ELK+Filebeat
ELK介绍
Elasticsearch:基于 JSON 的分布式搜索和分析引擎,专为实现水平扩展、高可用和管理便捷性而设计
Logstash:动态数据收集管道,拥有可扩展的插件生态系统,能够与 Elasticsearch 产生强大的协同作用
Kibana:能够以图表的形式呈现数据,并且具有可扩展的用户界面,供您全方位配置和管理Elastic Stack
Filebeat:将为您提供一种轻量型方法,用于转发和汇总日志与文件,让简单的事情不再繁杂
环境
环境配置
[root@elfk ~]# vim /etc/security/limit.conf
* hard nofile 65536
* soft nofile 65536
* soft nproc 65536
* hard nproc 65536
[root@elfk ~]# vim /etc/sysctl.conf
vm.max_map_count = 262144
net.core.somaxconn=65535
net.ipv4.ip_forward = 1
#安装java环境
[root@elfk ~]# yum install java-1.8.0-openjdk -y
[root@elfk ~]# sysctl -p
[root@elfk ~]# systemctl disable firewalld && systemctl stop firewalld
ELK+Filebeat的安装
配置清华镜像站yum源
[root@elfk ~]# vim /etc/yum.repos.d/elk.repo
[elk]
name=elk
baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/
enable=1
gpgcheck=0
安装配置Elasticsearch Logstash Kibana Filebeat
[root@elfk ~]# yum install elasticsearch logstash kibana nodejs filebeat -y
Elasticsearch
[root@elfk ~]# grep -v ^# /etc/elasticsearch/elasticsearch.yml
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.200.195:9300"]
discovery.zen.minimum_master_nodes: 1
http.cors.enabled: true
http.cors.allow-origin: "*"
[root@elfk ~]# systemctl start elasticsearch && systemctl enable elasticsearch
[root@elfk ~]# ss -ntlup| grep -E "9200|9300"
tcp LISTEN 0 65535 :::9200 :::* users:(("java",pid=36708,fd=258))
tcp LISTEN 0 65535 :::9300 :::* users:(("java",pid=36708,fd=234))
Kibana
[root@elfk ~]# egrep -v "^#|^$" /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.200.195:9200"
kibana.index: ".kibana"
[root@elfk ~]# systemctl start kibana && systemctl enable kibana
Logstash
[root@elfk ~]# echo 'path.config: /etc/logstash/conf.d' >>/etc/logstash/logstash.yml
添加日志处理文件
[root@elk ~]# vim /etc/logstash/conf.d/k8s_log.conf
input {
#filebeat客户端
beats {
port => 5044
}
}
#筛选
#filter { }
output {
# 输出到es
elasticsearch {
hosts => ["http://192.168.200.195:9200"]
index => "syslog-%{+YYYY.MM.dd}"
}
}
[root@elfk ~]# systemctl start logstash
[root@elfk ~]# lsof -i:5044
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 2427 logstash 88u IPv6 27356 0t0 TCP *:lxi-evntsvc (LISTEN)
Filebeat
[root@elfk ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /storage/*/*/*.log
tags: ["k8s"]
- type: log
enabled: true
paths:
- /storage/*/*.log
tags: ["backend"]
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
output.logstash:
hosts: ["192.168.200.195:5044"]
[root@elfk ~]# systemctl start filebeat && systemctl enable filebeat
浏览器访问Kabana
添加索引
本文链接:
/archives/elkfilebeat
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
爱吃可爱多!
喜欢就支持一下吧
打赏
微信
支付宝
微信
支付宝