ELK1：安装搭建

1、安装：
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
vi /etc/yum.repos.d/logstash.repo
[elasticsearch-6.x]
name=Elastic repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

yum install -y java logstash elasticsearch kibana
2、配置elasticserach：
cd /etc/elasticsearch/
cp elasticsearch.yml elasticsearch.yml.orig
mkdir -p /data/elk/elasticsearch
mkdir -p /data/logs/elasticsearch
chown elasticsearch.elasticsearch -R /data/elk/elasticsearch
chown elasticsearch.elasticsearch -R /data/logs/elasticsearch
sed -i '/path.data/s#/path/to/data#/data/elk/elasticsearch#' elasticsearch.yml
sed -i '/path.data/s/#//' elasticsearch.yml
sed -i '/path.logs/s#/path/to/logs#/data/logs/elasticsearch#' elasticsearch.yml
sed -i '/path.logs/s/#//' elasticsearch.yml
grep 'path.' elasticsearch.yml
sed -i '/network.host/s/192.168.0.1/172.16.54.95/' elasticsearch.yml
sed -i '/network.host/s/#//' elasticsearch.yml
grep 'network.host' elasticsearch.yml
cat>>/etc/elasticsearch/elasticsearch.yml<<EOF
http.cors.allow-origin: "*"
http.cors.enabled: true
EOF
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch
systemctl status elasticsearch
firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --reload
3、配置kibana:
cd /etc/kibana/
cp kibana.yml kibana.yml.orig
sed -i '/#server.host/s/"localhost"/172.16.54.95/' kibana.yml
sed -i '/#server.host/s/#//' kibana.yml
grep 'server.host' kibana.yml
sed -i '/elasticsearch.url/s/localhost/172.16.54.95/' kibana.yml
sed -i '/elasticsearch.url/s/#//' kibana.yml
grep 'elasticsearch.url' kibana.yml
systemctl start kibana
systemctl restart kibana
systemctl status kibana
firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload
4、配置logstash:
cd /etc/logstash/
cp logstash.yml logstash.yml.orig
mkdir -p /data/elk/logstash
mkdir -p /data/logs/logstash
chown logstash.logstash -R /data/elk/logstash
chown logstash.logstash -R /data/logs/logstash
sed -i '/^path.data/s#/var/lib/logstash#/data/elk/logstash#' logstash.yml
sed -i '/^path.logs/s#/var/log/logstash#/data/logs/logstash#' logstash.yml
egrep '^path.' logstash.yml
ln -s /etc/logstash /usr/share/logstash/config
chown logstash.logstash -R /etc/logstash
cd /etc/logstash/conf.d/
cat>messages.conf<<EOF
input {
file {
path => "/var/log/messages"
}
}
output {
elasticsearch {
hosts => ["172.16.54.95:9200"]
index => "messages-%{+YYYY.MM.dd}"
}
stdout {

codec => rubydebug

}
}
EOF
//chmod 644 /var/log/messages

/usr/share/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'

systemctl daemon-reload
systemctl enable logstash
systemctl start logstash
systemctl status logstash

查看状态：http://172.16.54.95:5601/status#?_g=()

logstash语法检查：/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/messages.conf -t

启动：/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/messages.conf

image.png