Centos7下使用ELK(Elasticsearch + Logstash + Kibana)搭建日志集中分析平台
日志监控和分析在保障业务稳定运行时,起到了很重要的作用,不过一般情况下日志都分散在各个生产服务器,且开发人员无法登陆生产服务器,这时候就需要一个集中式的日志收集装置,对日志中的关键字进行监控,触发异常时进行报警,并且开发人员能够查看相关日志。logstash+elasticsearch+kibana3就是实现这样功能的一套系统,并且功能更强大。
Logstash:负责日志的收集,处理和储存
Elasticsearch:负责日志检索和分析
Kibana:负责日志的可视化
1、环境介绍
elkServer
IP:192.168.7.27
OS:Centos7.1
FQDN:elk.server.com
elkClient
IP:192.168.31.23
OS:Centos7.1
2、下载准备
官网下载最新的安装包:https://www.elastic.co/downloads(目前有些版本的包可能下载不到了,请到该地址下载——链接:http://pan.baidu.com/s/1gfohO2Z 密码:5s1f)
- elasticsearch-1.7..noarch.rpm (server上安装)
- kibana-4.1.-linux-x64.tar.gz (server上安装)
- logstash-1.5.-.noarch.rpm (server上安装)
- logstash-forwarder-0.4.-.x86_64.rpm (client上安装)
3、Server端安装
3.1安装jdk1.7
- [root@localhost ~]# yum install java-1.7.-openjdk
- Loaded plugins: fastestmirror, langpacks
- base | 3.6 kB ::
- extras | 3.4 kB ::
- updates | 3.4 kB ::
- Loading mirror speeds from cached hostfile
- * base: mirrors.btte.net
- * extras: mirrors..com
- * updates: mirrors..com
- Package :java-1.7.-openjdk-1.7.0.91-2.6.2.1.el7_1.x86_64 already installed and latest version
- Nothing to do
3.2安装elasticsearch
- [root@localhost elk]# yum localinstall elasticsearch-1.7..noarch.rpm (yum 本地安装elasticsearch)
- Loaded plugins: fastestmirror, langpacks
- Examining elasticsearch-1.7..noarch.rpm: elasticsearch-1.7.-.noarch
- elasticsearch-1.7..noarch.rpm: does not update installed package.
- Nothing to do
- [root@localhost elk]# systemctl daemon-reload
- [root@localhost elk]# systemctl enable elasticsearch.service (设置开机自启动)
- ln -s '/usr/lib/systemd/system/elasticsearch.service' '/etc/systemd/system/multi-user.target.wants/elasticsearch.service'
- [root@localhost elk]# systemctl start elasticsearch.service (开启服务)
- [root@localhost elk]# systemctl status elasticsearch.service (查看服务状态)
- elasticsearch.service - Elasticsearch
- Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled)
- Active: active (running) since Sun -- :: CST; 28s ago
- Docs: http://www.elastic.co
- Main PID: (java)
- CGroup: /system.slice/elasticsearch.service
- ?.. java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction= -XX:+UseCMSInitiatingOccupancyOnly -XX:+Heap...
- Nov :: localhost.localdomain systemd[]: Started Elasticsearch.
