172.16.131.134(master) 172.16.131.133(slave)

添加hosts文件

172.16.131.133 slave_1
172.16.131.134 master

vim /etc/security/limits.conf

* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096

vim /etc/sysctl.conf

vm.max_map_count = 655360

sysctl -p

[root@localhost local]# groupadd elk
[root@localhost local]# useradd -g elk elk
[root@localhost local]# cd /opt 
[root@localhost local]# chown -R elk:elk elasticsearch-6.2.0

master 节点: 其他同上,es配置如下

cluster.name: elasticsearch
node.name: master
node.master: true  # 意思是该节点为主节点
node.data: false  # 表示这不是数据节点
network.host: 0.0.0.0  # 监听全部ip
http.port: 9200  # es服务的端口号
discovery.zen.ping.unicast.hosts:['172.16.131.133','172.16.131.134']

slave节点: 其他同上,es配置如下

cluster.name: elasticsearch
node.name: slave_1
node.master: false # 意思是该节点不是主节点
node.data: true  # 表示这是数据节点
network.host: 0.0.0.0  # 监听全部ip
http.port: 9200  # es服务的端口号
discovery.zen.ping.unicast.hosts:['172.16.131.133','172.16.131.134']

关闭防火墙(生产环境不应该关闭)

systemctl status firewalld.service
systemctl stop firewalld.service
systemctl disable firewalld.service

./elasticsearch -d 启动两个节点

测试

curl -GET 0.0.0.0:9200/_cat/health?v

curl -GET 0.0.0.0:9200/_cat/indices?v

curl -GET 0.0.0.0:9200/_cluster/health?pretty

curl -GET 0.0.0.0:9200/_cluster/state?pretty

配置 kibna

server.port: 8080
server.host: "172.16.131.134"
elasticsearch.url: "http://localhost:9200"
logging.dest: /opt/kibana-6.1.2-linux-x86_64/log/kibana.log
elasticsearch.username: "kibana"
elasticsearch.password: "kibanapassword"

./kibana & 启动

  • Discover //搜索
  • visualization // 统计图
  • Dashboard // 看板
  • Timelion //时间序列

bin/kibana-plugin install file:///opt/x-pack-6.2.0.zip

bin/elasticsearch-plugin install file:///opt/x-pack-6.2.0.zip

/usr/share/logstash/bin/logstash-plugin install x-pack file:///opt/x-pack-6.2.0.zip

xpack.monitoring.elasticsearch.url: "http://ip:9200"

配置logstash
xpack.monitoring.elasticsearch.url: "http://ip:9200"
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: pwd

x-pack

curl -u elastic:pwd  -XPUT 'http://127.0.0.1:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json

license.json

{"license":{"uid":"f19eabab-77ae-4ccd-b90c-f20e5605e625",
"type":"platinum",
"issue_date_in_millis":1542153600000,
"expiry_date_in_millis":2524579200999,
"max_nodes":100,
"issued_to":"nj cx (baidu)",
"issuer":"WebForm",
"signature":"AAAAAwAAAA1neEkkwW17TBDufpgpAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQAERQE/JDSC3INTJO4W5B1Hs7Ug+A9crNoVzQJOgjIdzP/U+A8XRc7Fb1APo+aCD+a6x4Sl+7/2p4HjjdF5G/n5GJYTMpOZ0CBOnq3VghGlmZsyWktqR8kiVPmt1J3a0TS2J8Np0s1ZCBsGhUXoy7CG1vTErUOjeJg2AgR3McXCm/WTzLjEVM/GZ1/u0qzEsxEUXGbRAFDLfQ9q9v6sIxUSybV42zLJKSTZJb/AJluGy0vQpLmRnEccKfKpzWGCYRaJg00K+LI6xs1RA8NJuXaahcwVBF+Osxi+/CWPdgXnlkJTcjKr6WzVjC7VNYOdVXu4sp3NefiinRWmfPGFYOQH",
"start_date_in_millis":1542153600000}}
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.0.rpm

wget --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie;" http://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jdk-8u191-linux-x64.tar.gz


export JAVA_HOME=/opt/jdk1.8.0_191
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:$PATH

ln -s /opt/jdk1.8.0_191/bin/java /usr/bin/java