ELK Stack最新版本测试一安装篇

咱们废话少说，直接切入正题

先看版本

filebeat1.0.0-rc2  logstash2.0.0-1  elasticsearch2.0.0  kibana4.2

那么多内容可以简单归结如下：

名词解释

Elasticsearch              存储索引

Kibana                       UI

Kibana dashboard      可视化思维图

Logstash Input Beats plugin     收集事件

Elasticsearch output plugin       发送事务

Filebeat                     日志数据托运人shipper

Topbeat                    轻量级服务器监控

Packetbeat                在线网络数据包分析

架构

一，客户端安装

filebeat架构

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-installation

nginx日志客户端安装filebeat

安装filebeat

curl -L -O https://download.elastic.co/beats/filebeat/filebeat-1.0.0-rc2-x86_64.rpm

rpm-vi filebeat-1.0.0-rc2-x86_64.rpm

配置filebeat

/etc/filebeat/filebeat.yml

Filebeat configuration:

filebeat:   prospectors:     -       paths:         - "/var/log/*.log"       fields:         type: syslog output:   elasticsearch:     enabled: true     hosts: ["http://localhost:5043"]

启动filebeat

[root@backup01 filebeat]# curl -XPUT 'http://192.168.0.58:9200/_template/filebeat?pretty' -d@/etc/filebeat/filebeat.template.json {   "acknowledged" : true

}

topbeat

https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-getting-started.html

curl -L -O  https://download.elastic.co/beats/topbeat/topbeat-1.0.0-rc2-x86_64.rpm  

rpm -vih topbeat-1.0.0-rc2-x86_64.rpm

packetbeat

https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-getting-started.html

yum install libpcap

curl -L -O https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-rc2-x86_64.rpm

rpm -vi packetbeat-1.0.0-rc2-x86_64.rpm

二，服务器端安装

安装elk

https://www.elastic.co/guide/en/beats/libbeat/1.0.0-rc2/getting-started.html#logstash-setup

既可以分析日志，又可以监控服务器状态，还可以分析http协议等网络数据包。

elasticearch安装

yum install java-1.7.0-openjdk

curl -L -O https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-2.0.0.rpm

rpm -ivh elasticsearch-2.0.0.rpm

配置启动

cat /etc/elasticsearch/elasticsearch.yml  |grep -Ev "^$|^#" path.data: /data path.logs: /data/elklogs

network.host: 192.168.0.58

chmod elasticsearch:elasticsearch /data/elasticsearch/ -R

chmod elasticsearch:elasticsearch /data/elklogs/ -R

service elasticsearch start

测试elasticearch

[root@localhost ~]# curl http://127.0.0.1:9200 {   "name" : "Redwing",   "cluster_name" : "elasticsearch",   "version" : {     "number" : "2.0.0",     "build_hash" : "de54438d6af8f9340d50c5c786151783ce7d6be5",     "build_timestamp" : "2015-10-22T08:09:48Z",     "build_snapshot" : false,     "lucene_version" : "5.2.1"   },   "tagline" : "You Know, for Search"

}

logstash安装（102.131）

curl -L -O https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.0.0-1.noarch.rpm

rpm -ivh logstash-2.0.0-1.noarch.rpm

logstash配置

cat nginxconf.json

input {   beats {     port => 5044   } } output {   elasticsearch {     hosts => "192.168.0.58:9200"     sniffing => true     manage_template => false     index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"     document_type => "%{[@metadata][type]}"   }

}

kibana安装

curl -L -O https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz

tar xzvf kibana-4.2.0-linux-x64.tar.gz

cd kibana-4.2.0-linux-x64/

./bin/kibana

先修改kibana.yml 可设置端口号，elaticsearch

mv  kibana-4.2.0-linux-x64 /var/kibana

nohup /var/kibana/bin/kibana -e  http://192.168.0.58:9200 &

  log   [13:14:14.588] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready   log   [13:14:14.617] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch   log   [13:14:14.630] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready   log   [13:14:14.639] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready   log   [13:14:14.646] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready   log   [13:14:14.655] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready   log   [13:14:14.658] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready   log   [13:14:14.661] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready

  log   [13:14:14.663] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready

  log   [13:14:14.675] [info][listening] Server running at http://0.0.0.0:5601

kibana dashboard加载

curl -L -O http://download.elastic.co/beats/dashboards/beats-dashboards-1.0.0-rc2.tar.gz

tar xzvf beats-dashboards-1.0.0-rc2.tar.gz

cd beats-dashboards-1.0.0-rc2/

./load.sh

./load.sh  http://192.168.0.58:9200 curl Loading search Cache-transactions: {"_index":".kibana","_type":"search","_id":"Cache-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true} Loading search DB-transactions:

{"_index":".kibana","_type":"search","_id":"DB-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}

最后测试索引的命令如下：

curl 192.168.0.58:9200/_cat/indices

yellow open .kibana             1 1   93 0  69kb  69kb

yellow open filebeat-2015.11.18 5 1 4109 0 2.9mb 2.9mb

详细配置可以参考配置篇

http://jerrymin.blog.51cto.com/3002256/1720110