- [root@localhost elk]# rpm -qc elasticsearch
- /etc/elasticsearch/elasticsearch.yml
- /etc/elasticsearch/logging.yml
- /etc/init.d/elasticsearch
- /etc/sysconfig/elasticsearch
- /usr/lib/sysctl.d/elasticsearch.conf
- /usr/lib/systemd/system/elasticsearch.service
- /usr/lib/tmpfiles.d/elasticsearch.conf
- [root@localhost elk]# netstat -nltp (查看端口监听状况)
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /rpcbind
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /sshd
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /cupsd
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /master
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /sshd: root@pt
- tcp6 ::: :::* LISTEN /rpcbind
- tcp6 0 0 :::9200 :::* LISTEN 15345/java
- tcp6 0 0 :::9300 :::* LISTEN 15345/java
- tcp6 ::: :::* LISTEN /sshd
- tcp6 ::: :::* LISTEN /cupsd
- tcp6 ::: :::* LISTEN /master
- tcp6 ::: :::* LISTEN /sshd: root@pt
- [root@localhost elk]# firewall-cmd --permanent --add-port={/tcp,/tcp} (防火墙添加两个端口)
- success
- [root@localhost elk]# firewall-cmd --reload (重载防火墙)
- success
- [root@localhost elk]# firewall-cmd --list-all (查看防火墙开发端口)
- public (default, active)
- interfaces: ens33
- sources:
- services: dhcpv6-client ssh
- ports: /tcp /tcp
- masquerade: no
- forward-ports:
- icmp-blocks:
- rich rules:
3.3安装kibana
- [root@localhost elk]# tar zxf kibana-4.1.-linux-x64.tar.gz -C /usr/local/ (解压缩安装包到指定目录中)
- [root@localhost elk]# cd /usr/local/
- [root@localhost local]# ls
- bin etc games include kibana-4.1.-linux-x64 lib lib64 libexec sbin share src
- [root@localhost local]# mv kibana-4.1.-linux-x64/ kibana (重命名)
- [root@localhost local]# cd kibana/
- [root@localhost kibana]# ls
- bin config LICENSE.txt node plugins README.txt src
- [root@localhost kibana]# cd bin/
- [root@localhost bin]# ls (运行./kibana即可开启服务,但我们将其做到service)
- kibana kibana.bat
- [root@localhost bin]# cd /etc/systemd/system/
- [root@localhost system]# vi kibana.service (编辑kibana服务)
- [Service]
- ExecStart=/usr/local/kibana/bin/kibana
- [Install]
- WantedBy=multi-user.target
- [root@localhost system]# systemctl enable kibana.service (设置开机自启动)
- ln -s '/etc/systemd/system/kibana.service' '/etc/systemd/system/multi-user.target.wants/kibana.service'
- [root@localhost system]# systemctl start kibana.service (开启服务)
- [root@localhost system]# systemctl status kibana.service (查看服务运行状态)
- kibana.service
- Loaded: loaded (/etc/systemd/system/kibana.service; enabled)
- Active: active (running) since Sun -- :: CST; 10s ago
- Main PID: (node)
- CGroup: /system.slice/kibana.service
- ?.. /usr/local/kibana/bin/../node/bin/node /usr/local/kibana/bin/../src/bin/kibana.js
- Nov :: localhost.localdomain systemd[]: Started kibana.service.
- Nov :: localhost.localdomain kibana[]: {"name":"Kibana","hostname":"localhost.localdomain","pid":,"level":,"msg":"No existing kibana index found","time":"20...43Z","v":}
- Nov :: localhost.localdomain kibana[]: {"name":"Kibana","hostname":"localhost.localdomain","pid":,"level":,"msg":"Listening on 0.0.0.0:5601","time":"2015-11...93Z","v":}
- Hint: Some lines were ellipsized, use -l to show in full.
