如何在RHEL8/CentOS8上建立多节点Elastic stack集群

向往天空的鱼 2019-09-27

如何在RHEL8/CentOS8上建立多节点Elastic stack集群

Elastic stack 俗称 ELK stack,是一组包括 Elasticsearch、Logstash 和 Kibana 在内的开源产品。Elastic Stack 由 Elastic 公司开发和维护。使用 Elastic stack,可以将系统日志发送到 Logstash,它是一个数据收集引擎,接受来自可能任何来源的日志或数据,并对日志进行归一化,然后将日志转发到 Elasticsearch,用于分析、索引、搜索和存储,最后使用 Kibana 表示为可视化数据,使用 Kibana,我们还可以基于用户的查询创建交互式图表。

在本文中,我们将演示如何在 RHEL 8 / CentOS 8 服务器上设置多节点 elastic stack 集群。以下是我的 Elastic Stack 集群的详细信息:

Elasticsearch:

  • 三台服务器,最小化安装 RHEL 8 / CentOS 8
  • IP & 主机名 – 192.168.56.40(elasticsearch1.linuxtechi.local)、192.168.56.50 (elasticsearch2.linuxtechi.local)、192.168.56.60(elasticsearch3.linuxtechi.local`)

Logstash:

  • 两台服务器,最小化安装 RHEL 8 / CentOS 8
  • IP & 主机 – 192.168.56.20(logstash1.linuxtechi.local)、192.168.56.30(logstash2.linuxtechi.local

Kibana:

  • 一台服务器,最小化安装 RHEL 8 / CentOS 8
  • IP & 主机名 – 192.168.56.10(kibana.linuxtechi.local

Filebeat:

  • 一台服务器,最小化安装 CentOS 7
  • IP & 主机名 – 192.168.56.70(web-server

让我们从设置 Elasticsearch 集群开始,

设置3个节点 Elasticsearch 集群

正如我已经说过的,设置 Elasticsearch 集群的节点,登录到每个节点,设置主机名并配置 yum/dnf 库。

使用命令 hostnamectl 设置各个节点上的主机名:

