2.* 安装笔记 ElasticSearch + Logstash + Kibana + Filebeats

ElasticSearch + Logstash + Kibana + Filebeats

准备工作，先下载所有安装包：

ElasticSearch2.3.5 + Logstash2.3.4 + Kibana4.5.4 + Filebeats1.2.3

wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.3.5/elasticsearch-2.3.5.tar.gz 
wget https://download.elastic.co/logstash/logstash/logstash-2.3.4.tar.gz
wget https://download.elastic.co/kibana/kibana/kibana-4.5.4-linux-x64.tar.gz
wget https://download.elastic.co/beats/filebeat/filebeat-1.2.3-x86_64.tar.gz

安装 JAVA

yum install java-1.8.0-openjdk* -y

安装 Elasticsearch

tar -zxvf elasticsearch-2.3.5.tar.gz -C /usr/local
chown vagrant:vagrant /usr/local/elasticsearch-2.3.5 -R
cd /usr/local/elasticsearch-2.3.5

编辑配置文件

vim config/elasticsearch.yml
# 增加以下内容 或者 去掉以下内容前面的 # 号
cluster.name: my-application
node.name: node-1
node.rack: r1
path.data: /vagrant/es/data  # 需要创建这个文件夹
path.logs: /vagrant/es/logs  # 需要创建这个文件夹
network.host: 192.168.33.12
http.port: 9200

启动

bin/elasticsearch -d  # 不能使用 root启动，注意所有文件夹path.data等权限

安装 Kibana

tar zxvf kibana-4.5.4-linux-x64.tar.gz -C /usr/local/
chown vagrant:vagrant /usr/local/kibana-4.5.4-linux-x64 -R
cd /usr/local/kibana-4.5.4-linux-x64/

编辑配置文件

vim config/kibana.yml

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.33.12:9200"

启动

nohup bin/kibana serve &

配置nginx代理转发

server {
        listen       80;
        server_name  kibana.12.vm.com;
        location /{
                proxy_set_header    Host $http_host;
                proxy_set_header    X-Real-IP   $remote_addr;
                proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_redirect off;
                proxy_pass  http://127.0.0.1:5601/;
        }

}

安装 Logstash

tar zxf logstash-2.3.4.tar.gz -C /usr/local/
chown vagrant:vagrant /usr/local/logstash-2.3.4/ -R
cd /usr/local/logstash-2.3.4/

安装 Beats -- Filebeat

tar zxf filebeat-1.2.3-x86_64.tar.gz -C /usr/local/
chown vagrant:vagrant /usr/local/filebeat-1.2.3-x86_64 -R
cd /usr/local/filebeat-1.2.3-x86_64

编辑配置文件

vim filebeat.yml

prospectors:
   paths:
      - /var/log/nginx/access.log
   input_type: log

output:
   elasticsearch: 
       hosts: ["192.168.33.12:9200"]
   index: "filebeat
   template: 
       name: "filebeat"
       path: "filebeat.template.json"
       flush_interval: 1

当前传送信息记录在当前文件夹下的.filebeat

vim /usr/local/filebeat-1.2.3-x86_64/.filebeat

{"/var/log/nginx/access.log":{"source":"/var/log/nginx/access.log","offset":52437,"FileStateOS":{"inode":415785,"device":2049}}}