-
ELK日志平台搭建(一)
ELK企业级日志分析系统
ELK是由Elasticsearch、Logstash、Kiban三个开源软件的组合。在实时数据检索和分析场合,三者通常是配合共用,而且又都先后归于 Elastic.co 公司名下,故有此简称。
ELK中日志处理步骤
- 应用服务
生产日志,通过Logger产生日志并输出。 - Logstash
收集日志,通过http接收应用服务产生的日志。 - Elasticsearch
为日志提供全文检索功能。 - kibana
为Elasticsearch提供图形化界面。
ELK详细说明
Elasticsearch:
是实时全文搜索和分析引擎,提供搜集、分析、存储数据三大功能;是一套开放REST和JAVA API等结构提供高效搜索功能,可扩展的分布式系统。它构建于Apache Lucene搜索引擎库之上。
Logstash:
是一个用来搜集、分析、过滤日志的工具。它支持几乎任何类型的日志,包括系统日志、错误日志和自定义应用程序日志。它可以从许多来源接收日志,这些来源包括 syslog、消息传递(例如 RabbitMQ)和JMX,它能够以多种方式输出数据,包括电子邮件、websockets和Elasticsearch。
Kibana:
是一个基于Web的图形界面,用于搜索、分析和可视化存储在 Elasticsearch指标中的日志数据。它利用Elasticsearch的REST接口来检索数据,不仅允许用户创建他们自己的数据的定制仪表板视图,还允许他们以特殊的方式查询和过滤数据
环境准备
主机 操作系统 IP地址 软件 node1 CentOS7 192.168.230.133 Elasticsearch/head/Kibana node2 CentOS7 192.168.230.131 zookeeper/kafka/Logstash- 1
- 2
- 3
实验准备
-
关防火墙和系统安全机制(三台)
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl disable firewalld Removed /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@localhost ~]# setenforce 0 [root@localhost ~]# hostnamectl set-hostname node1 [root@localhost ~]# bash [root@node1 ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-
配置elasticsearch环境
[root@node1 ~]# vi /etc/hosts [root@node1 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.230.131 node2 192.168.230.133 node1 [root@node1 ~]# java -version bash: java: 未找到命令- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
-
配置jdk18依赖包
官方下载地址:https://www.oracle.com/java/technologies/downloads/#jdk17-linux
[root@node1 ~]# cd /opt/ [root@node1 opt]# tar xzf jdk-18_linux-x64_bin.tar.gz -C /usr/local/ [root@node1 opt]# cd /usr/local/ [root@node1 local]# mv jdk-18/ java 配置jdk18环境(以下命令添加到最后) [root@node1 local]# vim /etc/profile JAVA_HOME=/usr/local/java PATH=$JAVA_HOME/bin:$PATH export JAVA_HOME PATH 刷新后查看版本 [root@node1 local]# source /etc/profile [root@node1 local]# java -version java version "18.0.2" 2022-07-19 Java(TM) SE Runtime Environment (build 18.0.2+9-61) Java HotSpot(TM) 64-Bit Server VM (build 18.0.2+9-61, mixed mode, sharing)- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
部署elasticsearch软件(node1)
官方下载地址:https://www.elastic.co/cn/downloads/past-releases#elasticsearch
(1)安装elasticsearch包
上传elasticsearch-8.3.0-linux-x86_64.tar.gz(按照自己所需去进行下载)到/opt目录下[root@node1 local]# cd /opt/ [root@node1 opt]# ls elasticsearch-8.3.0-linux-x86_64.tar.gz [root@node1 opt]# tar xzf elasticsearch-8.3.0-linux-x86_64.tar.gz -C /usr/local- 1
- 2
- 3
- 4
(2)更改elasticsearch主配置文件
修改配置文件内容(部分带井号键) [root@node1 opt]# vim /usr/local/elasticsearch-8.3.0/config/elasticsearch.yml [root@node1 opt]# grep -v "^#" /etc/elasticsearch/ cluster.name: elk node.name: elk01 #node.master: true #node.data: true path.data: /data/elasticsearch/data path.logs: /data/elasticsearch/logs #bootstrap.memory_lock: false #bootstrap.system_call_filter: false network.host: 0.0.0.0 http.port: 9200 http.cors.enabled: true http.cors.allow-origin: "*"- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
(3)创建用户并给权限(有些下载会自动创建elasticsearch用户,不管这个用户,自行再创建一个)