- [root@localhost system]# netstat -nltp (查看端口监听状态)
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0 0 0.0.0.0:5601 0.0.0.0:* LISTEN 16131/node
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /rpcbind
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /sshd
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /cupsd
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /master
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /sshd: root@pt
- tcp6 ::: :::* LISTEN /rpcbind
- tcp6 ::: :::* LISTEN /java
- tcp6 ::: :::* LISTEN /java
- tcp6 ::: :::* LISTEN /sshd
- tcp6 ::: :::* LISTEN /cupsd
- tcp6 ::: :::* LISTEN /master
- tcp6 ::: :::* LISTEN /sshd: root@pt
- [root@localhost system]# firewall-cmd --permanent --add-port=/tcp (防火墙开启5601端口)
- success
- [root@localhost system]# firewall-cmd --reload (重载防火墙)
- success
- [root@localhost system]# firewall-cmd --list-all (查看防火墙开放端口)
- public (default, active)
- interfaces: ens33
- sources:
- services: dhcpv6-client ssh
- ports: /tcp /tcp /tcp
- masquerade: no
- forward-ports:
- icmp-blocks:
- rich rules:
- [root@localhost system]# firewall-cmd --permanent --add-forward-port=port=:proto=tcp:toport= (为5601端口添加80端口的映射,这样在浏览器中就可以不用输入端口了)
- success
- [root@localhost system]# firewall-cmd --reload (重载防火墙)
- success
- [root@localhost system]# firewall-cmd --list-all (查看防火墙开放端口)
- public (default, active)
- interfaces: ens33
- sources:
- services: dhcpv6-client ssh
- ports: /tcp /tcp /tcp
- masquerade: no
- forward-ports: port=:proto=tcp:toport=:toaddr=
- icmp-blocks:
- rich rules:
3.4安装logstash
- [root@localhost system]# cd /home/elk/
- [root@localhost elk]# ls
- elasticsearch-1.7..noarch.rpm kibana-4.1.-linux-x64.tar.gz logstash-1.5.-.noarch.rpm logstash-forwarder-0.4.-.x86_64.rpm
- [root@localhost elk]# yum localinstall logstash-1.5.-.noarch.rpm (yum本地安装logstash)
- Loaded plugins: fastestmirror, langpacks
- Examining logstash-1.5.-.noarch.rpm: :logstash-1.5.-.noarch
- Marking logstash-1.5.-.noarch.rpm to be installed
- Resolving Dependencies
- --> Running transaction check
- ---> Package logstash.noarch :1.5.- will be installed
- --> Finished Dependency Resolution
- base//x86_64 | 3.6 kB ::
- extras//x86_64 | 3.4 kB ::
- extras//x86_64/primary_db | kB ::
- updates//x86_64 | 3.4 kB ::
- updates//x86_64/primary_db | 4.7 MB ::
- Dependencies Resolved
- ===============================================================================================================================================================================================
- Package Arch Version Repository Size
- ===============================================================================================================================================================================================
- Installing:
- logstash noarch :1.5.- /logstash-1.5.-.noarch M
- Transaction Summary
- ===============================================================================================================================================================================================
- Install Package
- Total size: M
- Installed size: M
- Is this ok [y/d/N]: y
- Downloading packages:
- Running transaction check
- Running transaction test
- Transaction test succeeded
- Running transaction
- Installing : :logstash-1.5.-.noarch /
- Verifying : :logstash-1.5.-.noarch /
- Installed:
- logstash.noarch :1.5.-
- Complete!
- [root@localhost tls]# hostname -f (查看当前FQDN,FQDN设置参见http://www.cnblogs.com/zhenyuyaodidiao/p/4947930.html)
- elk.server.com
- [root@localhost ~]# cd /etc/pki/tls/ (进入到/etc/pki/tls/文件夹)
- [root@localhost tls]# ls
- cert.pem certs misc openssl.cnf private
- (以下生成openssl key用于客户端上传日志文件用,在客户端配置时会用到)
- [root@localhost tls]# openssl req -subj '/CN=elk.server.com/' -x509 -days -batch -nodes -newkey rsa: -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
- Generating a bit RSA private key
- ..............+++
- .............+++
- writing new private key to 'private/logstash-forwarder.key'
- -----
- [root@localhost tls]# ls
- cert.pem certs misc openssl.cnf private
- [root@localhost tls]# cd private/
- [root@localhost private]# ll
- total
- -rw-r--r--. root root Nov : logstash-forwarder.key
- [root@localhost private]# cd ../certs/
- [root@localhost certs]# ll
- total
- lrwxrwxrwx. root root Apr ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
- lrwxrwxrwx. root root Apr ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
- -rw-r--r--. root root Nov : logstash-forwarder.crt
- -rwxr-xr-x. root root Mar make-dummy-cert
- -rw-r--r--. root root Mar Makefile
- -rwxr-xr-x. root root Mar renew-dummy-cert
- [root@localhost ~]# cd /etc/logstash/conf.d/
- [root@localhost conf.d]# vi -logstash-initial.conf (编辑logstash配置文件)
- input {
- lumberjack {
- port =>
- type => "logs"
- ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
- ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
- }
- }
- filter {
- if [type] == "syslog" {
- grok {
- match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
- add_field => [ "received_at", "%{@timestamp}" ]
- add_field => [ "received_from", "%{host}" ]
- }
- syslog_pri { }
- date {
- match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
- }
- }
- }
- output {
- elasticsearch { host => localhost }
- stdout { codec => rubydebug }
- }
- [root@localhost conf.d]# systemctl enable logstash (设置开机自启动)
- logstash.service is not a native service, redirecting to /sbin/chkconfig.
