{"id":666,"date":"2024-12-24T15:21:01","date_gmt":"2024-12-24T07:21:01","guid":{"rendered":"http:\/\/192.168.5.24\/?p=666"},"modified":"2024-12-27T11:43:09","modified_gmt":"2024-12-27T03:43:09","slug":"elk%e7%9a%84%e6%90%ad%e5%bb%ba","status":"publish","type":"post","link":"https:\/\/bigvip.dpdns.org\/?p=666","title":{"rendered":"ELK\u7684\u642d\u5efa"},"content":{"rendered":"\n

ELK\u662f\u4e00\u5957\u5f00\u6e90\u7684\u65e5\u5fd7\u5206\u6790\u7cfb\u7edf\uff0c\u7531elasticsearch+logstash+Kibana\u7ec4\u6210\u3002
\u5148\u4e00\u53e5\u8bdd\u7b80\u5355\u4e86\u89e3E,L,K\u8fd9\u4e09\u4e2a\u8f6f\u4ef6elasticsearch: \u5206\u5e03\u5f0f\u641c\u7d22\u5f15\u64ce,\u4e5f\u662f\u6570\u636e\u5e93\uff1blogstash: \u65e5\u5fd7\u6536\u96c6\u4e0e\u8fc7\u6ee4\uff0c\u8f93\u51fa\u7ed9elasticsearch \uff1bKibana: \u56fe\u5f62\u5316\u5c55\u793a<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u4e00\u3001\u524d\u671f\u51c6\u5907\u5de5\u4f5c<\/h2>\n\n\n\n

1\u3001\u56db\u53f0\u673a\u5668(\u5185\u5b58\u5927\u4e8e1G\uff0c\u5efa\u8bae\u5927\u4e8e2G\uff09<\/strong><\/p>\n\n\n\n

2\u3001\u5173\u95ed\u9632\u706b\u5899\u548cselinux<\/p>\n\n\n\n

3\u3001\u65f6\u95f4\u540c\u6b65<\/p>\n\n\n\n

\u4e8c\u3001elasticsearch\u90e8\u7f72<\/h2>\n\n\n\n

1\u3001\u5b89\u88c5jdk(\u4e0d\u8981\u4f7f\u7528\u7cfb\u7edf\u81ea\u5e26openjdk)<\/strong><\/p>\n\n\n\n

yum -y install jdk1.8 <\/code><\/pre>\n\n\n\n
2\u3001es\u7684\u5b89\u88c5<\/strong><\/p>\n\n\n\n
yum -y install elasticsearch<\/code><\/pre>\n\n\n\n
3\u3001\u5355\u673aes\u7684\u914d\u7f6e\u4e0e\u670d\u52a1\u542f\u52a8<\/strong><\/p>\n\n\n\n
[root@node1~]# grep -Ev \"^#\" \/etc\/elasticsearch\/elasticsearch.yml\ncluster.name: class1\nnode.name: node-1\npath.data: \/var\/lib\/elasticsearch\npath.logs: \/var\/log\/elasticsearch\nnetwork.host: 0.0.0.0\nhttp.port: 9200<\/code><\/pre>\n\n\n\n
4\u3001\u67e5\u770b\u72b6\u6001<\/strong><\/p>\n\n\n\n
[root@node1~]# systemctl start elasticsearch\n[root@node1~]# netstat -anlpt | grep 9200\ntcp6       0      0 :::9200                 :::*                    LISTEN      3143\/java<\/code><\/pre>\n\n\n\n
5\u3001elasticsearch\u96c6\u7fa4\u90e8\u7f72<\/strong><\/p>\n\n\n\n