  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"elasticsearch1.linuxtechi. local"</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
  4. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"elasticsearch2.linuxtechi. local"</span>
  5. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
  6. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
  7. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"elasticsearch3.linuxtechi. local"</span>
  8. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
  9. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
对于 CentOS 8 系统,我们不需要配置任何操作系统包库,对于 RHEL 8 服务器,如果你有有效订阅,那么用红帽订阅以获得包存储库就可以了。如果你想为操作系统包配置本地 yum/dnf 存储库,请参考以下网址:
在所有节点上配置 Elasticsearch 包存储库,在 /etc/yum.repo.d/ 文件夹下创建一个包含以下内容的 elastic.repo 文件:
  1. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="kwd">yum</span><span class="pun">.</span><span class="pln">repos</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">elastic</span><span class="pun">.</span><span class="pln">repo</span>
  2.  
  3. <span class="pun">[</span><span class="pln">elasticsearch</span><span class="pun">-</span><span class="lit">7.x</span><span class="pun">]</span>
  4. <span class="pln">name</span><span class="pun">=</span><span class="typ">Elasticsearch</span><span class="pln"> repository </span><span class="kwd">for</span><span class="pln"> </span><span class="lit">7.x</span><span class="pln"> packages</span>
  5. <span class="pln">baseurl</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/packages/7.x/yum</span>
  6. <span class="pln">gpgcheck</span><span class="pun">=</span><span class="lit">1</span>
  7. <span class="pln">gpgkey</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
  8. <span class="pln">enabled</span><span class="pun">=</span><span class="lit">1</span>
  9. <span class="pln">autorefresh</span><span class="pun">=</span><span class="lit">1</span>
  10. <span class="pln">type</span><span class="pun">=</span><span class="pln">rpm</span><span class="pun">-</span><span class="pln">md</span>
保存文件并退出。
在所有三个节点上使用 rpm 命令导入 Elastic 公共签名密钥。
  1. <span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">--</span><span class="kwd">import</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
在所有三个节点的 /etc/hosts 文件中添加以下行:
  1. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pln">             elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  2. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.50</span><span class="pln">             elasticsearch2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  3. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.60</span><span class="pln">             elasticsearch3</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
使用 yum/dnf 命令在所有三个节点上安装 Java:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
使用 yum/dnf 命令在所有三个节点上安装 Elasticsearch:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install elasticsearch </span><span class="pun">-</span><span class="pln">y</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install elasticsearch </span><span class="pun">-</span><span class="pln">y</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install elasticsearch </span><span class="pun">-</span><span class="pln">y</span>
注意: 如果操作系统防火墙已启用并在每个 Elasticsearch 节点中运行,则使用 firewall-cmd 命令允许以下端口开放:
  1. <span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">9300</span><span class="pun">/</span><span class="pln">tcp</span>
  2. <span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">9200</span><span class="pun">/</span><span class="pln">tcp</span>
  3. <span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">reload</span>
配置 Elasticsearch, 在所有节点上编辑文件 /etc/elasticsearch/elasticsearch.yml 并加入以下内容:
  1. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vim</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">elasticsearch</span><span class="pun">/</span><span class="pln">elasticsearch</span><span class="pun">.</span><span class="pln">yml</span>
  2.  
  3. <span class="pln">cluster</span><span class="pun">.</span><span class="pln">name</span><span class="pun">:</span><span class="pln"> opn</span><span class="pun">-</span><span class="pln">cluster</span>
  4. <span class="pln">node</span><span class="pun">.</span><span class="pln">name</span><span class="pun">:</span><span class="pln"> elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  5. <span class="pln">network</span><span class="pun">.</span><span class="pln">host</span><span class="pun">:</span><span class="pln"> </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span>
  6. <span class="pln">http</span><span class="pun">.</span><span class="pln">port</span><span class="pun">:</span><span class="pln"> </span><span class="lit">9200</span>
  7. <span class="pln">discovery</span><span class="pun">.</span><span class="pln">seed_hosts</span><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">"elasticsearch1.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch2.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch3.linuxtechi.local"</span><span class="pun">]</span>
  8. <span class="pln">cluster</span><span class="pun">.</span><span class="pln">initial_master_nodes</span><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">"elasticsearch1.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch2.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch3.linuxtechi.local"</span><span class="pun">]</span>
