分类: 高性能计算
2015-10-27 13:54:33
2.安装Logstash unzip logstash-1.5.0.zip -d /usr/local/tar xzvf elasticsearch-1.5.1.tar.gz -C /usr/local/
/usr/local/logstash-1.5.0/bin/logstash -e 'input { stdin { } } output { stdout {} }'
[root@rac01 elk]# /usr/local/logstash-1.5.0/bin/logstash -e 'input { stdin { } } output { stdout {} }' Logstash startup completed Hello World 2015-09-09T06:21:08.443Z rac01 Hello World
[root@rac01 logstash-1.5.0]# cat logstash-simple.conf input { stdin { } } output { stdout { codec=> rubydebug } }
[root@rac01 elk]# /usr/local/logstash-1.5.0/bin/logstash agent -f /usr/local/logstash-1.5.0/logstash-simple.conf Logstash startup completed 2015-09-09T06:21:08.443Z rac01 Hello World { "message" => "2015-09-09T06:21:08.443Z rac01 Hello World", "@version" => "1", "@timestamp" => "2015-09-09T06:27:35.783Z", "host" => "rac01" }
3.安装Elasticsearch
[root@rac01 elk]# tar xzvf elasticsearch-1.5.1.tar.gz -C /usr/local/
启动Elasticsearch
[root@rac01 elk]# /usr/local/elasticsearch-1.5.1/bin/elasticsearch
后台启动Elasticsearch
[root@rac01 elk]# nohup /usr/local/elasticsearch-1.5.1/bin/elasticsearch > nohup &
确认 elasticsearch 的 9200 端口已监听,说明 elasticsearch 已成功运行
[root@rac01 elk]# netstat -anp | grep 9200 tcp 0 0 :::9200 :::* LISTEN 3430/java
接下来我们在 logstash 安装目录下创建一个用于测试 logstash 使用 elasticsearch作为 logstash 的后端的测试文件 logstash-es-simple.conf,该文件中定义了stdout和elasticsearch作为output,这样的“多重输出”即保证输出结果显示到屏幕上,同时也输出到elastisearch中。
[root@rac01 logstash-1.5.0]# cat logstash-es-simple.conf input { stdin { } } output { elasticsearch {host => "localhost" } stdout { codec=> rubydebug } }
执行命令
[root@rac01 logstash-1.5.0]# /usr/local/logstash-1.5.0/bin/logstash agent -f logstash-es-simple.conf 九月 09, 2015 2:41:51 下午 org.elasticsearch.node.internal.InternalNode信息: [logstash-rac01-3497-7946] version[1.5.1], pid[3497], build[5e38401/2015-04-09T13:41:35Z] 九月 09, 2015 2:41:51 下午 org.elasticsearch.node.internal.InternalNode 信息: [logstash-rac01-3497-7946] initializing ... 九月 09, 2015 2:41:51 下午 org.elasticsearch.plugins.PluginsService 信息: [logstash-rac01-3497-7946] loaded [], sites [] 九月 09, 2015 2:41:55 下午 org.elasticsearch.node.internal.InternalNode 信息: [logstash-rac01-3497-7946] initialized 九月 09, 2015 2:41:55 下午 org.elasticsearch.node.internal.InternalNode start 信息: [logstash-rac01-3497-7946] starting ... 九月 09, 2015 2:41:56 下午 org.elasticsearch.transport.TransportService doStart 信息: [logstash-rac01-3497-7946] bound_address {inet[/0:0:0:0:0:0:0:0:9301]}, publish_address {inet[/192.168.56.101:9301]} 九月 09, 2015 2:41:56 下午 org.elasticsearch.discovery.DiscoveryService doStart 信息: [logstash-rac01-3497-7946] elasticsearch/dlMumEuwQ4ye9NCAizJs0Q 九月 09, 2015 2:41:59 下午 org.elasticsearch.cluster.service.InternalClusterService$UpdateTask run 信息: [logstash-rac01-3497-7946] detected_master [Jazz][XfXC9N0rREmZVJO0XqlEyQ][rac01][inet[/192.168.56.101:9300]], added {[Jazz][XfXC9N0rREmZVJO0XqlEyQ][rac01][inet[/192.168.56.101:9300]],}, reason: zen-disco-receive(from master [[Jazz][XfXC9N0rREmZVJO0XqlEyQ][rac01][inet[/192.168.56.101:9300]]]) 九月 09, 2015 2:41:59 下午 org.elasticsearch.node.internal.InternalNode start 信息: [logstash-rac01-3497-7946] started Logstash startup completed hello logstash { "message" => "hello logstash", "@version" => "1", "@timestamp" => "2015-09-09T06:42:28.312Z", "host" => "rac01" }
使用 curl 命令发送请求来查看 ES 是否接收到了数据
[root@rac01 config]# curl '' { "took" : 79, "timed_out" : false, "_shards" : { "total" : 5, "successful" : 5, "failed" : 0 }, "hits" : { "total" : 1, "max_score" : 1.0, "hits" : [ { "_index" : "logstash-2015.09.09", "_type" : "logs", "_id" : "AU-w12IGj1MbrspvKGDQ", "_score" : 1.0, "_source":{"message":"hello logstash","@version":"1","@timestamp":"2015-09-09T06:42:28.312Z","host":"rac01"} } ] } }
四、安装kibana
[root@rac01 elk]# tar xzvf kibana-4.0.2-linux-x64.tar.gz -C /usr/local/
启动kibana
[root@rac01 elk]# /usr/local/kibana-4.0.2-linux-x64/bin/kibana
,登录后,首先,配置一个索引,默认, Kibana 的数据被指向 Elasticsearch ,使用默认的 logstash-* 的索引名称,并且是基于时间的,点击“ Create ”即可。