当前位置:网站首页>ELK分布式日志分析系统部署(华为云)
ELK分布式日志分析系统部署(华为云)
2022-07-05 18:43:00 【51CTO】
架构图
一、环境准备
1.主机清单
主机名 | IP地址 | 配置 |
es-0001 | 192.168.1.41 | 1cpu,1G内存,10G硬盘 |
es-0002 | 192.168.1.42 | 1cpu,1G内存,10G硬盘 |
es-0003 | 192.168.1.43 | 1cpu,1G内存,10G硬盘 |
es-0004 | 192.168.1.44 | 1cpu,1G内存,10G硬盘 |
es-0005 | 192.168.1.45 | 1cpu,1G内存,10G硬盘 |
Kibana | 192.168.1.46 | 1cpu,1G内存,10G硬盘 |
logstash | 192.168.1.47 | 2CPU、2G内存,10G硬盘 |
apache | 192.168.1.48 | 1PU、1G内存,10G硬盘 |
2.软件清单
- elasticsearch-2.3.4.rpm
- logstash-2.3.4-1.noarch.rpm
- kibana-4.5.2-1.x86_64.rpm
- filebeat-1.2.3-x86_64.rpm
3.插件清单:
- [x] elasticsearch插件:
软件包 | 描述 |
| bigdesk-master.zip | 是ES集群的监控工具 |
| elasticsearch-kopf-master.zip | 一个ElasticSearch的管理工具,提供对ES集群操作的API |
| elasticsearch-head-master.zip | 展现ES集群的# 显示帮助信息 ?help拓扑结构,可进行索引(index)、节点(node)级别的操作 |
4.华为云跳板机
配置yum软件仓库:
[[email protected] <sub>]
# rm -rf /etc/yum.repos.d/*.repo
[[email protected] </sub>]
# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.myhuaweicloud.com/repo/CentOS-Base-7.repo
[[email protected] <sub>]
# yum clean all
[[email protected] </sub>]
# yum makecache
[[email protected] <sub>]
# yum install -y net-tools lftp rsync psmisc vim-enhanced tree vsftpd bash-completion createrepo lrzsz iproute
[[email protected] </sub>]
# mkdir /var/ftp/localrepo
[[email protected] <sub>]
# cd /var/ftp/localrepo
[[email protected] </sub>]
# createrepo .
[[email protected] <sub>]
# createrepo --update . # 更新
[[email protected] </sub>]
# systemctl enable --now vsftpd
[[email protected] ~]
# cp -a elk /var/ftp/localrepo/elk
[[email protected] elk]
# cd /var/ftp/localrepo/
[[email protected] localrepo]
# createrepo --update .
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
优化系统服务
[[email protected] <sub>]
# systemctl stop postfix
[[email protected] </sub>]
# yum remove -y postfix firewalld-*
[[email protected] <sub>]
# yum install chrony
[[email protected] </sub>]
# vim /etc/chrony.conf
# 注释掉 server 开头行,添加下面的配置
server ntp.myhuaweicloud.com minpoll
4 maxpoll
10 iburst
[[email protected] <sub>]
# systemctl enable --now chronyd
[[email protected] </sub>]
# chronyc sources -v //验证配置结果 ^* 代表成功
[[email protected] <sub>]
# vim /etc/cloud/cloud.cfg
# manage_etc_hosts: localhost //注释掉这一行
[[email protected] </sub>]
# reboot
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
安装配置ansible管理主机
[[email protected] <sub>]
# cp -a ansible_centos7 /var/ftp/localrepo/ansible
[[email protected] </sub>]
# cd /var/ftp/localrepo
[[email protected] <sub>]