\uff081\uff09\u5728\u4e24\u4e2a\u8282\u70b9\u4e0a\u5b89\u88c5ES,\u5e76\u90fd\u8bbe\u7f6ehosts\u4e3a\uff1a\n\n[root@node2~]# cat \/etc\/hosts\n192.168.168.144 node2\n192.168.168.143 node1\n\uff082\uff09\u4fee\u6539\u6bcf\u4e2a\u8282\u70b9\u7684ES\u914d\u7f6e\u6587\u4ef6\u5982\u4e0b\uff1a\n[root@node1~]# grep -Ev \"^#\" \/etc\/elasticsearch\/elasticsearch.yml\ncluster.name: class1<\/strong>\nnode.name: node-1<\/strong>\npath.data: \/var\/lib\/elasticsearch\npath.logs: \/var\/log\/elasticsearch\nnetwork.host: 0.0.0.0\nhttp.port: 9200\ndiscovery.zen.ping.unicast.hosts: [\"node1\", \"node2\"]\n\n[root@node2~]# grep -Ev \"^#\" \/etc\/elasticsearch\/elasticsearch.yml\ncluster.name: class1<\/strong>\nnode.name: node-2<\/strong>\npath.data: \/var\/lib\/elasticsearch\npath.logs: \/var\/log\/elasticsearch\nnetwork.host: 0.0.0.0\nhttp.port: 9200\ndiscovery.zen.ping.unicast.hosts: [\"node1\", \"node2\"]<\/code><\/pre>\n\n\n\n
6\u3001elasticsearch\u57fa\u7840\u6982\u5ff5<\/strong><\/p>\n\n\n\n
\u4e3b\u8981\u7684\u57fa\u7840\u6982\u5ff5\u6709:Node, Index,Type,Document,Field,shard\u548creplicas.
Node(\u8282\u70b9)<\/strong>\uff1a\u8fd0\u884c\u5355\u4e2aES\u5b9e\u4f8b\u7684\u670d\u52a1\u5668
Cluster(\u96c6\u7fa4)<\/strong>\uff1a\u4e00\u4e2a\u6216\u591a\u4e2a\u8282\u70b9\u6784\u6210\u96c6\u7fa4
Index(\u7d22\u5f15)<\/strong>\uff1a\u7d22\u5f15\u662f\u591a\u4e2a\u6587\u6863\u7684\u96c6\u5408
Type(\u7c7b\u578b)<\/strong>\uff1a\u4e00\u4e2aIndex\u53ef\u4ee5\u5b9a\u4e49\u4e00\u79cd\u6216\u591a\u79cd\u7c7b\u578b\uff0c\u5c06Document\u903b\u8f91\u5206\u7ec4
Document(\u6587\u6863)<\/strong>\uff1aIndex\u91cc\u6bcf\u6761\u8bb0\u5f55\u79f0\u4e3aDocument\uff0c\u82e5\u5e72\u6587\u6863\u6784\u5efa\u4e00\u4e2aIndex
Field(\u5b57\u6bb5)<\/strong>\uff1aES\u5b58\u50a8\u7684\u6700\u5c0f\u5355\u5143
Shards(\u5206\u7247)<\/strong>\uff1aES\u5c06Index\u5206\u4e3a\u82e5\u5e72\u4efd\uff0c\u6bcf\u4e00\u4efd\u5c31\u662f\u4e00\u4e2a\u5206\u7247
Replicas(\u526f\u672c)<\/strong>\uff1aIndex\u7684\u4e00\u4efd\u6216\u591a\u4efd\u526f\u672c<\/p>\n\n\n\n

\u4e3a\u4e86\u4fbf\u4e8e\u7406\u89e3,\u6211\u4eec\u548cmysql\u8fd9\u79cd\u5173\u7cfb\u578b\u6570\u636e\u5e93\u505a\u4e00\u4e2a\u5bf9\u6bd4:<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
ES\u662f\u5206\u5e03\u5f0f\u641c\u7d22\u5f15\u64ce\uff0c\u6bcf\u4e2a\u7d22\u5f15\u6709\u4e00\u4e2a\u6216\u591a\u4e2a\u5206\u7247(shard)\uff0c\u7d22\u5f15\u7684\u6570\u636e\u88ab\u5206\u914d\u5230\u5404\u4e2a\u5206\u7247\u4e0a\u3002\u4f60\u53ef\u4ee5\u770b\u4f5c\u662f\u4e00\u4efd\u6570\u636e\u5206\u6210\u4e86\u591a\u4efd\u7ed9\u4e0d\u540c\u7684\u8282\u70b9\u3002
\u5f53ES\u96c6\u7fa4\u589e\u52a0\u6216\u5220\u9664\u8282\u70b9\u65f6,shard\u4f1a\u5728\u591a\u4e2a\u8282\u70b9\u4e2d\u5747\u8861\u5206\u914d\u3002\u9ed8\u8ba4\u662f5\u4e2aprimary shard(\u4e3b\u5206\u7247)\u548c1\u4e2areplica shard(\u526f\u672c,\u7528\u4e8e\u5bb9\u9519)\u3002<\/p>\n\n\n\n