- Executing /sbin/chkconfig logstash on
- The unit files have no [Install] section. They are not meant to be enabled
- using systemctl.
- Possible reasons for having this kind of units are:
- ) A unit may be statically enabled by being symlinked from another unit's
- .wants/ or .requires/ directory.
- ) A unit's purpose may be to act as a helper for some other unit which has
- a requirement dependency on it.
- ) A unit may be started when needed via activation (socket, path, timer,
- D-Bus, udev, scripted systemctl call, ...).
- [root@localhost conf.d]# systemctl start logstash.service (开启logstash服务)
- [root@localhost conf.d]# systemctl status logstash.service (查看服务运行状态)
- logstash.service - LSB: Starts Logstash as a daemon.
- Loaded: loaded (/etc/rc.d/init.d/logstash)
- Active: active (running) since Sun -- :: CST; 14s ago
- Process: ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=/SUCCESS)
- CGroup: /system.slice/logstash.service
- ?.. java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction= -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir=/var/lib...
- Nov :: elk logstash[]: logstash started.
- Nov :: elk systemd[]: Started LSB: Starts Logstash as a daemon..
- [root@localhost conf.d]# netstat -nltp (查看端口占用)
- Active Internet connections (only servers)
- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /node
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /rpcbind
- tcp 0.0.0.0: 0.0.0.0:* LISTEN /sshd
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /cupsd
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /master
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /sshd: root@pt
- tcp 127.0.0.1: 0.0.0.0:* LISTEN /sshd: root@pt
- tcp6 0 0 :::5000 :::* LISTEN 20805/java
- tcp6 ::: :::* LISTEN /rpcbind
- tcp6 ::: :::* LISTEN /java
- tcp6 ::: :::* LISTEN /java
- tcp6 ::: :::* LISTEN /java
- tcp6 ::: :::* LISTEN /sshd
- tcp6 ::: :::* LISTEN /cupsd
- tcp6 ::: :::* LISTEN /master
- tcp6 ::: :::* LISTEN /sshd: root@pt
- tcp6 ::: :::* LISTEN /sshd: root@pt
- [root@localhost conf.d]# cd /var/log/logstash/
- [root@localhost logstash]# ls (日志文件)
- logstash.err logstash.log logstash.stdout
- [root@localhost logstash]# firewall-cmd --permanent --add-port=/tcp (防火墙开放5000端口)
- success
- [root@localhost logstash]# firewall-cmd --reload (重载防火墙)
- success
- [root@localhost logstash]# firewall-cmd --list-all (查看端口开放情况)
- public (default, active)
- interfaces: ens33
- sources:
- services: dhcpv6-client ssh
- ports: /tcp /tcp /tcp /tcp
- masquerade: no
- forward-ports: port=:proto=tcp:toport=:toaddr=
- icmp-blocks:
- rich rules:
4、Client端安装
- [root@localhost elk]# vi /etc/hosts (编辑hosts文件)
- 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
- :: localhost localhost.localdomain localhost6 localhost6.localdomain6
- 192.168.7.27 elk.server.com
- [root@localhost elk]# service network restart
- Restarting network (via systemctl): [ OK ]
- [root@localhost elk]# ping elk.server.com (测试连接)
- PING elk.server.com (192.168.7.27) () bytes of data.
