CentOS6.5安装elasticsearch+logstash+kibana

CentOS6.5安装elasticsearch+logstash+kibana

CentOS6.5安装elasticsearch+logstash+kibana

CentOS6.5安装elasticsearch+logstash+kibana

首先安装 java环境

	yum install java-1.7.0-openjdk httpd  

安装ES环境 elasticsearch

	wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.1.noarch.rpm &&  yum install elasticsearch-1.4.1.noarch.rpm -y   

安装logstash环境

e>

安装kibana环境

	wget  https://download.elasticsearch.org/kibana/kibana/kibana-3.1.2.zip &&  unzip kibana-3.1.2.zip &&  mv kibana-3.1.2  kibana && mv kibana  /var/www/html/  

安装elasticsearch插件

	cd /usr/share/elasticsearch/ &&  ./bin/plugin -install mobz/elasticsearch-head && ./bin/plugin -install lukas-vlcek/bigdesk/2.5.0   

修改elasticsearch配置文件

	vim /etc/elasticsearch/elasticsearch.yml  
	cluster.name: elastic search 去掉前面”#”号  
	http.cors.enabled: true  
	http.cors.allow-origin: http://10.0.0.48  

启动elasticsearch

	/etc/rc.d/init.d/elasticsearch start  

测试elasticsearch

	[root@localhost ~]# curl 127.0.0.1:9200  
	{
	"status" : 200,
	"name" : "Agamotto",
	"cluster_name" : "elasticsearch",
	"version" : {
	"number" : "1.4.1",
	"build_hash" : "89d3241d670db65f994242c8e8383b169779e2d4",
	"build_timestamp" : "2015-11-26T15:49:29Z",
	"build_snapshot" : false,  
	"lucene_version" : "4.10.2"  
	},
	"tagline" : "You Know, for Search"  
	}  
	[root@localhost ~]#  

配置logstash,如下是Logstash的配置文件

	[root@localhost conf.d]# pwd
	/etc/logstash/conf.d
	[root@localhost conf.d]# cat logstasg_access.conf
	input {
	file {
	path => "/etc/httpd/logs/*_log"
	}
	}
	filter {
	if [path] =~ "access" {
	mutate { replace => { type => "apache_access" } }
	grok {
	match => { "message" => "%{COMBINEDAPACHELOG}" }
	}
	date {
	match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
	}
	} else if [path] =~ "error" {
	mutate { replace => { type => "apache_error" } }
	} else {
	mutate { replace => { type => "random_logs" } }
	}
	}
	output {
	elasticsearch { host => "10.0.0.48" }
	stdout { codec => rubydebug }
	}
	[root@localhost conf.d]# pwd

启动logstash

	[root@localhost conf.d]# cd /opt/logstash/bin/
	[root@localhost bin]# ./logstash -f /etc/logstash/conf.d/logstasg_access.conf

配置kibana

	vim /var/www/html/kibana/config.js 修改其中一行 es的IP地址为ES服务器的IP地址
	elasticsearch: "http://10.0.0.48:9200”,

apache配置如下:

	<VirtualHost 10.0.0.48:80>
	ServerAdmin admin@opsnotes.com
	DocumentRoot /var/www/html/kibana
	ServerName kibana.opsnotes.net
	ErrorLog logs/kibana.opsnotes.net-error_log
	CustomLog logs/kibana.opsnotes.net-access_log common
	</VirtualHost>

启动apache

	/etc/rc.d/init.d/httpd start

完成之后 会在logstash中看到如下文件

     ![elk](/img/ELK1.png)  

http://10.0.0.48 web页面中展示
     ![elk](/img/ELK2.png)  
     ![elk](/img/ELK3.png)  

两个插件路径:

	http://10.0.0.48:9200/_plugin/head/
	http://10.0.0.48:9200/_plugin/bigdesk/
ELK 

See also