注意: 在每个节点上,在 node.name 中填写正确的主机名,在 network.host 中填写正确的 IP 地址,其他参数保持不变。
现在使用 systemctl 命令在所有三个节点上启动并启用 Elasticsearch 服务:
  1. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> daemon</span><span class="pun">-</span><span class="pln">reload</span>
  2. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> enable elasticsearch</span><span class="pun">.</span><span class="pln">service</span>
  3. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> start elasticsearch</span><span class="pun">.</span><span class="pln">service</span>
使用下面 ss 命令验证 elasticsearch 节点是否开始监听 9200 端口:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">ss</span><span class="pln"> </span><span class="pun">-</span><span class="pln">tunlp </span><span class="pun">|</span><span class="pln"> </span><span class="kwd">grep</span><span class="pln"> </span><span class="lit">9200</span>
  2. <span class="pln">tcp   LISTEN  </span><span class="lit">0</span><span class="pln">       </span><span class="lit">128</span><span class="pln">       </span><span class="pun">[::</span><span class="pln">ffff</span><span class="pun">:</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pun">]:</span><span class="lit">9200</span><span class="pln">              </span><span class="pun">*:*</span><span class="pln">     </span><span class="kwd">users</span><span class="pun">:((</span><span class="str">"java"</span><span class="pun">,</span><span class="pln">pid</span><span class="pun">=</span><span class="lit">2734</span><span class="pun">,</span><span class="pln">fd</span><span class="pun">=</span><span class="lit">256</span><span class="pun">))</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
使用以下 curl 命令验证 Elasticsearch 群集状态:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> curl  http</span><span class="pun">:</span><span class="com">//elasticsearch1.linuxtechi.local:9200</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> curl </span><span class="pun">-</span><span class="pln">X GET  http</span><span class="pun">:</span><span class="com">//elasticsearch2.linuxtechi.local:9200/_cluster/health?pretty</span>
命令的输出如下所示:
如何在RHEL8/CentOS8上建立多节点Elastic stack集群
Elasticsearch-cluster-status-rhel8
以上输出表明我们已经成功创建了 3 节点的 Elasticsearch 集群,集群的状态也是绿色的。
注意: 如果你想修改 JVM 堆大小,那么你可以编辑了文件 /etc/elasticsearch/jvm.options,并根据你的环境更改以下参数:
  • -Xms1g
    •     
  • -Xmx1g
现在让我们转到 Logstash 节点。
安装和配置 Logstash
在两个 Logstash 节点上执行以下步骤。
登录到两个节点使用 hostnamectl 命令设置主机名:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"logstash1.linuxtechi.local"</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
  4. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"logstash2.linuxtechi.local"</span>
  5. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
  6. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
在两个 logstash 节点的 /etc/hosts 文件中添加以下条目:
  1. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">hosts</span>
  2. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pln">             elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  3. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.50</span><span class="pln">             elasticsearch2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  4. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.60</span><span class="pln">             elasticsearch3</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
保存文件并退出。
在两个节点上配置 Logstash 存储库,在文件夹 /ete/yum.repo.d/ 下创建一个包含以下内容的文件 logstash.repo
  1. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="kwd">yum</span><span class="pun">.</span><span class="pln">repos</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">.</span><span class="pln">repo</span>
  2.  
  3. <span class="pun">[</span><span class="pln">elasticsearch</span><span class="pun">-</span><span class="lit">7.x</span><span class="pun">]</span>
  4. <span class="pln">name</span><span class="pun">=</span><span class="typ">Elasticsearch</span><span class="pln"> repository </span><span class="kwd">for</span><span class="pln"> </span><span class="lit">7.x</span><span class="pln"> packages</span>
  5. <span class="pln">baseurl</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/packages/7.x/yum</span>
  6. <span class="pln">gpgcheck</span><span class="pun">=</span><span class="lit">1</span>
  7. <span class="pln">gpgkey</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
  8. <span class="pln">enabled</span><span class="pun">=</span><span class="lit">1</span>
  9. <span class="pln">autorefresh</span><span class="pun">=</span><span class="lit">1</span>
  10. <span class="pln">type</span><span class="pun">=</span><span class="pln">rpm</span><span class="pun">-</span><span class="pln">md</span>
保存并退出文件,运行 rpm 命令导入签名密钥:
  1. <span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">--</span><span class="kwd">import</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
使用 yum/dnf 命令在两个节点上安装 Java OpenJDK:
  1. <span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
从两个节点运行 yum/dnf 命令来安装 logstash:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install logstash </span><span class="pun">-</span><span class="pln">y</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install logstash </span><span class="pun">-</span><span class="pln">y</span>