7\u3001elaticsearch\u57fa\u7840API\u64cd\u4f5c<\/strong><\/p>\n\n\n\n
\u67e5\u770bES\u96c6\u7fa4\u72b6\u6001<\/strong>\uff1ahttp:\/\/127.0.0.1:9200\/_cluster\/health?pretty<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u67e5\u770b\u8282\u70b9\u4fe1\u606f<\/strong>\uff1ahttp:\/\/127.0.0.1:9200\/_cat\/nodes?v<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
green\uff1a\u6240\u6709\u7684\u4e3b\u5206\u7247\u548c\u526f\u672c\u5206\u7247\u90fd\u5df2\u5206\u914d\u3002\u4f60\u7684\u96c6\u7fa4\u662f100%\u53ef\u7528\u7684\u3002\nyellow\uff1a\u6240\u6709\u7684\u4e3b\u5206\u7247\u5df2\u7ecf\u5206\u7247\u4e86\uff0c\u4f46\u81f3\u5c11\u8fd8\u6709\u4e00\u4e2a\u526f\u672c\u662f\u7f3a\u5931\u7684\u3002\u4e0d\u4f1a\u6709\u6570\u636e\u4e22\u5931\uff0c\u6240\u4ee5\u641c\u7d22\u7ed3\u679c\u4f9d\n\u7136\u662f\u5b8c\u6574\u7684\u3002\u4e0d\u8fc7\uff0c\u4f60\u7684\u9ad8\u53ef\u7528\u6027\u5728\u67d0\u79cd\u7a0b\u5ea6\u4e0a\u88ab\u5f31\u5316\u3002\u5982\u679c \u66f4\u591a\u7684 \u5206\u7247\u6d88\u5931\uff0c\u4f60\u5c31\u4f1a\u4e22\u6570\u636e\u4e86\u3002\u628a \nyellow \u60f3\u8c61\u6210\u4e00\u4e2a\u9700\u8981\u53ca\u65f6\u8c03\u67e5\u7684\u8b66\u544a\u3002\nred\uff1a\u81f3\u5c11\u4e00\u4e2a\u4e3b\u5206\u7247\uff08\u4ee5\u53ca\u5b83\u7684\u5168\u90e8\u526f\u672c\uff09\u90fd\u5728\u7f3a\u5931\u4e2d\u3002\u8fd9\u610f\u5473\u7740\u4f60\u5728\u7f3a\u5c11\u6570\u636e\uff1a\u641c\u7d22\u53ea\u80fd\u8fd4\u56de\u90e8\u5206\u6570\n\u636e\uff0c\u800c\u5206\u914d\u5230\u8fd9\u4e2a\u5206\u7247\u4e0a\u7684\u5199\u5165\u8bf7\u6c42\u4f1a\u8fd4\u56de\u4e00\u4e2a\u5f02\u5e38\u3002<\/code><\/pre>\n\n\n\n
\u65b0\u589e\u7d22\u5f15<\/strong>\uff1acurl -X PUT http:\/\/127.0.0.1:9200\/nginx_access_log<\/p>\n\n\n\n
\u67e5\u770b\u7d22\u5f15\u4fe1\u606f<\/strong>\uff1ahttp:\/\/127.0.0.1:9200\/_cat\/indices?v<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u5220\u9664\u7d22\u5f15<\/strong>\uff1acurl -X DELETE http:\/\/127.0.0.1:9200\/nginx_access_log<\/p>\n\n\n\n
\u4e09\u3001logstash\u90e8\u7f72<\/h2>\n\n\n\n
1\u3001\u7b80\u4ecb<\/strong><\/p>\n\n\n\n
2\u3001logstash\u90e8\u7f72<\/strong><\/p>\n\n\n\n