[root@node1 local]# useradd ll [root@node1 local]# echo "1" | passwd --stdin ll 更改用户 ll 的密码 。 passwd:所有的身份验证令牌已经成功更新。 给与权限 [root@node1 local]# chown -R ll:ll /usr/local/elasticsearch-8.3.0/ 创建日志存放目录及路径并给与权限 [root@node1 local]# mkdir -p /data/elasticsearch/data [root@node1 local]# mkdir -p /data/elasticsearch/logs/ [root@node1 local]# chown -R ll:ll /data/elasticsearch/logs/ [root@node1 local]# chown -R ll:ll /data/elasticsearch/data/- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
(4)设置JVM堆大小(-Xms1g修改为-Xms2g)
[root@node1 local]# vim /usr/local/elasticsearch-8.3.0/config/jvm.options -Xms2g -Xmx2g- 1
- 2
- 3
- 4
(5)系统优化(增加最大内存映射数)
[root@node1 local]# vim /etc/sysctl.conf vm.max_map_count=262144 vm.swappiness=0 [root@node1 local]# sysctl -p vm.max_map_count = 262144 vm.swappiness = 0- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
(6)使用普通用户开启elasticsearch
切换普通用户进行启动 [root@node1 bin]# su ll [ll@node1 bin]$ pwd /usr/local/elasticsearch-8.3.0/bin [ll@node1 bin]$ sh elasticsearch & [ll@node1 bin]$ sh ./elasticsearch warning: ignoring JAVA_HOME=/usr/local/java; using bundled JDK [2022-08-02T04:42:38,653][INFO ][o.e.n.Node ] [node1] version[8.3.0], pid[1420811], build[tar/5b8b981647acdf1ba1d88751646b49d1b461b4cc/2022-06-23T22:48:49.607492124Z], OS[Linux/4.18.0-193.el8.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/18.0.1.1/18.0.1.1+2-6] [2022-08-02T04:42:38,674][INFO ][o.e.n.Node ] [node1] JVM home [/usr/local/elasticsearch-8.3.0/jdk], using bundled JDK [true] [2022-08-02T04:42:38,675][INFO ][o.e.n.Node ] [node1] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -Xms2g, -Xmx2g, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-17587380676560187067, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=1073741824, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, -Des.distribution.type=tar, --module-path=/usr/local/elasticsearch-8.3.0/lib, -Djdk.module.main=org.elasticsearch.server] [2022-08-02T04:42:45,845][INFO ][c.a.c.i.j.JacksonVersion ] [node1] Package versions: jackson-annotations=2.13.2, jackson-core=2.13.2, jackson-databind=2.13.2.2, jackson-dataformat-xml=2.13.2, jackson-datatype-jsr310=2.13.2, azure-core=1.27.0, Troubleshooting version conflicts: https://aka.ms/azsdk/java/dependency/troubleshoot- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
报错信息:
java.lang.IllegalArgumentException: unknown setting [bootstrap.system_call_filter] please check that any required plugins are installed, or check the breaking changes documentation for removed settings- 1
访问一下
[root@node1 ~]# curl localhost:9200/ curl: (52) Empty reply from server- 1
- 2
权限问题,去修改elasticsearch.yml里面配置
[root@node1 ~]# vim /usr/local/elasticsearch-8.3.0/config/elasticsearch.yml xpack.security.enabled: false (ture改为false)- 1
- 2
- 3
重新运行下在查看
[root@node1 ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:9300 *:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 128 *:9200 *:*- 1
- 2
- 3
- 4
- 5
- 6
(7)访问一下