现在配置 logstash,在两个 logstash 节点上执行以下步骤,创建一个 logstash 配置文件,首先我们在 /etc/logstash/conf.d/ 下复制 logstash 示例文件:
  1. <span class="com">#</span><span class="pln"> </span><span class="kwd">cd</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">/</span>
  2. <span class="com">#</span><span class="pln"> </span><span class="kwd">cp</span><span class="pln"> logstash</span><span class="pun">-</span><span class="pln">sample</span><span class="pun">.</span><span class="pln">conf conf</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">.</span><span class="pln">conf</span>
编辑配置文件并更新以下内容:
  1. <span class="com">#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> conf</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">.</span><span class="pln">conf</span>
  2.  
  3. <span class="pln">input </span><span class="pun">{</span>
  4. <span class="pln">  beats </span><span class="pun">{</span>
  5. <span class="pln">    port </span><span class="pun">=></span><span class="pln"> </span><span class="lit">5044</span>
  6. <span class="pln">  </span><span class="pun">}</span>
  7. <span class="pun">}</span>
  8.  
  9. <span class="pln">output </span><span class="pun">{</span>
  10. <span class="pln">  elasticsearch </span><span class="pun">{</span>
  11. <span class="pln">    hosts </span><span class="pun">=></span><span class="pln"> </span><span class="pun">[</span><span class="str">"http://elasticsearch1.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch2.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch3.linuxtechi.local:9200"</span><span class="pun">]</span>
  12. <span class="pln">    index </span><span class="pun">=></span><span class="pln"> </span><span class="str">"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"</span>
  13. <span class="pln">    </span><span class="com">#</span><span class="pln">user </span><span class="pun">=></span><span class="pln"> </span><span class="str">"elastic"</span>
  14. <span class="pln">    </span><span class="com">#</span><span class="pln">password </span><span class="pun">=></span><span class="pln"> </span><span class="str">"changeme"</span>
  15. <span class="pln">  </span><span class="pun">}</span>
  16. <span class="pun">}</span>
output 部分之下,在 hosts 参数中指定所有三个 Elasticsearch 节点的 FQDN,其他参数保持不变。
使用 firewall-cmd 命令在操作系统防火墙中允许 logstash 端口 “5044”:
  1. <span class="pun">~</span><span class="pln"> </span><span class="com">#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">5044</span><span class="pun">/</span><span class="pln">tcp</span>
  2. <span class="pun">~</span><span class="pln"> </span><span class="com">#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">–</span><span class="pln">reload</span>
现在,在每个节点上运行以下 systemctl 命令,启动并启用 Logstash 服务:
  1. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> start logstash</span>
  2. <span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> eanble logstash</span>
使用 ss 命令验证 logstash 服务是否开始监听 5044 端口:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">ss</span><span class="pln"> </span><span class="pun">-</span><span class="pln">tunlp </span><span class="pun">|</span><span class="pln"> </span><span class="kwd">grep</span><span class="pln"> </span><span class="lit">5044</span>
  2. <span class="pln">tcp   LISTEN  </span><span class="lit">0</span><span class="pln">       </span><span class="lit">128</span><span class="pln">                         </span><span class="pun">*:</span><span class="lit">5044</span><span class="pln">                </span><span class="pun">*:*</span><span class="pln">      </span><span class="kwd">users</span><span class="pun">:((</span><span class="str">"java"</span><span class="pun">,</span><span class="pln">pid</span><span class="pun">=</span><span class="lit">2416</span><span class="pun">,</span><span class="pln">fd</span><span class="pun">=</span><span class="lit">96</span><span class="pun">))</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
以上输出表明 logstash 已成功安装和配置。让我们转到 Kibana 安装。
安装和配置 Kibana
登录 Kibana 节点,使用 hostnamectl 命令设置主机名:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"kibana.linuxtechi.local"</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
编辑 /etc/hosts 文件并添加以下行:
  1. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pln">             elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  2. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.50</span><span class="pln">             elasticsearch2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  3. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.60</span><span class="pln">             elasticsearch3</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
使用以下命令设置 Kibana 存储库:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="kwd">yum</span><span class="pun">.</span><span class="pln">repos</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">kibana</span><span class="pun">.</span><span class="pln">repo</span>
  2. <span class="pun">[</span><span class="pln">elasticsearch</span><span class="pun">-</span><span class="lit">7.x</span><span class="pun">]</span>
