日志平台ELK单节点搭建

一、jdk11安装配置

1、解压

tar -zxvf jdk-11.0.8_linux-x64_bin.tar.gz -C /usr/local/

2、配置环境变量

vim /etc/profile

# jdk11
export JAVA_HOME=/usr/local/jdk-11.0.8
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

source /etc/profile

3、查看版本

java -version

二、elasticsearch安装

1、下载

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.1-x86_64.rpm

2、安装

yum localinstall elasticsearch-7.14.1-x86_64.rpm -y

3、修改配置文件

vim /etc/elasticsearch/elasticsearch.yml

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
discovery.type: single-node

4、启动服务

systemctl enable elasticsearch

systemctl start elasticsearch

systemctl status elasticsearch

netstat -lntp |grep 9200

netstat -lntp |grep 9300

5、设置密码

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

密码

mhg1230

访问

http://192.168.117.183:9200/

看节点

http://192.168.117.183:9200/_cat/nodes?v

三、kibana安装

1、下载

wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.1-x86_64.rpm

2、安装

yum localinstall kibana-7.14.1-x86_64.rpm -y

3、修改配置文件

vim /etc/kibana/kibana.yml

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.117.183:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "mhg1230"
logging.dest: /tmp/kibana.log

4、启动服务

systemctl enable kibana

systemctl start kibana

systemctl status kibana

netstat -lntp |grep 5601

访问

http://192.168.117.183:5601/

账号密码：elastic/mhg1230

四、logstash安装

1、下载

wget https://artifacts.elastic.co/downloads/logstash/logstash-7.14.1-x86_64.rpm

2、安装

yum localinstall logstash-7.14.1-x86_64.rpm -y

3、配置

vim /etc/logstash/conf.d/logstash.conf

input {
 file {
  path => "/usr/local/nginx/logs/access.log"
 }
}
 
filter {
 grok {
  match => {
   "message" => '%{IP:remote_addr} - (%{WORD:remote_user}|-) \[%{HTTPDATE:time_local}\] "%{WORD:method} %{NOTSPACE:request} HTTP/%{NUMBER}" %{NUMBER:status} %{NUMBER:body_bytes_sent} %{QS} %{QS:http_user_agent}'
  }
  remove_field => ["message"]
 }
 date {
  match => ["time_local", "dd/MMM/yyyy:HH:mm:ss Z"]
  target => "@timestamp"
 }
}
 
 
output {
 elasticsearch {
  hosts => ["http://192.168.117.183:9200"]
  user => "elastic"
  password => "mhg1230"
  index => "mhg_nginx-%{+YYYY.MM.dd}"
 }
}

4、启动服务

systemctl enable logstash

systemctl start logstash

systemctl status logstash

netstat -lntp |grep 9600

五、应用

1、多次访问nginx

http://192.168.117.183/

http://192.168.117.183:5601/app/management/data/index_management/indices

2、kibana上建索引

3、查数据