- bytes from elk.server.com (192.168.7.27): icmp_seq= ttl= time=0.754 ms
- bytes from elk.server.com (192.168.7.27): icmp_seq= ttl= time=0.477 ms
- ^C
- --- elk.server.com ping statistics ---
- packets transmitted, received, % packet loss, time 1000ms
- rtt min/avg/max/mdev = 0.477/0.615/0.754/0.140 ms
- [root@localhost laizy]# mkdir elk
- [root@localhost laizy]# cd elk/
- [root@localhost elk]# ls
- [root@localhost elk]# scp root@192.168.7.27:/home/elk/logstash-forwarder-0.4.-.x86_64.rpm . (拷贝logstash-forwarder到本地)
- The authenticity of host '192.168.7.27 (192.168.7.27)' can't be established.
- ECDSA key fingerprint is :b9::::f2:::9b::bb::a5::f1:f9.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '192.168.7.27' (ECDSA) to the list of known hosts.
- root@192.168.7.27's password:
- logstash-forwarder-0.4.-.x86_64.rpm % 1692KB .7MB/s :
- [root@localhost elk]# ls
- logstash-forwarder-0.4.-.x86_64.rpm
- [root@localhost elk]# scp root@192.168.7.27:/etc/pki/tls/certs/logstash-forwarder.crt . (拷贝Server端的key到本地)
- root@192.168.7.27's password:
- logstash-forwarder.crt % .1KB/s :
- [root@localhost elk]# ll
- total
- -rw-r--r--. root root Nov : logstash-forwarder-0.4.-.x86_64.rpm
- -rw-r--r--. root root Nov : logstash-forwarder.crt
- [root@localhost elk]# cp logstash-forwarder.crt /etc/pki/tls/certs/ (将key拷贝到/etc/pki/tls/certs/下)
- [root@localhost elk]# cd /etc/pki/tls/certs/
- [root@localhost certs]# ls
- ca-bundle.crt ca-bundle.trust.crt logstash-forwarder.crt make-dummy-cert Makefile renew-dummy-cert
- [root@localhost certs]# cd /home/laizy/elk/
- [root@localhost elk]# ls
- logstash-forwarder-0.4.-.x86_64.rpm logstash-forwarder.crt
- [root@localhost elk]# yum localinstall logstash-forwarder-0.4.-.x86_64.rpm (yum本地安装logstash-forwarder)
- Loaded plugins: fastestmirror, langpacks
- Examining logstash-forwarder-0.4.-.x86_64.rpm: logstash-forwarder-0.4.-.x86_64
- Marking logstash-forwarder-0.4.-.x86_64.rpm to be installed
- Resolving Dependencies
- --> Running transaction check
- ---> Package logstash-forwarder.x86_64 :0.4.- will be installed
- --> Finished Dependency Resolution
- base//x86_64 | 3.6 kB ::
- extras//x86_64 | 3.4 kB ::
- updates//x86_64 | 3.4 kB ::
- Dependencies Resolved
- ===============================================================================================================================================================================================
- Package Arch Version Repository Size
- ===============================================================================================================================================================================================
- Installing:
- logstash-forwarder x86_64 0.4.- /logstash-forwarder-0.4.-.x86_64 5.7 M
- Transaction Summary
- ===============================================================================================================================================================================================
- Install Package
- Total size: 5.7 M
- Installed size: 5.7 M
- Is this ok [y/d/N]: y
- Downloading packages:
- Running transaction check
- Running transaction test
- Transaction test succeeded
- Running transaction
- Installing : logstash-forwarder-0.4.-.x86_64 /
- Logs for logstash-forwarder will be in /var/log/logstash-forwarder/
- Verifying : logstash-forwarder-0.4.-.x86_64 /
- Installed:
- logstash-forwarder.x86_64 :0.4.-
- Complete!
- [root@localhost elk]# systemctl enable logstash-forwarder (设置开机自启动)
- logstash-forwarder.service is not a native service, redirecting to /sbin/chkconfig.
- Executing /sbin/chkconfig logstash-forwarder on
- The unit files have no [Install] section. They are not meant to be enabled
- using systemctl.
- Possible reasons for having this kind of units are:
- ) A unit may be statically enabled by being symlinked from another unit's
- .wants/ or .requires/ directory.
- ) A unit's purpose may be to act as a helper for some other unit which has
- a requirement dependency on it.