[root@node1 ~]# curl localhost:9200/ { "name" : "elk01", "cluster_name" : "elk", "cluster_uuid" : "bkZze1k7S52pkf1yq-bbHg", "version" : { "number" : "8.3.0", "build_type" : "tar", "build_hash" : "5b8b981647acdf1ba1d88751646b49d1b461b4cc", "build_date" : "2022-06-23T22:48:49.607492124Z", "build_snapshot" : false, "lucene_version" : "9.2.0", "minimum_wire_compatibility_version" : "7.17.0", "minimum_index_compatibility_version" : "7.0.0" }, "tagline" : "You Know, for Search" }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
网页访问:
(8)如果暂时不想开启的话可以强行kill掉
[root@node1 ~]# ps -ef | grep elastic ll 1057349 1 1 18:26 ? 00:02:49 /opt/elasticsearch-8.3.0/jdk/bin/java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=elasticsearch -Dcli.libs=lib/tools/server-cli -Des.path.home=/opt/elasticsearch-8.3.0 -Des.path.conf=/opt/elasticsearch-8.3.0/config -Des.distribution.type=tar -cp /opt/elasticsearch-8.3.0/lib/*:/opt/elasticsearch-8.3.0/lib/cli-launcher/* org.elasticsearch.launcher.CliToolLauncher ll 1057564 1057349 18 18:26 ? 00:35:38 /opt/elasticsearch-8.3.0/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -Djava.security.manager=allow -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j2.formatMsgNoLookups=true -Djava.locale.providers=SPI,COMPAT --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-17167938705352124055 -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Xms900m -Xmx900m -XX:MaxDirectMemorySize=471859200 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des.distribution.type=tar --module-path /opt/elasticsearch-8.3.0/lib -m org.elasticsearch.server/org.elasticsearch.bootstrap.Elasticsearch ... [root@node1 ~]# kill -9 1057349 1057737 1409787 1410067 [root@node1 ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 [::]:22 [::]:*- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
安装Head插件(node1)
Head插件是通过Nodejs实现的,所以先安装Nodejs
官方下载地址:https://nodejs.org/en/download/
- 安装Nodejs
Nodejs解压
[root@node1 ~]# cd /opt/ [root@node1 opt]# tar xf node-v16.16.0-linux-x64.tar.xz -C /usr/local/- 1
- 2
配置环境(加到最后)
[root@node1 opt]# vim /etc/profile NODE_HOME=/usr/local/node-v16.16.0-linux-x64 JAVA_HOME=/usr/local/java PATH=$NODE_HOME/bin:$JAVA_HOME/bin:$PATH export JAVA_HOME PATH- 1
- 2
- 3
- 4
- 5
- 6
注意:由于在elasticsearch环境进行配置的时候添加了node2主机,所以jdk环境配置不能进行删除
刷新后查看版本
[root@node1 opt]# source /etc/profile [root@node1 opt]# node --version v16.16.0 [root@node1 opt]# npm -v 8.11.0- 1
- 2
- 3
- 4
- 5
小知识:npm是随着nodejs一起安装的包(管理工具),能解决nodejs代码部署上的很多问题
- 安装git
需要git方式去下载head插件
[root@node1 opt]# cd /usr/local/ [root@node1 local]# yum -y install git [root@node1 local]# git --version git version 2.31.1- 1
- 2
- 3
- 4
-
下载及安装head插件
[root@node1 local]# git clone git://github.com/mobz/elasticsearch-head.git
正克隆到 ‘elasticsearch-head’…
fatal: 无法连接到 github.com:
github.com[0: 20.205.243.166]: errno=拒绝连接
我发现拉不下来,所以https进行拉的
[root@node1 local]# git clone https://github.com/mobz/elasticsearch-head.git 正克隆到 'elasticsearch-head'... remote: Enumerating objects: 4377, done. remote: Counting objects: 100% (40/40), done. remote: Compressing objects: 100% (27/27), done. remote: Total 4377 (delta 12), reused 34 (delta 12), pack-reused 4337 接收对象中: 100% (4377/4377), 2.54 MiB | 1.08 MiB/s, 完成. 处理 delta 中: 100% (2429/2429), 完成. [root@node1 local]# ls bin etc harbor java lib64 node-v16.16.0-linux-x64 share elasticsearch-head games include lib libexec sbin src [root@node1 local]# cd elasticsearch-head/- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