# createrepo --update .
[[email protected] </sub>]
# vim /etc/yum.repos.d/local.repo
[local_repo]
name
=CentOS-
$releasever – Localrepo
baseurl
=ftp://192.168.1.252/localrepo
enabled
=
1
gpgcheck
=
0
[[email protected] <sub>]
# yum makecache
[[email protected] </sub>]
# yum install -y ansible //去华为云网页下载秘钥,并上传秘钥到跳板机
[[email protected] <sub>]
# mv luck.pem /root/.ssh/id_rsa
[[email protected] </sub>]
# chmod 0400 /root/.ssh/id_rsa
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
5.华为云模板机(镜像)配置
[[email protected] <sub>]
# passwd root
[[email protected] </sub>]
# rm -rf /etc/yum.repos.d/*.repo
[[email protected] <sub>]
# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.myhuaweicloud.com/repo/CentOS-Base-7.repo
[[email protected] </sub>]
# vim /etc/yum.repos.d/local.repo
[local_repo]
name
=CentOS-
$releasever – Localrepo
baseurl
=ftp://192.168.1.252/localrepo
enabled
=
1
gpgcheck
=
0
[[email protected] <sub>]
# yum clean all
[[email protected] </sub>]
# yum makecache
[[email protected] <sub>]
# yum repolist
[[email protected] </sub>]
# yum install -y net-tools lftp rsync psmisc vim-enhanced tree lrzsz bash-completion iproute
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
优化系统服务
[[email protected] <sub>]
# systemctl stop postfix atd tuned
[[email protected] </sub>]
# yum remove -y postfix at audit tuned kexec-tools firewalld-*
[[email protected] <sub>]
# yum install chrony
[[email protected] </sub>]
# vim /etc/chrony.conf
# 注释掉 server 开头行,添加下面的配置
server ntp.myhuaweicloud.com minpoll
4 maxpoll
10 iburst
[[email protected] <sub>]
# systemctl enable --now chronyd
[[email protected] </sub>]
# chronyc sources -v
# 验证配置结果 ^* 代表成功
[[email protected] <sub>]
# vim /etc/cloud/cloud.cfg
# manage_etc_hosts: localhost 注释掉这一行
[[email protected] </sub>]
# yum clean all
[[email protected] ~]
# poweroff
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
1.主机名解析(相互ping通)
二、【部署Elasticsearch】(所有es节点)
A。部署elasticsearch服务
安装软件
修改配置
# vim /etc/elasticsearch/elasticsearch.yml
17| cluster.name: my-ES //配置集群名称
23|
node.name: es1 //当前主机名称
55| network.host:0.0.0.0 //监听所有地址/本机IP
68| discovery.zen.ping.unicast.hosts: [
"es1",
"es2",
"es3"] //声明集群成员(无需全部)
或者
# sed -i '/cluster.name/s/# cluster.name/cluster.name/' /etc/elasticsearch/elasticsearch.yml //去掉注释
# sed -i '/cluster.name/s/my-application/my-ES/' /etc/elasticsearch/elasticsearch.yml
# sed -i '/node.name/s/# node.name: node-1/node.name: es-0002/' /etc/elasticsearch/elasticsearch.yml
# sed -i '/network.host/s/# network.host: 192.168.0.1/network.host: 0.0.0.0/' /etc/elasticsearch/elasticsearch.yml
# sed -i '/discovery.zen.ping/a discovery.zen.ping.unicast.hosts: ["es-0001", "es-0002"]' /etc/elasticsearch/elasticsearch.yml //行下增加配置
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
启动服务
服务验证
# ss -ntulp | grep 9200
# ss -ntulp | grep 9300
# curl http://es-0001:9200/
# curl http://192.168.1.41:9200/_cluster/health?pretty
{
"cluster_name" :
"my-ES", //集群标识/名称
"status" :
"green",
"timed_out" :
false,
"number_of_nodes" :
3, //集群成员数量
"number_of_data_nodes" :
3, //集群有多少个节点
"active_primary_shards" :
0,
"active_shards" :
0,
"relocating_shards" :
0,
"initializing_shards" :
0,
"unassigned_shards" :
0,
"delayed_unassigned_shards" :
0,
"number_of_pending_tasks" :
0,
"number_of_in_flight_fetch" :
0,
"task_max_waiting_in_queue_millis" :
0,
"active_shards_percent_as_number" :
100.0
}
cluster:集群
health:健康
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 24.
B.插件部署语应用
插件装在哪一台机器上,只能在哪台机器上使用
本地安装用file;远程安装用ftp。
# /usr/share/elasticsearch/bin/plugin install file:///root/file/bigdesk-master.zip
# /usr/share/elasticsearch/bin/plugin install file:///root/file/elasticsearch-kopf-master.zip
# /usr/share/elasticsearch/bin/plugin install file:///root/file/elasticsearch-head-master.zip
# /usr/share/elasticsearch/bin/plugin list //查看安装好的插件
Installed plugins
in /usr/share/elasticsearch/plugins:
- kopf
- bigdesk
- head
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
访问插件
1、华为云绑定弹性公网IP给 es-0005 节点
2、http://弹性公网IP:9200/_plugin/插件名称 [bigdesk|head|kopf]
http://公网IP:9200/\_plugin/kopf
http://公网IP:9200/\_plugin/head
http://公网IP:9200/\_plugin/bigdesk
http://公网IP/info.php //请求方法
Elasticsearch基本操作
查询_cat方法
[[email protected] <sub>]
# curl -XGET http://es-0001:9200/_cat/ # 查询支持的关键字
[[email protected] </sub>]
# curl -XGET http://es-0001:9200/_cat/master # 查具体的信息
[[email protected] <sub>]
# curl -XGET http://es-0001:9200/_cat/master?v # 显示详细信息 ?v
[[email protected] </sub>]
# curl -XGET http://es-0001:9200/_cat/master?help # 显示帮助信息 ?help
- 1.
