标签:elk
(一)Beats是什么?
Beats是elasticsearch公司开源的一款采集系统监控数据的代理agent,它可以发送不同类型的数据到elasticsearch中,也可以行将采集完的数据发送到logstash中转,然后在推送到elasticsearch中,目前还在发展中,与成熟的监控系统zabbix和ganglia相比就界面看起来爽了点,系统功能还是有点弱,不过与elasticsearch全文搜索框架集成后,数据查询过滤功能非常强悍,还是非常有前途
的,在ELKB中,各个框架角色如下:
Beats:负责收集系统数据,可以直接发送到es中,也可以通过logstash中转
logstash:收集日志,为beats提供中转功能
Elasticsearch:提供数据存储,服务端聚合计算功能
Kibana:提供炫丽的可视化图形展示并且作为elasticsearch的搜索的小清新客户端
(二)Beats的组成:
到目前elasticsearch已经提供的有:
(1)Packetbeat 网络流量监控采集
(2)Topbeat 类似linux top的监控采集
(3)Filebeat 文件log的监控采集
(4)WinlogBeat windows系统的log监控采集
(5)自定义beat ,如果上面的指标不能满足需求,elasticsarch公司鼓励开发者
使用go语言,扩展实现自定义的beats指标,只需要按照模板,实现监控的输入,日志,输出等即可
(三)Beats的基本拓扑
(四)安装部署
安装JAVA环境
[root@node1 ~]# rpm -ivh jdk-8u51-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk1.8.0_51 ########################################### [100%] Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... tools.jar... localedata.jar... jfxrt.jar... plugin.jar... javaws.jar... deploy.jar... [root@node1 ~]# java -version java version "1.8.0_51" Java(TM) SE Runtime Environment (build 1.8.0_51-b16) Java HotSpot(TM) 64-Bit Server VM (build 25.51-b03, mixed mode)
安装elasticsearch-2.3.4
[root@node1 ~]# tar zxvf elasticsearch-2.3.4.tar.gz -C /usr/local/ elasticsearch-2.3.4/README.textile elasticsearch-2.3.4/LICENSE.txt elasticsearch-2.3.4/NOTICE.txt elasticsearch-2.3.4/modules/ elasticsearch-2.3.4/modules/lang-groovy/ elasticsearch-2.3.4/modules/reindex/ elasticsearch-2.3.4/modules/lang-expression/ elasticsearch-2.3.4/modules/lang-groovy/plugin-security.policy elasticsearch-2.3.4/modules/lang-groovy/plugin-descriptor.properties ........
新增elasticsearch用户
useradd elasticsearch
新增elasticsearch启动的日志目录及bin目录
[root@node1 bin]# mkdir /usr/local/elasticsearch-2.3.4/{logs,bin}权限:
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-2.3.4/
启动elasticsearch
[elasticsearch@node1 bin]$ ./elasticsearch -d
[2016-07-20 11:30:29,413][INFO ][env ] [Jon Spectre] heap size [1007.3mb], compressed ordinary object pointers [true]
[2016-07-20 11:30:29,413][WARN ][env ] [Jon Spectre] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]
[2016-07-20 11:30:33,422][INFO ][node ] [Jon Spectre] initialized
[2016-07-20 11:30:33,423][INFO ][node ] [Jon Spectre] starting ...
[2016-07-20 11:30:33,651][INFO ][transport ] [Jon Spectre] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2016-07-20 11:30:33,670][INFO ][discovery ] [Jon Spectre] elasticsearch/Rr-U_JhCStexH5Htmj4qKQ
[2016-07-20 11:30:36,795][INFO ][cluster.service ] [Jon Spectre] new_master {Jon Spectre}{Rr-U_JhCStexH5Htmj4qKQ}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2016-07-20 11:30:36,851][INFO ][http ] [Jon Spectre] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2016-07-20 11:30:36,852][INFO ][node ] [Jon Spectre] started
[2016-07-20 11:30:36,996][INFO ][gateway ] [Jon Spectre] recovered [0] indices into cluster_state查看端口是否正常启动9200,9300
elasticsearch@node1 logs]$ ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 50 ::ffff:127.0.0.1:9200 :::* LISTEN 0 50 ::1:9200 :::* LISTEN 0 50 ::ffff:127.0.0.1:9300 :::* LISTEN 0 50 ::1:9300
至此:elasticsearch已经安装完成。
Kibana安装
Kibana安装非常简单。官网上下载好kibana-4.5.3-linux-x64
tar zxvf kibana-4.5.3-linux-x64.tar.gz -C /usr/local/
启动Kibana
[root@node1 bin]# cd /usr/local/kibana-4.5.3-linux-x64/bin [root@node1 bin]# ./kibana & [root@node1 bin]# log [12:11:05.529] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready log [12:11:05.609] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch log [12:11:05.648] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready log [12:11:05.655] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready [root@node1 bin]# log [12:11:05.662] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready log [12:11:05.669] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready log [12:11:05.683] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready log [12:11:05.690] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready log [12:11:05.700] [info][listening] Server running at log [12:11:22.664] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
查看端口5601是否监听
[root@node1 bin]# ss -tanl State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 *:5601
本文出自 “奋斗中的老兵” 博客,请务必保留此出处http://jiaxu201.blog.51cto.com/4569604/1828017
标签:elk
原文地址:http://jiaxu201.blog.51cto.com/4569604/1828017
