1> ES cluster
[23:23:40 root@noise elasticsearch-head]#grep -Evn "#|^$" /etc/elasticsearch/elasticsearch.yml
1:cluster.name: elastic.example.com
2:node.name: 10.0.0.201
3:node.master: true
4:node.data: true
5:path.data: /var/lib/elasticsearch
6:path.logs: /var/log/elasticsearch
7:network.host: 0.0.0.0
8:http.port: 9200
9:http.cors.enabled: true
10:http.cors.allow-origin: "*"
11:discovery.seed_hosts: ["10.0.0.201", "10.0.0.202","10.0.0.203"]
12:cluster.initial_master_nodes: ["10.0.0.201"]
[17:43:40 root@noise ~]#curl -XGET 10.0.0.202:9200/_cat/nodes
10.0.0.203 13 95 0 0.00 0.00 0.00 cdfhilmrstw - 10.0.0.203
10.0.0.201 16 70 4 0.24 0.12 0.09 cdfhilmrstw * 10.0.0.201
10.0.0.202 20 91 1 0.00 0.00 0.00 cdfhilmrstw - 10.0.0.202
成功配置如下
curl 10.0.0.202:9200 - 结果如下:
{
"name" : "10.0.0.202", --> 每个节点自己的IP
"cluster_name" : "elastic.example.com",
"cluster_uuid" : "MSSP7MIjQoaZbbyLa0_Gqw",
"version" : {
"number" : "7.15.2",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "93d5a7f6192e8a1a12e154a2b81bf6fa7309da0c",
"build_date" : "2021-11-04T14:04:42.515624022Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
安装ES web可视化插件head
[23:21:23 root@noise elasticsearch-head]elasticsearch-plugin install analysis-smartcn
[23:21:23 root@noise elasticsearch-head]elasticsearch-plugin install analysis-icu
[23:21:23 root@noise elasticsearch-head]apt install npm git grunt -y
[23:21:23 root@noise elasticsearch-head]mkdir /data/es/plugins -p
[23:21:23 root@noise elasticsearch-head]cd /data/es/plugins/
[23:21:23 root@noise elasticsearch-head]git clone https://gitee.com/mynextlifestyle/elasticsearch-head.git
[23:21:23 root@noise elasticsearch-head]cd elasticsearch-head/
[23:21:23 root@noise elasticsearch-head]npm config set registry https://registry.npm.taobao.org
[23:21:23 root@noise elasticsearch-head]npm install --force
[23:21:23 root@noise elasticsearch-head]cd /data/es/plugins/elasticsearch-head/
[23:21:23 root@noise elasticsearch-head]vim Gruntfile.js
[23:21:23 root@noise elasticsearch-head]vim _site/app.js
[23:21:23 root@noise elasticsearch-head]#grep -n "hostname" /data/es/plugins/elasticsearch-head/Gruntfile.js
97: hostname: '*',
[23:22:04 root@noise elasticsearch-head]#grep -n "http:" /data/es/plugins/elasticsearch-head/_site/app.js
4388: this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://10.0.0.201:9200";
2> 安装logstash ,并配置好yml
[17:39:14 root@dev ~]#logstash -e 'input { stdin { } } output { stdout { } }'
Using bundled JDK: /usr/share/logstash/jdk
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2021-11-21 17:41:26.578 [main] runner - Starting Logstash {"logstash.version"=>"7.15.2", "jruby.version"=>"jruby 9.2.19.0 (2.5.8) 2021-06-15 55810c552b OpenJDK 64-Bit Server VM 11.0.12+7 on 11.0.12+7 +indy +jit [linux-x86_64]"}
[INFO ] 2021-11-21 17:41:26.608 [main] writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
[INFO ] 2021-11-21 17:41:26.622 [main] writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
[WARN ] 2021-11-21 17:41:26.937 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2021-11-21 17:41:26.959 [LogStash::Runner] agent - No persistent UUID file found. Generating new UUID {:uuid=>"8b041cf4-08e5-47c1-8ed8-1203cc12c217", :path=>"/usr/share/logstash/data/uuid"}
[INFO ] 2021-11-21 17:41:28.219 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2021-11-21 17:41:28.629 [Converge PipelineAction::Create<main>] Reflections - Reflections took 66 ms to scan 1 urls, producing 120 keys and 417 values
[WARN ] 2021-11-21 17:41:29.265 [Converge PipelineAction::Create<main>] line - Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[WARN ] 2021-11-21 17:41:29.295 [Converge PipelineAction::Create<main>] stdin - Relying on default value of `pipeline.ecs_compatibility`, which may change in a future major release of Logstash. To avoid unexpected changes when upgrading Logstash, please explicitly declare your desired ECS Compatibility mode.
[INFO ] 2021-11-21 17:41:29.552 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>250, "pipeline.sources"=>["config string"], :thread=>"#<Thread:0x47352d86 run>"}
[INFO ] 2021-11-21 17:41:30.274 [[main]-pipeline-manager] javapipeline - Pipeline Java execution initialization time {"seconds"=>0.72}
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.jrubystdinchannel.StdinChannelLibrary$Reader (file:/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jruby-stdin-channel-0.2.0-java/lib/jruby_stdin_channel/jruby_stdin_channel.jar) to field java.io.FilterInputStream.in
WARNING: Please consider reporting this to the maintainers of com.jrubystdinchannel.StdinChannelLibrary$Reader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
[INFO ] 2021-11-21 17:41:30.372 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
[INFO ] 2021-11-21 17:41:30.410 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
The stdin plugin is now waiting for input:
nihao,pengyou
{
"host" => "dev.noisedu.cn",
"@version" => "1",
"message" => "nihao,pengyou",
"@timestamp" => 2021-11-21T09:41:35.285Z
}
^C[WARN ] 2021-11-21 17:41:41.368 [SIGINT handler] runner - SIGINT received. Shutting down.
[INFO ] 2021-11-21 17:41:41.583 [[main]-pipeline-manager] javapipeline - Pipeline terminated {"pipeline.id"=>"main"}
[INFO ] 2021-11-21 17:41:42.490 [LogStash::Runner] runner - Logstash shut down.
[23:18:15 root@noise ~]#cat /etc/logstash/conf.d/logstash.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://10.0.0.201:9200"]
index => "logstash-nginx-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
3> 安装filebeat,并配置好yml
[23:13:02 root@noise ~]#cat /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
paths:
- /var/log/nginx/access.log
setup.template.settings:
index.number_of_shards: 5
#output.elasticsearch:
output.logstash:
hosts: ["10.0.0.204:5044"]
template.name: "filebeat"
4>安装kibana [23:19:19 root@noise ~]#grep -Env "#|^$" /etc/kibana/kibana.yml 1:server.port: 5601 2:server.host: "0.0.0.0" 3:elasticsearch.hosts: ["http://10.0.0.201:9200"] 4:kibana.index: ".kibana" 5:i18n.locale: "zh-CN"
5> 开始测试 访问nginx,会自动记载通过filebeat通过5044端口传给logstash,然后logstash通过端口9200传给es集群,集群此时head能查看到数据,并且稍后会在kibana查看到
