Article directory

The principle of filebeat
Kafka 简介
Introduction to zookeeper
Build Filebeat+zookeeper+kafka+ELK

The principle of filebeat

Filebeat works like this: when you start Filebeat, it starts one or more inputs that it looks for in the location specified for log data. For every log that Filebeat finds, Filebeat starts a collector. Each collector reads a single log for new content and sends the new log data to libbeat, which will aggregate the events and send the aggregated data to the output configured for Filebeat

Filebeat structure: Consists of two components, inputs (inputs) and harvesters (collectors), which work together to track files and send event data to the output you specify. The harvester is responsible for reading the contents of a single file. The harvester reads each file line by line and sends the content to the output. Start a harvester for each file. The harvester is responsible for opening and closing files, which means that file descriptors remain open while the harvester is running. If a file is deleted or renamed while it is being collected, Filebeat will continue to read the file. A side effect of this is that the space on the disk is reserved until the harvester shuts down. By default, Filebeat keeps files open until close_inactive is reached

Kafka 简介

Kafka is a message queue, which is mainly used to process message queues in the state of large amounts of data , and is generally used for log processing. Since it is a message queue, it Kafkaalso has the corresponding characteristics of the message queue.

The benefits of kafka message queues

Application decoupling

buffer

Traffic clipping

Asynchronous processing

Introduction to zookeeper

It is a distributed service framework and a sub-project of Apache Hadoop. It is mainly used to solve some data management problems often encountered in distributed applications, such as: unified naming service, state synchronization service, cluster management, distributed Management of application configuration items, etc.

Equivalent to file system + notification mechanism

Build Filebeat+zookeeper+kafka+ELK

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-mZ6j6dkT-1646744485306) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 1.bmp)]$

CPU name	ip	system	components
node1	192.168.100.142	centos7	Elasticsearch,Elasticsearch-head, Kiabana
node2	192.168.100.140	centos7	Elasticsearch,Elasticsearch-head
apache	192.168.100.141	centos7	httpd, logstash,
filebeat1	192.168.100.145	centos7	zookeeper,kafka
filebeat2	192.168.100.134	centos7	zookeeper,kafka
filebeat3	192.168.100.144	centos7	zookeeper,kafka

This experiment was carried out in the last ELK experiment, so I will not demonstrate the deployment of ELK. If you need it, you can go to my last blog, which introduces ELK and deployment steps in detail.

Closer to home, let's start this experiment

1. Install zookeeper kafka (operate in fiebeat1 - 3)

(1) Unzip and install the zookeeper soft armor package

[root@bogon opt]# tar zxvf apache-zookeeper-3.5.7-bin.tar.gz 
[root@bogon opt]# mv apache-zookeeper-3.5.7-bin /usr/local/zookeeper-3.5.7     
[root@bogon opt]# cd /usr/local/zookeeper-3.5.7/
[root@bogon conf]# cp zoo_sample.cfg zoo.cfg
[root@bogon conf]# vim zoo.cfg

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-H834TMbN-1646744485308) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 2.bmp)]$

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-apt6FqPr-1646744485309) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 3.bmp)]$

[root@bogon conf]# cd ..
[root@bogon zookeeper-3.5.7]# mkdir data logs
[root@bogon zookeeper-3.5.7]# echo 1 > data/myid
## 给每个机器指定对应的节点号

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-F3ppSyS1-1646744485310) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 4.bmp)]$

(2) Start zookeeper

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-qWS4Bs2h-1646744485311) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 5.bmp)]$

View the three node zookeeper status

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-SuNV7Inf-1646744485312) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 6.bmp)]$

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-0rPrdXQe-1646744485313) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 7.bmp)]$

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-DJ2A3Up9-1646744485313) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 8.bmp)]$

(2). Install kafka (operate in fiebeat1 - 3)

[root@bogon bin]# cd /opt/
[root@bogon opt]# tar zxvf kafka_2.13-2.7.1.tgz 
[root@bogon opt]# mv kafka_2.13-2.7.1 /usr/local/kafka

(3) Modify the configuration file

[root@bogon opt]# cd /usr/local/kafka/
[root@bogon kafka]# cd config/
[root@bogon config]# vim server.properties

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-dbcHrWzq-1646744485314) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 9.bmp)]$

$[External link image transfer failed, the source site may have an anti-leech mechanism, it is recommended to save the image and upload it directly (img-PnuQyrCb-1646744485315) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 10.bmp)]$

(4) Add relevant commands to the system environment

[root@bogon kafka]# vim /etc/profile
[root@bogon kafka]# source /etc/profile

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-kaRWjcwb-1646744485315) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 11.bmp)]$

(5) Enable kafka

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-7FvpQyRp-1646744485316) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 12.bmp)]$

create topic

（192.168.100.145）

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-jSCpgJyn-1646744485317) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 13.bmp)]$

test topic

Release message (192.168.100.145)

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-i1cwdlmF-1646744485317) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 14.bmp)]$

$[External link image transfer failed, the source site may have anti-leech mechanism, it is recommended to save the image and upload it directly (img-4UW6S2ux-1646744485318) (C:\Users\zhuquanhao\Desktop\Screenshot command collection\linux\filebeat+ELK\ 15.bmp)]$

Consuming messages (192.168.100.145)

insert image description here

Filebeat+zookeeper+kafka+ELK

Article directory

The principle of filebeat

Kafka 简介

Introduction to zookeeper

Build Filebeat+zookeeper+kafka+ELK

Guess you like