ELK实时日志分析平台部署搭建详细实现过程

[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld 禁用SELINUX

[root@localhost ~]# setenforce 0

[root@localhost ~]# sed -i /SELINUX/s/enforcing/disabled/ /etc/selinux/config

java环境

[root@localhost src]# tar zxvf jdk-8u181-linux-x64.tar.gz

[root@localhost src]# mv jdk1.8.0_181/ /usr/local/

[root@localhost src]# vi /etc/profile //最下面添加

 export JAVA_HOME=/usr/local/jdk1.8.0_181

 export JRE_HOME=${JAVA_HOME}/jre

 export CLASSPATH=.:${JAVA_HOME}/lib/dt.JAVA_HOME/lib/tools.jar:${JRE_HOME}/lib

 export PATH=${JAVA_HOME}/bin:${PATH}

[root@localhost src]# source /etc/profile

[root@localhost src]# java -version

 java version 1.8.0_181 

 Java(TM) SE Runtime Environment (build 1.8.0_181-b13)

 Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

ElasticSearch 的安装与运行

[root@localhost src]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.tar.gz

[root@localhost src]# tar -xzf elasticsearch-6.2.2.tar.gz

[root@localhost src]# groupadd elasticsearch

[root@localhost src]# useradd elasticsearch -g elasticsearch

[root@localhost src]# chown -R elasticsearch:elasticsearch elasticsearch-6.2.2

[root@localhost src]# su elasticsearch

[elasticsearch@localhost src]$ cd elasticsearch-6.2.2

[elasticsearch@localhost elasticsearch-6.2.2]$ bin/elasticsearch

[root@localhost ~]# curl http://127.0.0.1:9200/

 name : 6FN8LUp ,

 cluster_name : elasticsearch ,

 cluster_uuid : ez7zsys-TZKZfS3-d1cOmA ,

 version : {

 number : 6.2.2 ,

 build_hash : 10b1edd ,

 build_date : 2018-02-16T19:01:30.685723Z ,

 build_snapshot : false,

 lucene_version : 7.2.1 ,

 minimum_wire_compatibility_version : 5.6.0 ,

 minimum_index_compatibility_version : 5.0.0 

 tagline : You Know, for Search 

FileBeats 与 LogStash 的安装

[root@localhost src]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.tar.gz

[root@localhost src]# tar zxvf logstash-6.3.2.tar.gz

[root@localhost src]# cd logstash-6.3.2

[root@localhost logstash-6.3.2]# vim first.conf

 # 配置输入为 beats

 input {

 beats {

 port = 5044 

 # 数据过滤

 filter {

 grok {

 match = { message = %{COMBINEDAPACHELOG} }

 geoip {

 source = clientip 

 # 输出到本机的 ES

 output {

 elasticsearch {

 hosts = [ localhost:9200 ]

[root@localhost logstash-6.3.2]# bin/logstash -f first.conf --config.reload.automatic

[root@localhost ~]# netstat -ntlp | grep 5044

 tcp6 0 0 :::5044 :::* LISTEN 12157/java

[root@localhost src]# tar -zxvf filebeat-6.3.2-linux-x86_64.tar.gz

[root@localhost src]# cd filebeat-6.3.2-linux-x86_64

[root@localhost filebeat-6.3.2-linux-x86_64]# vim filebeat.yml

 - type: log

 # Change to true to enable this prospector configuration.

 enabled: True

 # Paths that should be crawled and fetched. Glob based paths.

 # 读取 Nginx 的日志

 paths:

 - /usr/local/nginx/logs/*.log

 #----------------------------- Logstash output --------------------------------

 # 输出到本机的 LogStash

 output.logstash:

 # The Logstash hosts

 hosts: [ localhost:5044 ]

[root@localhost filebeat-6.3.2-linux-x86_64]# ./filebeat -e -c filebeat.yml -d publish 

[root@localhost src]# tar zxvf kibana-6.3.2-linux-x86_64.tar.gz

[root@localhost kibana-6.3.2-linux-x86_64]# bin/kibana

原创文章，作者：ItWorker，如若转载，请注明出处：https://blog.ytso.com/54106.html

apachejavalinuxnginx