- 2.
- 3.
- 4.
创建索引
指定索引的名称,指定分片数量,指定副本数量
创建索引使用 PUT 方法,创建完成以后通过 head 插件验证
[[email protected] ~]
# curl -XPUT http://es-0001:9200/tedu -d \
'{
"settings":{ //创建
"index":{ //索引
"number_of_shards": 5, //分片数量
"number_of_replicas": 1 //副本数量
}
}
}'
相当于建了一个数据库
# curl -XGET http://es-0001:9200/_cat/indices?v //查看索引详细信息
浏览器访问:http://122.9.96.62:9200/_plugin/head/ 的变化,块深的为源数据,浅的为副本
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
- 12.
增加数据
查询数据
修改数据
[[email protected] ~]
# curl -XPOST http://es-0001:9200/tedu/teacher/1/_update -d \
'{
"doc": {
"年代": "公元701"
}
}'
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
删除数据
[[email protected] <sub>]
# curl -XDELETE http://es-0001:9200/tedu/teacher/1 //删除一条
[[email protected] </sub>]
# curl -XDELETE http://es-0001:9200/tedu //删除索引
- 1.
- 2.
三.Kibana部署
上传kibana-4.5.2-1.x86_64.rpm
服务启动/验证
访问测试
导入日志数据
拷贝云盘 public/elk/logs.jsonl.gz 到跳板机
[[email protected] ~]
# gunzip logs.jsonl.gz
# curl -XPOST http://192.168.1.41:9200/_bulk --data-binary @logs.jsonl //需等几分钟
- 1.
- 2.
导入成功:
配置kibana,通配符
修改时间与日志一致
【logstash】
安装logstash
插件与调试格式
使用json格式字符串测试 {"a":"1", "b":"2","c":"3"}
边栏推荐
- Mathematical modeling of oil pipeline layout MATLAB, mathematical model of oil pipeline layout
- 进程间通信(IPC):共享内存
- 为什么 BI 软件都搞不定关联分析?带你分析分析
- 一朵云开启智慧交通新未来
- The era of Web3.0 is coming. See how Tianyi cloud storage resources revitalize the system to enable new infrastructure (Part 2)
- lombok @Builder注解
- Rse2020/ cloud detection: accurate cloud detection of high-resolution remote sensing images based on weak supervision and deep learning
- Interprocess communication (IPC): shared memory
- Golang through pointer for Range implements the change of the value of the element in the slice
- 企业级数据安全,天翼云是这样理解的
猜你喜欢
集合处理的利器
一朵云开启智慧交通新未来
深入底层C源码讲透Redis核心设计原理
Oracle 中文排序 Oracle 中文字段排序
Solutions contents have differences only in line separators
2022 latest Android interview written examination, an Android programmer's interview experience
You can have both fish and bear's paw! Sky wing cloud elastic bare metal is attractive!
跨境支付平台 XTransfer 的低代码实践:如何与其他中台融合是核心
块编辑器如何选择?印象笔记 Verse、Notion、FlowUs
Low code practice of xtransfer, a cross-border payment platform: how to integrate with other medium-sized platforms is the core
随机推荐
2022 latest Android interview written examination, an Android programmer's interview experience
Technology sharing | common interface protocol analysis
[detailed explanation of AUTOSAR 14 startup process]
lombok @Builder注解
C language makes it easy to add, delete, modify and check the linked list "suggested collection"
c语言简便实现链表增删改查「建议收藏」
#夏日挑战赛# HarmonyOS - 实现消息通知功能
A2L file parsing based on CAN bus (3)
AI金榜题名时,MLPerf榜单的份量究竟有多重?
The monthly list of Tencent cloud developer community videos was released in May 2022
一文读懂简单查询代价估算
进程间通信(IPC):共享内存
RedHat7.4配置yum软件仓库(RHEL7.4)
Oracle date format conversion to_ date,to_ char,to_ Timestamp mutual conversion
企业数字化转型之路,从这里开始
在线协作产品哪家强?微软 Loop 、Notion、FlowUs
R语言可视化散点图(scatter plot)图、为图中的部分数据点添加标签、始终显示所有标签,即使它们有太多重叠、ggrepel包来帮忙
C# 语言的基本语法结构
AI open2022 | overview of recommendation systems based on heterogeneous information networks: concepts, methods, applications and resources
Rse2020/ cloud detection: accurate cloud detection of high-resolution remote sensing images based on weak supervision and deep learning