\uff081\uff09\u5b89\u88c5jdk<\/strong>\n yum -y install jdk1.8 \n\uff082\uff09\u5b89\u88c5logstash<\/strong>\n yum -y install logstash\n\uff083\uff09\u4fee\u6539\u4e3b\u914d\u7f6e\u6587\u4ef6<\/strong>\n[root@localhost ~]# grep -v \"^#\" \/etc\/logstash\/logstash.yml\npath.data: \/var\/lib\/logstash\npath.config: \/etc\/logstash\/conf.d\/\npath.logs: \/var\/log\/logstash\n\uff084\uff09\u6dfb\u52a0\u5b50\u914d\u7f6e\u6587\u4ef6<\/strong>\n[root@localhost ~]# cat \/etc\/logstash\/conf.d\/test.conf\ninput {\n  file {\n    path => \"\/var\/log\/yum.log\"\n    start_position => \"beginning\"\n    type => \"yum\"\n}\n  file {\n    path => \"\/var\/log\/messages\"\n    start_position => \"beginning\"\n    type => \"messages\"\n}\n  beats {\n    port => 5044\n    type => \"beats\"\n}\n}\noutput {\n  if [type] == \"messages\" {\n    elasticsearch {\n      hosts => [\"192.168.168.143:9200\",\"192.168.168.144:9200\"]\n      index => \"messages-%{+YYYY.MM.dd}\"\n}\n}\n  if [type] == \"yum\" {\n    elasticsearch {\n      hosts => [\"192.168.168.143:9200\",\"192.168.168.144:9200\"]\n      index => \"yum-%{+YYYY.MM.dd}\"\n}\n}\n  if [type] == \"beats\" {\n    elasticsearch {\n      hosts => [\"192.168.168.143:9200\",\"192.168.168.144:9200\"]\n      index => \"beats-%{+YYYY.MM.dd}\"\n}\n}\n}<\/code><\/pre>\n\n\n\n
3\u3001\u65e5\u5fd7\u91c7\u96c6<\/strong><\/p>\n\n\n\n
[root@logstash ~]# logstash --path.settings \/etc\/logstash\/ -f \/etc\/logstash\/conf.d\/test.conf<\/code><\/pre>\n\n\n\n
<\/span>\"\"
\n
<\/p>\n<\/div><\/div>\n\n\n\n
4\u3001\u6d4f\u89c8\u91c7\u96c6\u7684\u65e5\u5fd7<\/strong><\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u56db\u3001Kibana\u5b89\u88c5\u914d\u7f6e<\/h2>\n\n\n\n
\uff081\uff09\u5b89\u88c5\u914d\u7f6e\n[root@kibana ]#yum -y  install kibana\n[root@kibana ]# grep -Ev \"^(#|$)\" \/etc\/kibana\/kibana.yml\nserver.port: 5601\nserver.host: \"0.0.0.0\"\nelasticsearch.url: \"http:\/\/192.168.168.144:9200\"\n-----------------------------------------\n[root@kibana ]#systemctl start kibana\n\uff082\uff09\u6c49\u5316\nunzip kibana-hanghua-master.zip\ncd Kibana_Hanization-master\/old\npython main.py \/usr\/share\/kibana\/\nsystemctl restart kibana<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u4e94\u3001filebeat\u7684\u5b89\u88c5\u914d\u7f6e<\/h2>\n\n\n\n
yum -y install filebeat\n\n\u914d\u7f6efilebeat\u91c7\u96c6\u65e5\u5fd7\u540e\u63d0\u4ea4\u7ed9logstash\n[root@filebeat]# grep -Ev \"^[[:space:]]*(#|$)\" \/etc\/filebeat\/filebeat.yml\nfilebeat.inputs:\n- type: log\n  enabled: true\n  paths:\n    - \/var\/log\/secure\nfilebeat.config.modules:\n  path: ${path.config}\/modules.d\/*.yml\n  reload.enabled: false\nsetup.template.settings:\n  index.number_of_shards: 3\nsetup.kibana:\noutput.logstash:\n  hosts: [\"192.168.168.147:5044\"]\nprocessors:\n  - add_host_metadata: ~\n  - add_cloud_metadata: ~\n--------------------------------------------------------------------------\nsystemctl start filebeat\n<\/code><\/pre>\n\n\n\n