  3. <span class="pln">name</span><span class="pun">=</span><span class="typ">Elasticsearch</span><span class="pln"> repository </span><span class="kwd">for</span><span class="pln"> </span><span class="lit">7.x</span><span class="pln"> packages</span>
  4. <span class="pln">baseurl</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/packages/7.x/yum</span>
  5. <span class="pln">gpgcheck</span><span class="pun">=</span><span class="lit">1</span>
  6. <span class="pln">gpgkey</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
  7. <span class="pln">enabled</span><span class="pun">=</span><span class="lit">1</span>
  8. <span class="pln">autorefresh</span><span class="pun">=</span><span class="lit">1</span>
  9. <span class="pln">type</span><span class="pun">=</span><span class="pln">rpm</span><span class="pun">-</span><span class="pln">md</span>
  10.  
  11. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">--</span><span class="kwd">import</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
执行 yum/dnf 命令安装 kibana:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">yum</span><span class="pln"> install kibana </span><span class="pun">-</span><span class="pln">y</span>
通过编辑 /etc/kibana/kibana.yml 文件,配置 Kibana:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vim</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">kibana</span><span class="pun">/</span><span class="pln">kibana</span><span class="pun">.</span><span class="pln">yml</span>
  2. <span class="pun">…………</span>
  3. <span class="pln">server</span><span class="pun">.</span><span class="pln">host</span><span class="pun">:</span><span class="pln"> </span><span class="str">"kibana.linuxtechi.local"</span>
  4. <span class="pln">server</span><span class="pun">.</span><span class="pln">name</span><span class="pun">:</span><span class="pln"> </span><span class="str">"kibana.linuxtechi.local"</span>
  5. <span class="pln">elasticsearch</span><span class="pun">.</span><span class="pln">hosts</span><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">"http://elasticsearch1.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch2.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch3.linuxtechi.local:9200"</span><span class="pun">]</span>
  6. <span class="pun">…………</span>
启用并启动 kibana 服务:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> start kibana</span>
  2. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> enable kibana</span>
在系统防火墙上允许 Kibana 端口 “5601”:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">5601</span><span class="pun">/</span><span class="pln">tcp</span>
  2. <span class="pln">success</span>
  3. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">reload</span>
  4. <span class="pln">success</span>
  5. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
使用以下 URL 访问 Kibana 界面:http://kibana.linuxtechi.local:5601
如何在RHEL8/CentOS8上建立多节点Elastic stack集群
Kibana-Dashboard-rhel8
从面板上,我们可以检查 Elastic Stack 集群的状态。
如何在RHEL8/CentOS8上建立多节点Elastic stack集群
Stack-Monitoring-Overview-RHEL8
这证明我们已经在 RHEL 8 /CentOS 8 上成功地安装并设置了多节点 Elastic Stack 集群。
现在让我们通过 filebeat 从其他 Linux 服务器发送一些日志到 logstash 节点中,在我的例子中,我有一个 CentOS 7服务器,我将通过 filebeat 将该服务器的所有重要日志推送到 logstash。
登录到 CentOS 7 服务器使用 yum/rpm 命令安装 filebeat 包:
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">-</span><span class="pln">ivh https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.1-x86_64.rpm</span>
  2. <span class="typ">Retrieving</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.1-x86_64.rpm</span>
  3. <span class="typ">Preparing</span><span class="pun">...</span><span class="pln">                          </span><span class="com">################################# [100%]</span>
  4. <span class="typ">Updating</span><span class="pln"> </span><span class="pun">/</span><span class="pln"> installing</span><span class="pun">...</span>
  5. <span class="pln">   </span><span class="lit">1</span><span class="pun">:</span><span class="pln">filebeat</span><span class="pun">-</span><span class="lit">7.3</span><span class="pun">.</span><span class="lit">1</span><span class="pun">-</span><span class="lit">1</span><span class="pln">                 </span><span class="com">################################# [100%]</span>
  6. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
编辑 /etc/hosts 文件并添加以下内容:
  1. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.20</span><span class="pln">             logstash1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
  2. <span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.30</span><span class="pln">             logstash2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
现在配置 filebeat,以便它可以使用负载平衡技术向 logstash 节点发送日志,编辑文件 /etc/filebeat/filebeat.yml,并添加以下参数:
filebeat.inputs: 部分将 enabled: false 更改为 enabled: true,并在 paths 参数下指定我们可以发送到 logstash 的日志文件的位置;注释掉 output.elasticsearchhost 参数;删除 output.logstash:hosts: 的注释,并在 hosts 参数添加两个 logstash 节点,以及设置 loadbalance: true
  1. <span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">filebeat</span><span class="pun">/</span><span class="pln">filebeat</span><span class="pun">.</span><span class="pln">yml</span>
  2.  
  3. <span class="pln">filebeat</span><span class="pun">.</span><span class="pln">inputs</span><span class="pun">:</span>
  4. <span class="pun">-</span><span class="pln"> type</span&g 
 
