1. fluentd的安装和使用
1.1 安装fluentd
请参考我下面两篇博客:
ubuntu下td-agent(fluentd)的安装和配置
以C-S模式使用fluentd来收集docker容器日志
1.2 下载与elasticsearch相关插件
td-agent-gem install fluent-plugin-elasticsearch
td-agent-gem install fluent-plugin-typecast
td-agent-gem install fluent-plugin-secure-forward
td-agent-gem install fluent-plugin-record-reformer
1.3 将 fluentd和 Elasticsearch 进行关联
配置fluentd
vim /etc/td-agent/td-agent.conf
<source>
@type forward
port 24224
bind 0.0.0.0
</source>
<match docker.*>
@type elasticsearch
host localhost
port 9200
index_name docker
type_name docker
include_timestamp true
logstash_format fluentd
logstash_prefix docker
logstash_prefix_separator _
logstash_dateformat %Y.%m.%d
time_key_format %Y-%m-%dT%H:%M:%S.%N%z
utc_index true
flush_interval 5s
</match>
systemctl restart td-agent
2. elasticsearch的安装和使用
2.1 安装JDK
Elasticsearch需要运行在Java 8 及以上,所以需要先安装Java8,可参考我的博客:
ubuntu 安装JDK
2.2 下载安装elasticsearch
- 下载安装包,官网链接
cd /usr/local
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.2.tar.gz
tar -zxvf elasticsearch-6.4.2.tar.gz
- Elasticsearch不能使用root用户打开,需要创建一个新用户来启动它
groupadd elsearch
useradd elsearch -g elsearch -p elsearch
chmod -R 777 /usr/local/elasticsearch-6.4.2
- 配置环境参数:
vim /etc/sysctl.conf
内容如下:
net.core.somaxconn = 1024
net.core.netdev_max_backlog = 5000
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
net.ipv4.tcp_max_syn_backlog = 8096
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 10240 65535
vm.max_map_count = 655360
vim /etc/security/limits.conf
内容如下
root soft nofile 65536
root hard nofile 65536
* soft nofile 65536
* hard nofile 65536
elsearch soft nofile 65536
elsearch hard nofile 65536
使生效(可能需重启)
sysctl -p
reboot
- elasticsearch修改配置文件
vim /usr/local/elasticsearch-6.4.2/config/elasticsearch.yml
添加如下内容:
network.host: 0.0.0.0
http.port: 9200
2.3 启动elasticsearch
cd /usr/local/elasticsearch-6.4.2
su elsearch
nohup ./bin/elasticsearch > elasticsearch.out 2>&1 &
exit
运行docker容器,以nginx为例,使用fluentd收集,并使用下面命令激活elasticsearch的查询功能(匹配所有项)
curl -XGET 'http://localhost:9200/_all/_search?q=*'
- elasticsearch5之后不能装插件,都转到kibana那里去了
打开新的终端,显示如下内容表示安装成功了
root@ubuntu:~# curl 127.0.0.1:9200
{
"name" : "N6CEbHO",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "JpEWIcI-Q8SJukSm0z3J1Q",
"version" : {
"number" : "6.4.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "04711c2",
"build_date" : "2018-09-26T13:34:09.098244Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
或者打开浏览器,显示如下,证明elasticsearch已安装成功!
elasticsearch已安装成功效果图
3. kibana的安装和使用,Kibana 用户手册
3.1 下载和安装
下载安装包,官网链接
cd wget https://artifacts.elastic.co/downloads/kibana/kibana-6.4.2-linux-x86_64.tar.gz
tar -axvf kibana-6.4.2-linux-x86_64.tar.gz
cd kibana-6.4.2-linux-x86_64
3.2 配置kibana
vim kibana.yml
添加内容:
修改主机绑定的 IP 地址为 0.0.0.0,表示全匹配。
指定连接到 Elasticsearch
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://localhost:9200"
kibana.yml
3.3 启动kibana
cd /usr/local/kibana-6.4.2-linux-x86_64
root@ubuntu:/usr/local/kibana-6.4.2-linux-x86_64# nohup ./bin/kibana > kibana.out 2>&1 &
打开浏览器,进入localhost:5601,在management里面配置索引
配置索引
时间筛选
成功
网友评论