一，先配置java 环境变量

tar xvf /soft/jdk-7u79-linux-x64.tar.gz  -C /soft 

vim  /etc/profile
#java 
export JAVA_HOME=/soft/jdk1.7.0_79/
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:/$JAVA_HOME/bin:$HADOOP_HOME/bin
source /etc/profile

二，配置flume

tar xvf  apache-flume-1.6.0-bin.tar.gz -C /usr/local/ELK/
mv   apache-flume-1.6.0    usr/local/ELK/apache-flume 
cd  /usr/local/ELK/apache-flume/conf
cp  flume-env.sh.template  flume-env.sh
   
vi conf/flume-env.sh
JAVA_HOME=/soft/jdk1.8.0_101

三，验证是否安装成功

/usr/local/ELK/apache-flume/bin/flume-ng version
Flume 1.6.0
Source code repository: https://git-wip-us.apache.org/repos/asf/flume.git
Revision: 8633220df808c4cd0c13d1cf0320454a94f1ea97
Compiled by hshreedharan on Wed May  7 14:49:18 PDT 2014
From source with checksum a01fe726e4380ba0c9f7a7d222db961f

flume的案例

1)案例1：Avro 

 这里所指的案例都是以source的格式来定义

 Avro可以发送一个给定的文件给Flume，Avro 源使用AVRO RPC机制。

a)创建agent配置文件

cd  /usr/local/ELK/apache-flume/conf    
     
vim  avro.conf
a1.sources = r1
a1.sinks = k1
a1.channels = c1

# Describe/configure the source
a1.sources.r1.type = avro
a1.sources.r1.channels = c1
a1.sources.r1.bind = 0.0.0.0
a1.sources.r1.port = 4141

# Describe the sink
a1.sinks.k1.type = logger          将收集到的日志输出到控制台

# Use a channel which buffers events in memory
a1.channels.c1.type = memory
a1.channels.c1.capacity = 1000
a1.channels.c1.transactionCapacity = 100
# Bind the source and sink to the channel
a1.sources.r1.channels = c1
a1.sinks.k1.channel = c1

2)案例1：exec

这里所指的案例都是以source的格式来定义

ecex可以实时监控一个文件，使用tail -F  /opt/logs/usece.log。

a)创建agent配置文件

vim exec.conf 

a2.sources = r2
a2.sinks = k2
a2.channels = c2

#Describe/configure the source
a2.sources.r2.type = exec
a2.sources.r2.channels = c2
a2.sources.r2.command=tail -F /opt/logs/usercenter.log

# Describe the sink
a2.sinks.k2.type = file_roll
a2.sinks.k2.channel = c2
a2.sinks.k2.sink.directory = /opt/flume   将收集到的日志写入此目录下

# Use a channel which buffers events in memory
a2.channels.c2.type = memory
a2.channels.c2.capacity = 1000
a2.channels.c2.transactionCapacity = 100
# Bind the source and sink to the channel
a2.sources.r2.channels = c2
a2.sinks.k2.channel = c2