ThinkSSL🔒 一键申购 5分钟快速签发 30天无理由退款 购买更放心 广告
# ELK集群的部署 在这里提前准备好的jdk环境以及环境变量服务会报错,具体原因还在排查中,建议使用官方atp源 补充:排查结果在logstash的配置文件中有指定JAVA环境的配置,它不会去读取默认的系统环境。 ``` add-apt-repository ppa:webupd8team/java apt-get update apt-get install oracle-java8-installer ``` 安装logstash+elasticsearch集群+kibana ``` [root@localhost ~]# mv /var/lib/{elasticsearch,logstash} /data/ [root@localhost ~]# rpm –ivh https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.rpm [root@localhost ~]# cat /etc/logstash/logstash.yml path.data: /data/logstash path.config: /etc/logstash/conf.d/*.conf path.logs: /var/log/logstash 定义一个nginx日志输出格式的例子 [root@localhost ~]# vi /etc/logstash/conf.d/nginxlog.conf input { kafka { bootstrap_servers => "192.168.11.215:9092" topics => "nginxacc" consumer_threads => 5 codec => "json" } } filter { ruby { code => " if event.get('message') event.set('message', event.get('message').gsub('\x','Xx')) event.set('message', event.get('message').gsub('\\x','XXx')) end " } json { remove_field => "message" source => "message" } mutate { gsub => ["client", ",.*", ""] convert => { "size" => "integer" } convert => { "requesttime" => "float" } } geoip { source => "client" target => "geoip" remove_field => "client" } useragent { source => "agent" target => "user_agent" remove_field => "agent" } } output { elasticsearch { hosts => ["elasticsearch:9200"] index => "logstash-nginxacc-%{+YYYY.MM.dd}" } } 启动logstash服务 [root@localhost ~]# systemctl start logstash [root@localhost ~]# rpm -ivh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.rpm ``` **# Elasticsearch的配置如下** ``` [root@localhost ~]# cat /etc/elasticsearch/elasticsearch.yml path.data: /data/elasticsearch path.logs: /var/log/elasticsearch network.host: 192.168.11.231 discovery.zen.ping.unicast.hosts: ["192.168.11.231:9300","192.168.11.232:9300","192.168.11.233:9300"] discovery.zen.minimum_master_nodes: 2 http.cors.enabled: true http.cors.allow-origin: "*" 其它两台network.host处也相应修改为本机ip 启动服务 [root@localhost ~]# systemctl start elasticsearch ``` **# Kibana配置:** ``` [root@localhost ~]# rpm –ivh https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-x86_64.rpm [root@localhost ~]# cat /etc/kibana/kibana.yml server.host: "192.168.11.231" elasticsearch.url: http://192.168.11.231:9200 启动kibana服务 [root@localhost ~]# systemctl start kibana ``` # ELK效果图: ![](https://box.kancloud.cn/9200195b02d455e520ffdfb3b6014ab9_2848x1566.png)