1.创建三台内存大于等于3g的虚拟机
tail -3 /etc/hosts
192.168.163.143 elk-node01
192.168.163.147 elk-node02
192.168.163.146 elk-node03
2.部署 jdk
rpm -ivh jdk-8u144-linux-x64.rpm
java -version
java version “1.8.0_144”
Java™ SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot™ 64-Bit Server VM (build 25.144-b01, mixed mode)
3.部署ElasticSearch集群环境
cat /etc/yum.repos.d/elk.repo
[elk]
name=elk 7.x
baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/
gpgcheck=0
4配置Elasticsearch集群
cp /etc/elasticsearch/elasticsearch.yml{,.bak}
grep ‘1’ /etc/elasticsearch/elasticsearch.yml
cluster.name: my-elk
node.name: elk-node01
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.163.143
http.port: 9200
discovery.seed_hosts: [“elk-node01”, “elk-node02”, “elk-node03”] cluster.initial_master_nodes: [“elk-node01”]
node.master: true
node.data: false
node.ingest: false
node.ml: false
cluster.remote.connect: false
5.下载head插件
cd /var/lib/elasticsearch/
wget https://github.com/mobz/elasticsearch-head/archive/master.zip
#解压
yum install unzip
unzip master.zip
(3)安装依赖包
yum install openssl bzip2 unzip -y
下载运行head必要的文件(放置在文件夹/tmp下)
cd /tmp
wget https://npm.taobao.org/mirrors/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2
6.修改配置文件
vim Gruntfile.js
#找到并修改
options: {
port: 9100,
base: ‘.’,
keepalive: true,
hostname: ‘*’
}
this.base_uri = this.config.base_uri || this.prefs.get(“app-base_uri”) || “http:192.168.163.143:9200”;
http.cors.enabled: true
http.cors.allow-origin: “*”
访问 IP:9100 看到集群的信息
1.fire beat配置
cat /etc/filebeat/nginx.yml
filebeat.inputs:
- type: log
enabled: true
json.keys_under_root: true
json.overwrite_keys: true
paths:
- /var/log/nginx/access.log
fields:
log_topics: nginx
output.logstash:
hosts: [“127.0.0.1:10001”]
2.logstash配置
cat nginx.conf
input {
beats {
port=>10001
}
}
output {
if [fields][log_topics]==“nginx”{
elasticsearch {
hosts=>[“192.168.163.143:9200”]
index=>“nginx-%{+YYYY.MM.dd}”
}
}
}
a-Z ↩︎