 
 
 
  向往天空的鱼  
 
 
  向往天空的鱼  
 
 
 
 
 
  
 
 
 
 
相关推荐
  
 
 
  Elastic Stack:Centos7安装Kibana7.7.1以及开机自启  
 
 
 
     配置文件的修改:。如果elasticsearch和kibana在一台机器上,则不需要改动。进入kibana的bin目录下,执行命令。kibana默认的端口是5601,在浏览器输入ip地址:5601,即可访问。添加到系统服务,开机自启   
 
 
 技术与更多  / 0评论  2020-06-06  
 
  
 
 
  浅尝 Elastic Stack (五) Logstash + Beats + Kafka  
 
 
 
     在 Elasticsearch、Kibana、Beats 安装 中讲到推荐架构:。本文基于 Logstash + Beats 读取 Spring Boot 日志 将其改为上述架构   
 
 
 goodstudy  / 0评论  2020-06-05  
 
  
 
 
  elastic search分布式?作原理  
 
 
 
       Elasticsearch 是分布式的,但是对于我们开发者来说并未过多的参与其中,我们只需启动对应数量的节点,并给它们分配相同的 cluster.name 让它们归属于同?个集群,创建索引的 时候只需指定索引主分?数 即可,其他的都交给了 ES 内部?   
 
 
 亦碎流年  / 0评论  2020-05-04  
 
  
 
 
  Elastic Search 的原理  
 
 
 
     Elastic Search 是分布式的,但是对于我们开发者来说并未过多的参与其中,我们只需启动对应数量的节点,并给它们分配相同的 cluster.name,让它们归属于同一个集群,创建索引的时候只需指定索引主分片数和副分片数即可,其他的都交给了 ES 内   
 
 
 shawsun  / 0评论  2020-04-07  
 
  
 
 
  时间序列数据库(TSDB)初识与选择(InfluxDB、OpenTSDB、Druid、Elastic  
 
 
 
     大数据、人工智能、物联网、机器学习、商业智能、智能预警啊等等。现在业务已经不仅仅满足于这种简单的管理和控制了。数据可视化分析,大数据信息挖掘,统计预测,建模仿真,智能控制成了各种业务的追求。时间序列数据库主要用于指处理带时间标签的数据,带时间标签的数据也称   
 
 
 chognzhihongseu  / 0评论  2020-03-06  
 
  
 
 
  Elasticsearch 概念理解  
 
 
 
     当主节点和数据节点配置都设置为false的时候,该节点只能处理路由请求,处理搜索,分发索引操作等,从本质上来说该客户节点表现为智能负载平衡器。数据节点主要是存储索引数据的节点,主要对文档进行增删改查操作,聚合操作等。数据节点对cpu,内存,io要求较高,主   
 
 
 houhow  / 0评论  2019-12-22  
 
  
 
 
  Elastic:如何在一个机器上同时模拟多个node  
 
 
 
