如何在Ubuntu 15.04上配置Elasticsearch,Logstash和Kibana
时间:2020-03-05 15:26:17 来源:igfitidea点击:
本教程全部关于一个开源工具,该工具将对日志进行索引和搜索,以提取有价值的信息以供我们查看。
我们将指导我们完成ELK安装的设置,并通过简单的步骤进行配置,这将有助于我们设置自己的ELK堆栈,以使用Elastic search 1.5.2,Logstash 1.5.0和一台集中式日志服务器上的Kibana 4.0.2.
这样可以快速确定服务器上或者运行多个应用程序时出现的问题,以便在一个集中位置进行查看。
系统资源
设置集中式日志服务器的基本系统资源取决于环境和我们需要在其上管理的日志级别。
| Elasticsearch, Logstash and Kibana | |
|---|---|
| 基础操作系统 | Ubuntu 15.04(GNU/Linux 3.19.0-15通用x86_64) |
| Java版本 | OpenJDK“1.7.0_79” |
| Elasticsearch | Elasticsearch-1.5.2.deb |
| logstash | logstash_1.5.0-1_ALL.DEB |
| kibana | Kibana-4.0.2-Linux-x64.tar.gz |
| 内存和CPU | 2 GB,1.0 GHz |
| 硬盘 | 30 GB |
基本设定
在开始安装之前,请确保以root用户执行所有步骤并更新系统。
除了Java和ELK堆栈,我们不需要任何其他软件包。
kashif@ubuntu-15:~$sudo -i [sudo] password for kashif: root@ubuntu-15:~#
步骤2:系统更新
root@ubuntu-15:~# apt-get update
步骤3:Java安装
root@ubuntu-15:~# apt-get install default-jre-headless
启动ELK设置
让我们开始安装Elastic search和Logstash。
我们需要首先从其官方http://elastic.co添加其存储库,以下载并安装as的公共签名密钥。
步骤1:创建一个新文件夹并获取存储库
root@ubuntu-15:~# mkdir /backup root@ubuntu-15:~# cd /backup/ root@ubuntu-15:/backup# wget -O - http://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add
步骤2:将存储库添加到sources.list文件的末尾
root@ubuntu-15:/backup# vi /etc/apt/sources.list deb http://packages.elasticsearch.org/elasticsearch/1.5/debian stable main deb http://packages.elasticsearch.org/logstash/1.5/debian stable main
步骤3:添加新存储库后运行更新
root@ubuntu-15:/backup# apt-get update
安装Elasticsearch
现在,我们准备开始安装Elasticsearch并将其配置为实时数据和实时分析。
步骤1:运行apt-get命令以安装软件包
root@ubuntu-15:/backup# apt-get install elasticsearch=1.5.2
步骤2:默认情况下启动服务并启用启动时启动
root@ubuntu-15:/backup# service elasticsearch start
root@ubuntu-15:/backup#update-rc.d elasticsearch defaults 95 10
启动和停止单个Elasticsearch实例的常见错误
解决方案
如果由于显示Java_Home而遇到Elsaticsearch服务失败的状态,请按照简单的步骤来解决。
步骤1:在主目录中打开.bashrc文件
root@ubuntu-15:/backup# cd root@ubuntu-15:~# ls -a . .. .aptitude .bashrc .profile .viminfo
步骤2:编辑.bashrc并在文件末尾添加以下行
root@ubuntu-15:~# vi .bashrc JAVA_HOME=/usr/lib/jvm/java export JAVA_HOME PATH=$PATH:$JAVA_HOME/bin
root@ubuntu-15:~# source ~/.bashrc
步骤3:现在取消注释默认的Elasticsearch文件中的路径为
root@ubuntu-15:~# vi /etc/default/elasticsearch # Run Elasticsearch as this user ID and group ID ES_USER=elasticsearch ES_GROUP=elasticsearch # Heap Size (defaults to 256m min, 1g max) #ES_HEAP_SIZE=2g # Heap new generation #ES_HEAP_NEWSIZE= # max direct memory #ES_DIRECT_SIZE= # Maximum number of open files, defaults to 65535. MAX_OPEN_FILES=65535 # Maximum locked memory size. Set to "unlimited" if you use the # bootstrap.mlockall option in elasticsearch.yml. You must also set # ES_HEAP_SIZE. MAX_LOCKED_MEMORY=unlimited # Maximum number of VMA (Virtual Memory Areas) a process can own MAX_MAP_COUNT=262144 # Elasticsearch log directory LOG_DIR=/var/log/elasticsearch # Elasticsearch data directory DATA_DIR=/var/lib/elasticsearch # Elasticsearch work directory WORK_DIR=/tmp/elasticsearch # Elasticsearch configuration directory CONF_DIR=/etc/elasticsearch # Elasticsearch configuration file (elasticsearch.yml) CONF_FILE=/etc/elasticsearch/elasticsearch.yml # Additional Java OPTS #ES_JAVA_OPTS= # Configure restart on package upgrade (true, every other setting will lead to not restarting) RESTART_ON_UPGRADE=true
步骤4:现在重新启动Elasticsearch服务,然后检查其状态
Elasticsearch配置
如果要允许或者限制访问Elasticsearch实例,让我们配置Elasticsearch.yml。
步骤1:允许访问不同IP上的客户端
root@ubuntu-15:~# vi /etc/elasticsearch/elasticsearch.yml http.cors.enabled: true http.cors.allow-origin: "*"
步骤2:运行以下命令以获取Elasticsearch测试结果
root@ubuntu-15:~# curl http://localhost:9200
root@ubuntu-15:~# curl 'http://localhost:9200/_search?pretty'
{
"took" : 1,
"timed_out" : false,
"_shards" : {
"total" : 0,
"successful" : 0,
"failed" : 0
},
"hits" : {
"total" : 0,
"max_score" : 0.0,
"hits" : [ ]
}
}
root@ubuntu-15:~#
Elasticsearch插件安装
插件的安装很简单。
插件为Elasticsearch提供了一个管理图形用户界面,可帮助调试和管理集群和节点。
步骤1:安装插件
root@ubuntu-15:~#/usr/share/elasticsearch/bin/plugin -install lukas-vlcek/bigdesk/2.4.0
步骤2:在网络上打开仪表板
可以通过以下URL访问已安装的插件:
http://172.25.10.179:9200/_plugin/bigdesk/
安装Logstash
现在,我们将开始安装Logstash,它将用于集中处理来自其他来源的日志和其他事件的数据处理。
步骤1:从源代码获取Logstash安装软件包
root@ubuntu-15:/backup# cd /var/cache/apt/archives/ root@ubuntu-15:/var/cache/apt/archives# wget http://download.elastic.co/logstash/logstash/packages/debian/logstash_1.5.0-1_all.deb
