首页 > 代码库 > CentOS7上配置ELK
CentOS7上配置ELK
一、Elasticsearch
1,从Elastic下载包到本地后解压缩。
2,Elasticsearch不让从root用户启动,所以需要单独建个用户
useradd elastic chown -R elastic:elastic elasticsearch-5.3.0
3,允许外网访问,修改conf里elasticsearch.yml,解注释:
network.host: 0.0.0.0
4,启动elasticsearch
su elastic sh elasticsearch-5.3.0/bin/elasticsearch -d
5,验证,浏览器访问服务器9200端口,应看到类似:
{ "name" : "ufJRIlo", "cluster_name" : "elasticsearch", "cluster_uuid" : "_na_", "version" : { "number" : "5.3.0", "build_hash" : "3adb13b", "build_date" : "2017-03-23T03:31:50.652Z", "build_snapshot" : false, "lucene_version" : "6.4.1" }, "tagline" : "You Know, for Search" }
二、LogStash
1,从elastic官网下包到本地解压。
2,创建配置文件logstash.conf
input { file { path => [ "/tmp/*.log","/root/zhoulei/new/loginserver/logs/packages/*ACCOUNT.log" ] exclude => [ "*DEBUG.log", "*INFO.log", "*ERROR.log" ] start_position => "beginning" } } filter{ grok{ match => { "message" => "%{DATA:logTime}\|%{DATA:gameId}\|%{DATA:serverId}\|%{DATA:version}\|%{DATA:logType}\|%{DATA:behavior}\|%{DATA:channelId}\|%{DATA:clientVersion}\|%{DATA:platform}\|%{DATA:accountId}\|%{DATA:accountName}\|%{DATA:roleId}\|%{DATA:roleName}\|%{DATA:etc}\|*" } } date{ match => [ "logTime","yyyy-MM-dd HH:mm:ss.SSS" ] target => "@timestamp" locale => "en" remove_field => [ "logTime" ] } if ([logType]=="SERVER"){ mutate{ split=>["message","|"] add_field =>{ "online" => "%{[message][22]}" "onlineMax" => "%{[message][23]}" } remove_field =>["onlineNum"] remove_field =>["maxNum"] } mutate{ convert => { "online" => "integer"} convert => { "onlineMax" => "integer"} } } } output { elasticsearch { hosts => ["127.0.0.1:9200"] } }
3,创建服务启动后台运行脚本
#!/bin/bash nohup ./logstash -f logstash.conf >nohup.out &
三、Kibana
1,下载安装包,可以下windows版,解压。
2,编辑conf里kibana.yml,设置elasticsearch服务url
elasticsearch.url: "http://127.0.0.1:9200/"
3,验证服务,浏览器访问kibana所在机器的5601端口,可以看到Kibana页面。
本文出自 “zl1030的记录” 博客,请务必保留此出处http://zl1030.blog.51cto.com/274507/1919697
CentOS7上配置ELK
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。