     现在,我们将展示如何启动您的第一个实例。为此,请打开终端并转到Elasticsearch的安装目录。然后使用以下命令启动名为node1的节点:。此命令使用选项-E将参数node.name设置为node1。要启动其他两个实例非常简单:您只需要使用相同的命令,   
 
 
 阳光岛主  / 0评论  2019-12-21  
 
  
 
 
  Elastic 使用索引生命周期管理实现热温冷架构  
 
 
 
     索引生命周期管理  是在 Elasticsearch 6.6(公测版)首次引入并在 6.7 版正式推出的一项功能。在本篇博客中,我们将探讨如何使用 ILM 实现热温冷架构。热温冷架构常用于日志或指标类的时序数据。例如,假设正在使用 Elasticsearc   
 
 
 IT小小鸟  / 0评论  2019-12-21  
 
  
 
 
  如何在 RHEL8 /CentOS8 上建立多节点 Elastic stack 集群  
 
 
 
     Elastic stack 俗称 ELK stack,是一组包括 Elasticsearch、Logstash 和 Kibana 在内的开源产品。Elastic Stack 由 Elastic 公司开发和维护。使用 Elastic stack,可以将系统日   
 
 
 神龙架游记javaee  / 0评论  2019-11-25  
 
  
 
 
  Elastic Stack 日志分析平台搭建笔记  
 
 
 
     Elastic Stack 由 Elasticsearch、Logstash、Kibana 和 Beats 四个组件组成:。Beats,是轻量型采集器的平台,从边缘机器向 Logstash 和 Elasticsearch 发送数据。Logstash,集中、   
 
 
 偏头痛杨  / 0评论  2019-06-30  
 
  
 
 
  主流全文索引工具的比较( Lucene, Sphinx, solr, elastic search)  
 
 
 
     )), 我发现了两个不错的候选:1. lucene 2. sphinx两者都有很不错的口碑。所以今天更加进一步的调查。) Sphinx 使用字典进行分词,所以driving 和 drive 返回的搜索结果是一样的。------------回答2.I don   
 
 
 年轻就要对味  / 0评论  2015-01-25  
 
  
 
 
  Elastic Stack实战学习教程~日志数据的收集、分析与可视化  
 
 
 
     Elastic Stack介绍近几年,互联网生成数据的速度不断递增,为了便于用户能够更快更精准的找到想要的内容,站内搜索或应用内搜索成了不可缺少了的功能之一。同时,企业积累的数据也再不断递增,对海量数据分析处理、可视化的需求也越来越高。   
 
 
 huizhejian  / 0评论  2019-06-29  
 
  
 
 
  主流全文索引工具的比较( Lucene, Sphinx, solr, elastic search)  
 
 
 
     前几天的调研(Rails3下的fulltextsearch(全文本搜索,全文匹配?)),我发现了两个不错的候选:。两者都有很不错的口碑。所以今天更加进一步的调查。把看到的有价值的文章记录在这里:。结果相关度是排序的默认条件。你也可以自行指定,也可以配置不同   
 
 
 momomoniqwer  / 0评论  2012-06-15  
 
  
 
 
  Opbeat已死,请用Elastic APM  
 
 
 
     今天收到Opbeat即将关闭的邮件。APM服务众多,Opbeat有什么优势呢?简单,UI简洁可以和Git集成,方便看版本发布后性能变化类似sentry的错误收集功能后来Opbeat被Elastic收购了,做成了Elastic APM,过了快一年终于迎来关服   
 
 
 七夕小子  / 0评论  2019-06-27  
 
  
 
 
  探索 - Elastic Stack(ELK)实时日志分析平台  
 
 
 
     简介Elasticsearch搜索、分析和存储您的数据。Logstash  Logstash 是动态数据收集管道,拥有可扩展的插件生态系统,能够与 Elasticsearch 产生强大的协同作用。Beats  Beats 是轻量型采集器的平台,从边缘机器向   
 
