咱们废话少说,直接切入正题

先看版本

filebeat1.0.0-rc2  logstash2.0.0-1  elasticsearch2.0.0  kibana4.2


那么多内容可以简单归结如下:

名词解释

Elasticsearch              存储索引

Kibana                       UI

Kibana dashboard      可视化思维图

Logstash Input Beats plugin     收集事件

Elasticsearch output plugin       发送事务

Filebeat                     日志数据托运人shipper

Topbeat                    轻量级服务器监控

Packetbeat                在线网络数据包分析

架构

ELK Stack最新版本测试一安装篇ELK Stack最新版本测试一安装篇

一,客户端安装

filebeat架构

ELK Stack最新版本测试一安装篇ELK Stack最新版本测试一安装篇

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-installation

nginx日志客户端安装filebeat

安装filebeat

curl  -L  -O https://download.elastic.co/beats/filebeat/filebeat-1.0.0-rc2-x86_64.rpm

rpm-vi filebeat-1.0.0-rc2-x86_64.rpm

配置filebeat

/etc/filebeat/filebeat.yml


Filebeat configuration:

filebeat:
  prospectors:
    -
      paths:
        - "/var/log/*.log"
      fields:
        type: syslog
output:
  elasticsearch:
    enabled: true
    hosts: ["http://localhost:5043"]


启动filebeat


[[email protected] filebeat]# curl -XPUT 'http://192.168.0.58:9200/_template/filebeat?pretty' [email protected]/etc/filebeat/filebeat.template.json
{
  "acknowledged" : true

}

topbeat

https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-getting-started.html

curl -L -O  https://download.elastic.co/beats/topbeat/topbeat-1.0.0-rc2-x86_64.rpm  

rpm -vih topbeat-1.0.0-rc2-x86_64.rpm


packetbeat

https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-getting-started.html

yum install libpcap

curl -L -O https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-rc2-x86_64.rpm

rpm -vi packetbeat-1.0.0-rc2-x86_64.rpm


二,服务器端安装

安装elk

https://www.elastic.co/guide/en/beats/libbeat/1.0.0-rc2/getting-started.html#logstash-setup

既可以分析日志,又可以监控服务器状态,还可以分析http协议等网络数据包。

elasticearch安装

yum install java-1.7.0-openjdk

curl -L -O https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-2.0.0.rpm 

rpm -ivh elasticsearch-2.0.0.rpm


配置启动

cat /etc/elasticsearch/elasticsearch.yml  |grep -Ev "^$|^#"
path.data: /data
path.logs: /data/elklogs

network.host: 192.168.0.58

chmod elasticsearch:elasticsearch /data/elasticsearch/ -R

chmod elasticsearch:elasticsearch /data/elklogs/ -R

service elasticsearch start



测试elasticearch

[[email protected] ~]# curl http://127.0.0.1:9200
{
  "name" : "Redwing",
  "cluster_name" : "elasticsearch",
  "version" : {
    "number" : "2.0.0",
    "build_hash" : "de54438d6af8f9340d50c5c786151783ce7d6be5",
    "build_timestamp" : "2015-10-22T08:09:48Z",
    "build_snapshot" : false,
    "lucene_version" : "5.2.1"
  },
  "tagline" : "You Know, for Search"

}

logstash安装(102.131)

curl  -L  -O https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.0.0-1.noarch.rpm

rpm -ivh logstash-2.0.0-1.noarch.rpm



logstash配置

cat nginxconf.json

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => "192.168.0.58:9200"
    sniffing => true
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }

}



kibana安装


curl  -L  -O https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz

tar xzvf kibana-4.2.0-linux-x64.tar.gz

cd kibana-4.2.0-linux-x64/

./bin/kibana


先修改kibana.yml 可设置端口号,elaticsearch

mv  kibana-4.2.0-linux-x64 /var/kibana

nohup /var/kibana/bin/kibana -e  http://192.168.0.58:9200 &

  log   [13:14:14.588] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
  log   [13:14:14.617] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [13:14:14.630] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
  log   [13:14:14.639] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
  log   [13:14:14.646] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
  log   [13:14:14.655] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
  log   [13:14:14.658] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
  log   [13:14:14.661] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready

  log   [13:14:14.663] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready

  log   [13:14:14.675] [info][listening] Server running at http://0.0.0.0:5601


kibana dashboard加载

curl  -L  -O http://download.elastic.co/beats/dashboards/beats-dashboards-1.0.0-rc2.tar.gz

tar xzvf beats-dashboards-1.0.0-rc2.tar.gz

cd beats-dashboards-1.0.0-rc2/

./load.sh


./load.sh  http://192.168.0.58:9200
curl
Loading search Cache-transactions:
{"_index":".kibana","_type":"search","_id":"Cache-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}
Loading search DB-transactions:

{"_index":".kibana","_type":"search","_id":"DB-transactions","_version":1,"_shards":{"total":2,"successful":1,"failed":0},"created":true}


最后测试索引的命令如下:

curl 192.168.0.58:9200/_cat/indices

yellow open .kibana             1 1   93 0  69kb  69kb

yellow open filebeat-2015.11.18 5 1 4109 0 2.9mb 2.9mb

详细配置可以参考配置篇

http://jerrymin.blog.51cto.com/3002256/1720110