直接下载:
[root@node1 elasticsearch-head]# npm install- 1
如果报错就把网换成国内淘宝后进行下载
可以将npm源设置为国内淘宝的,确保能下载成功 [root@node1 elasticsearch-head]# npm install -g cnpm --registry=https://registry.npm.taobao.org npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead. added 356 packages in 51s 11 packages are looking for funding run `npm fund` for details [root@node1 elasticsearch-head]# npm install- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
报错一
reify:core-js: WARN deprecated core-js@2.6.12: core-js@<3.23.3 is no longer maintained and n npm ERR! code 1 执行以下命令 // 设置淘宝镜像 [root@node1 elasticsearch-head]# npm config set registry https://registry.npm.taobao.org //查看是否配置成功 [root@node1 elasticsearch-head]# npm config get registry https://registry.npm.taobao.org/ 查看npm版本 [root@node1 elasticsearch-head]# npm --version 8.15.1 版本号太高了,降到6.14.13的版本就解决了 [root@node1 elasticsearch-head]# npm install npm@6.14.13 -g removed 63 packages, and changed 97 packages in 18s 3 packages are looking for funding run `npm fund` for details [root@node1 elasticsearch-head]# npm --version 6.14.13 更新core-js [root@node1 elasticsearch-head]# npm i core-js- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
修改配置文件(如果是一台主机做的ELK就跳过这一步,不需要修改配置文件)
[root@node1 elasticsearch-head]# vim Gruntfile.js connect: { server: { options: { port: 9100, base: '.', keepalive: true, --逗号记得添加 hostname: '*' -- 添加这一句 }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
配置连接node1主机的ip和port(一台主机可自行跳过这一步)
[root@node1 elasticsearch-head]# vim _site/app.js 4383 base_uri: null 4384 }, 4385 init: function(parent) { 4386 this._super(); 4387 this.prefs = services.Preferences.instance(); 4388 this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.230.133:9200"; --这里修改为node1主机的ip加端口号 4389 if( this.base_uri.charAt( this.base_uri.length - 1 ) !== "/" ) { 4390 // XHR request fails if the URL is not ending with a "/" 4391 this.base_uri += "/"; 4392 }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
运行一下
[root@node1 elasticsearch-head]# npm run start > elasticsearch-head@0.0.0 start /usr/local/elasticsearch-head > grunt server >> Local Npm module "grunt-contrib-jasmine" not found. Is it installed? Running "connect:server" (connect) task Waiting forever... Started connect web server on http://localhost:9100- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
查看进程
[root@node1 ~]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 *:9300 *:* LISTEN 0 128 [::]:22 [::]:* LISTEN 0 128 *:9100 *:* LISTEN 0 128 *:9200 *:*- 1
- 2
- 3
- 4
- 5
- 6
- 7
网页显示:
- 应用服务
-
相关阅读:
ES客户端(RestHighLevelClient、SpringDataElasticsearch 框架)使用指南
剑指 Offer II 034. 外星语言是否排序
Go/Golang语言学习实践[回顾]教程03--Go语言的编译与运行的命令行
linux 编译安装 opencv 和指定 opencv_contrib 库
通讯录多版本代码归纳
HTML核心(5)- a元素
Spring注解
解决 IDEA 使用 AWT 组件中文乱码
学习Java的第二十一天。。。(接口)
《Python 3网络爬虫开发实战 》崔庆才著 第五章笔记
- 原文地址:https://blog.csdn.net/qq_29188123/article/details/126162278