\u6ce8\u610f\u4e8b\u9879<\/h2>\n\n\n\n
1\u3001logstash\u542f\u52a8\u62a5\u9519\u5f80\u5f80\u662f\u914d\u7f6e\u6587\u4ef6\u7684\u683c\u5f0f\u4e0d\u6b63\u786e\uff0c\u9700\u8981\u7279\u522b\u6ce8\u610fyml\u683c\u5f0f\u7684\u914d\u7f6e\u6587\u4ef6\u4e66\u5199\u683c\u5f0f\u3002<\/p>\n\n\n\n
2\u3001filebeat\u4e0d\u91c7\u96c6\u6570\u636e\uff0c\u6ca1\u6709\u91c7\u96c6\u52a8\u4f5c\uff0c\u4e5f\u6ca1\u6709\u7f51\u7edc\u8fde\u63a5\u6709\u53ef\u80fd\u662f\u91c7\u96c6\u7684\u65e5\u5fd7\u6587\u4ef6\u6ca1\u6709\u5185\u5bb9\u9700\u8981\u91c7\u96c6\u3002<\/p>\n\n\n\n
3\u3001YMAL\u683c\u5f0f\u8bf4\u660e <\/p>\n\n\n\n
\u4ee5.yaml\u6216.yml\u7ed3\u5c3e \n\uff081\uff09\u6587\u4ef6\u7684\u7b2c\u4e00\u884c\u4ee5 \"---\"\u5f00\u59cb\uff0c\u8868\u660eYMAL\u6587\u4ef6\u7684\u5f00\u59cb(\u53ef\u9009\u7684) \n\uff082\uff09\u4ee5#\u53f7\u5f00\u5934\u4e3a\u6ce8\u91ca \n\uff083\uff09\u5217\u8868\u4e2d\u7684\u6240\u6709\u6210\u5458\u90fd\u5f00\u59cb\u4e8e\u76f8\u540c\u7684\u7f29\u8fdb\u7ea7\u522b, \u5e76\u4e14\u4f7f\u7528\u4e00\u4e2a \"- \" \u4f5c\u4e3a\u5f00\u5934(\u4e00\u4e2a\u6a2a\u6760\u548c\u4e00\u4e2a\u7a7a\u683c) \n\uff084\uff09\u4e00\u4e2a\u5b57\u5178\u662f\u7531\u4e00\u4e2a\u7b80\u5355\u7684 \"\u952e\uff1a\u503c\" \u7684\u5f62\u5f0f\u7ec4\u6210(\u8fd9\u4e2a\u5192\u53f7\u540e\u9762\u5fc5\u987b\u662f\u4e00\u4e2a\u7a7a\u683c) \n\uff085\uff09\u6ce8\u610f: \u5199\u8fd9\u79cd\u6587\u4ef6\u4e0d\u8981\u4f7f\u7528tab\u952e\uff0c\u5fc5\u987b\u4f7f\u7528\u7a7a\u683c<\/code><\/pre>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
ELK\u662f\u4e00\u5957\u5f00\u6e90\u7684\u65e5\u5fd7\u5206\u6790\u7cfb\u7edf\uff0c\u7531elasticsearch+logstash+Kibana\u7ec4\u6210\u3002 \u5148\u4e00\u53e5\u8bdd\u7b80 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"aside","meta":{"footnotes":""},"categories":[20,36],"tags":[96,95,98,97],"class_list":["post-666","post","type-post","status-publish","format-aside","hentry","category-linux","category-36","tag-elasticsearch","tag-elk","tag-kibana","tag-logstash","post_format-post-format-aside"],"_links":{"self":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=666"}],"version-history":[{"count":20,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/666\/revisions"}],"predecessor-version":[{"id":711,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/666\/revisions\/711"}],"wp:attachment":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}