elk安装配置-备忘

客户端 filebeat,logstash 安装脚本

记录一下 elk体系的安装配置过程,备忘,elk体系发展迅速,网络上的资料各个版本都有,兼容性也不是很好,变化较快,安装时建议参考官网,这样少走一下弯路。

cd /usr/local
sudo chown -R deploy:forte elk/
sudo chown -R deploy:forte beat
sudo rm -R beat

sudo mv /usr/local/elk-agent.tar /tmp/
sudo chmod a+rw /tmp/*.log
sudo chown -R deploy:forte /usr/local/elk

编辑
/usr/local/elk/filebeat-1.1.1-x86_64/filebeat.yml
1、
修改抓取日志的path目录,每个服务器根据应用做相应修改
- “/usr/local/jboss-as-7.1.1.Final/standalone/log/server.log”
- “/usr/local/jetty/log/.log"
- "/wls/applogs/rtlog/mob/.log”
2、修改hosts部分如下,注意缩进和:后的空格
output:
logstash:
hosts: [“172.95.65.114:5044”]

3、修改shipper部分,name为服务器ip,tags为应用名称,如mob,wyweb,capthcha 注意:":"后面有空格。
name: mob
tags: [“mob”]

vi ./elk/topbeat-1.1.1-x86_64/topbeat.yml
修改logstash节点,ip为172.195.65.114
vi ./elk/packetbeat-1.1.1-x86_64/packetbeat.yml
修改logstash节点,ip为172.195.65.114

重启服务:
sh /usr/local/elk-agent-install.sh

查看端口
netstat -an|grep 5044 应该有3个,连接65.114,topbeat,packagebeat,filebeat 状态为established,没有的话,相应配置文件有错误。

##服务端配置##

=============================================
1, 下载 wget http://download.elastic.co/beats/dashboards/beats-dashboards-1.1.1.zip
2, 解压 unzip beats-dashboards-1.1.1.zip
3, 进入 cd beats-dashboards-1.1.1/
4, 执行 ./load.sh 或者 ./load.sh -url http://192.168.33.60:9200
将dashboard的模板配置数据存进elasticsarch里面

425 cd …/…/elasticsearch-2.3.3/bin
426 ll
427 plugin -install mobz/elasticsearch-head
428 ./plugin -install mobz/elasticsearch-head
429 install mobz/elasticsearch-head
430 ./plugin -h
431 ./plugin install mobz/elasticsearch-head
432 /usr/local/elasticsearch-2.3.3/
433 ./plugin install lukas-vlcek/bigdesk

nohup /usr/local/elasticsearch-2.3.3/bin/elasticsearch &
nohup /usr/local/logstash-2.3.3/bin/logstash agent -f /usr/local/logstash-2.3.3/logstash-index-simple.conf 1>/dev/null 2&1 &

curl -XPUT ‘http://172.95.65.116:9200/_template/topbeat?pretty’ -d@/usr/local/elasticsearch-2.3.3/topbeat.template.json

./bin/kibana plugin --install elastic/sense

基本概念:

http://www.open-open.com/lib/view/open1446466142138.html

http://www.open-open.com/lib/view/open1454483379683.html

基础配置示例:

http://www.iyunv.com/thread-42358-1-1.html

优化相关:
http://wenku.baidu.com/link?url=vZ-3nv8YQ9Yu8CH2fbJAj3uNQi3AfMlIY974kAN1HEg1AXk0dklOnbdlvZAVWl2It4WE2yAu3emI30RfiY1T-7gtAsiSPyUYB-nNKMWcaom

http://www.open-open.com/doc/view/04e9cbfaf19a4935be73fdc79b5e1c9e

索引生成规则:
http://www.open-open.com/lib/view/open1450167065578.html

上一篇:(五)史上最强ELK集群搭建系列教程——logstash搭建


下一篇:(11)elasticsearch常用查询,REST API的基本约定