 
 小周周i  / 0评论  2019-06-27  
 
  
 
 
  Elastic Stack技术栈深入研究  
 
 
 
     目前beats支持以下几种:。logstash的hello worldlogstash -e 'input { stdin { } } output { stdout {} }'在logstash中有输,过滤,输出即:input,filter,output   
 
 
 cullinans  / 0评论  2019-06-21  
 
  
 
 
  搜索引擎Elastic 今日在纽交所上市,股价最高暴涨122%  
 
 
 
     10 月 6 日,Elastic 正式在纽约证券交易所上市,股票代码为"ESTC"。开盘之后股价直线拉升,最高点涨幅达122%,截止到收盘涨幅回落到94%,意味着上市第一天估值接近翻倍。700 万普通股募集资金约 1.92 亿美元,上市   
 
 
 chaojilaji  / 0评论  2018-10-08  
 
  
 
 
  日志分析工具Elastic Stack新版发布,加强可视化和协作工具  
 
 
 
     近日,开源搜索和分析公司Elastic发布了其Elastic Stack开源实用程序套件6.5版本,在Elastic APM工具中引入了基础架构监控,分布式跟踪支持以及Java和Go代理。虽然此版本可能被标记为“次要版本”,但Elastic解释说,基础堆栈   
 
 
 狐狸小七  / 0评论  2018-11-15  
 
  
 
 
  腾讯技术课|基于Elastic Stack 搭建日志分析平台  
 
 
 
     随着互联网、物联网的飞速发展,软硬件系统架构变得越来越复杂,分析各种系统产生的日志也变得越来越困难。在日志分析过程中,相信大部分同学会碰到以下问题:。在错误信息的上下文中,查找与问题相关的日志时,只能通过一些简单的less、grep等命令来做过滤,效率比较   
 
 
 slibraL  / 0评论  2018-08-31  
 
  
 
 
  如何在CentOS 7上安装Elastic Stack  
 
 
 
     Elasticsearch 是基于 Lucene 由 Java 开发的开源搜索引擎。),并带有  HTTP 仪表盘的 Web 界面。数据会被 Elasticsearch 查询、检索,并且使用 JSON 文档方案存储。Elasticsearch  是一个可扩   
 
 
 ivanlxf  / 0评论  2017-05-03  
 
  
 
 
  详解centos7上elastic search安装及填坑记  
 
 
 
     -Xmx2g → -Xmx512m错误2: can not run elasticsearch as root. 在 Linux 环境中,elasticsearch 不允许以 root 权限来运行!所以需要创建一个非root用户,以非root用户来起es.   
 
 
 IceStreamLab  / 0评论  2018-01-13  
 
  
 
 
  elastic search(es)安装  
 
 
 
     全文搜索属于最常见的需求,开源的Elasticsearch是目前全文搜索引擎的首选。它可以快速地储存、搜索和分析海量数据。维基百科、Stack Overflow、Github 都采用它。Elastic 的底层是开源库Lucene。但是,你没法直接用 Luc   
 
 
 MATLAB  / 0评论  2018-05-08  
 
  
 
 
  Elastic Search Java Api  
 
 
 
     实际上 Elastic Search 的 Rest Api 提供了所有的操作接口。在编程语言中可以直接这么使用 Rest Api 可以调用 Elastic Search 的所有功能,但是非常的不方便和直观,所以Elastic Search 官方也为很多语言   
 
 
 前路迢迢  / 0评论  2018-01-16  
 
  
 
 
  Elastic Search搜索引擎在SpringBoot中的实践  
 
 
 
     实验环境ES版本:5.3.0spring bt版本:1.5.9首先当然需要安装好elastic search环境,最好再安装上可视化插件 elasticsearch-head来便于我们直观地查看数据。注意在新建项目时记得勾选web和NoSQL中的Elast   
 
 
 学习编程  / 0评论  2018-01-10