步骤2:使用dpkg命令安装Logstash
root@ubuntu-15:/var/cache/apt/archives# dpkg -i logstash_1.5.0-1_all.deb
步骤3:启动Logstash服务,并在默认情况下将其启用以在启动时启动
配置Logstash
Logstash过滤器的默认行为仅适用于单线程,因此,为了增加这些限制,我们将编辑logstash的默认conf文件并按定义设置其参数。
root@ubuntu-15:~# vi /etc/default/logstash # Arguments to pass to logstash agent LS_OPTS="-w 2" # Arguments to pass to java LS_HEAP_SIZE="1024m"
Logstash配置文件中所做的更改将在重新启动其服务后生效。
root@ubuntu-15:~# systemctl restart logstash.service
Kibana安装设置
让我们开始安装Kibana,我们还需要安装Web服务器来托管Kibana。
因此,我们将根据我们的安装设置来安装Nginx Web服务器。
Nginx安装
让我们开始安装Nginx Web服务器以访问数据并托管Kibana。
root@ubuntu-15:~# apt-get install nginx
root@ubuntu-15:/backup# vi /etc/nginx/sites-available/default
# Default server configuration
#server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
## listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
## Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
## include snippets/snakeoil.conf;
root /srv/www;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _ localhost;
location/{
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/=404;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
root@ubuntu-15:/backup# service nginx reload root@ubuntu-15:/backup# service nginx status
第1步:从源代码获取Kibana软件包
root@ubuntu-15:/backup# wget https://download.elastic.co/kibana/kibana/kibana-4.0.2-linux-x64.tar.gz
将Kibana提取到/opt目录中
root@ubuntu-15:/backup# tar xf kibana-4.0.2-linux-x64.tar.gz -C /opt
root@ubuntu-15:/backup#cd /opt/kibana-4.0.2-linux-x64 root@ubuntu-15:/opt/kibana-4.0.2-linux-x64# ls bin config LICENSE.txt node plugins README.txt src
root@ubuntu-15:/opt/kibana-4.0.2-linux-x64# ln -s kibana-4.0.2-linux-x64 kibana
Kibana配置
root@ubuntu-15:/opt/kibana-4.0.2-linux-x64#vi./kibana/config/kibana.yml # Kibana is served by a back end server. This controls which port to use. port: 5601 # The host to bind the server to. host: "0.0.0.0" # The Elasticsearch instance to use for all your queries. elasticsearch_url: "http://localhost:9200" # preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false, # then the host you use to connect to *this* Kibana instance will be sent. elasticsearch_preserve_host: true # Kibana uses an index in Elasticsearch to store saved searches, visualizations # and dashboards. It will create a new index if it doesn't already exist. kibana_index: ".kibana" # If your Elasticsearch is protected with basic auth, this is the user credentials # used by the Kibana server to perform maintence on the kibana_index at statup. Your Kibana # users will still need to authenticate with Elasticsearch (which is proxied thorugh # the Kibana server) # kibana_elasticsearch_username: user # kibana_elasticsearch_password: pass # If your Elasticsearch requires client certificate and key # kibana_elasticsearch_client_crt: /path/to/your/client.crt # kibana_elasticsearch_client_key: /path/to/your/client.key # If you need to provide a CA certificate for your Elasticsarech instance, put # the path of the pem file here. # ca: /path/to/your/CA.pem # The default application to load. default_app_id: "discover" # Time in milliseconds to wait for responses from the back end or elasticsearch. # This must be > 0 request_timeout: 300000 # Time in milliseconds for Elasticsearch to wait for responses from shards. # Set to 0 to disable. shard_timeout: 0
开始手动Kibana服务
root@ubuntu-15:/opt# ./kibana/bin/kibana
{"@timestamp":"2014-06-05T06:41:43.998Z","level":"info","message":"Found kibana index","node_env":"production"}
{"@timestamp":"2014-06-05T06:41:44.014Z","level":"info","message":"Listening on 0.0.0.0:5601","node_env":"production"}
{"@timestamp":"2014-06-05T06:41:58.801Z","level":"info","message":"GET/304 - 7ms","node_env":"production","request":{"method":"GET","url":"/","headers":{"host":"172.25.10.179:5601","connection":"keep-alive","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36","accept-encoding":"gzip, deflate, sdch","accept-language":"en-US,en;q=0.8","if-none-match":"W/\"717-1535301999\"","if-modified-since":"Fri, 05 Jun 2014 06:05:05 GMT"},"remoteAddress":"172.19.30.67","remotePort":64958},"response":{"statusCode":304,"responseTime":7,"contentLength":0}}
在网络浏览器中浏览Kibana
http://localhost:5601 http://172.25.10.179:5601