- ) A unit may be started when needed via activation (socket, path, timer,
- D-Bus, udev, scripted systemctl call, ...).
- [root@localhost elk]# systemctl start logstash-forwarder.service (开启服务)
- [root@localhost elk]# cd /var/log/logstash-forwarder/ (日志目录)
- [root@localhost logstash-forwarder]# ls
- logstash-forwarder.err logstash-forwarder.log
- [root@localhost elk]# vi /etc/logstash-forwarder.conf (编辑配置文件)
- {
- "network": {
- "servers": [ "elk.server.com:5000" ],
- "ssl ca": "/etc/pki/tls/certs/logstash-forwarder.crt",
- "timeout":
- },
- "files": [
- {
- "paths": [
- "/var/log/messages",
- "/var/log/secure"
- ],
- "fields": { "type": "syslog" }
- }
- ]
- }
- [root@localhost elk]# systemctl restart logstash-forwarder.service (重启服务)
- [root@localhost elk]# systemctl status logstash-forwarder.service (查看服务运行状态)
- logstash-forwarder.service - LSB: no description given
- Loaded: loaded (/etc/rc.d/init.d/logstash-forwarder)
- Active: active (running) since Sun -- :: CST; 18s ago
- Process: ExecStop=/etc/rc.d/init.d/logstash-forwarder stop (code=exited, status=/SUCCESS)
- Process: ExecStart=/etc/rc.d/init.d/logstash-forwarder start (code=exited, status=/SUCCESS)
- CGroup: /system.slice/logstash-forwarder.service
- ?.. /opt/logstash-forwarder/bin/logstash-forwarder -config /etc/logstash-forwarder.conf
- Nov :: localhost.localdomain systemd[]: Starting LSB: no description given...
- Nov :: localhost.localdomain /etc/init.d/logstash-forwarder[]: logstash-forwarder started
- Nov :: localhost.localdomain logstash-forwarder[]: logstash-forwarder started
- Nov :: localhost.localdomain systemd[]: Started LSB: no description given.
5、界面验证
首先在client中手动增加一条日志:
- [root@localhost elk]# logger zhenyuLogtest
界面登录 http://192.168.7.27/ ,做如下操作
从图中可以看到,手动添加的日志已经在界面中被搜索到了。
本文主要参考了国外一个搭建ELK的视频,操作的很详细,附上视频的下载链接,仅供参考。
链接:http://pan.baidu.com/s/1jGuBWCQ 密码:h0pq
Centos7下使用ELK(Elasticsearch + Logstash + Kibana)搭建日志集中分析平台的更多相关文章
- 使用ELK(Elasticsearch + Logstash + Kibana) 搭建日志集中分析平台实践--转载
原文地址:https://wsgzao.github.io/post/elk/ 另外可以参考:https://www.digitalocean.com/community/tutorials/how- ...
- Centos6.5使用ELK(Elasticsearch + Logstash + Kibana) 搭建日志集中分析平台实践
Centos6.5安装Logstash ELK stack 日志管理系统 概述: 日志主要包括系统日志.应用程序日志和安全日志.系统运维和开发人员可以通过日志了解服务器软硬件信息.检查配置过程中的 ...
- 键盘侠Linux干货| ELK(Elasticsearch + Logstash + Kibana) 搭建教程
前言 Elasticsearch + Logstash + Kibana(ELK)是一套开源的日志管理方案,分析网站的访问情况时我们一般会借助 Google / 百度 / CNZZ 等方式嵌入 JS ...
- 【转】ELK(ElasticSearch, Logstash, Kibana)搭建实时日志分析平台
[转自]https://my.oschina.net/itblog/blog/547250 摘要: 前段时间研究的Log4j+Kafka中,有人建议把Kafka收集到的日志存放于ES(ElasticS ...
- 【Big Data - ELK】ELK(ElasticSearch, Logstash, Kibana)搭建实时日志分析平台
摘要: 前段时间研究的Log4j+Kafka中,有人建议把Kafka收集到的日志存放于ES(ElasticSearch,一款基于Apache Lucene的开源分布式搜索引擎)中便于查找和分析,在研究 ...
- ELK(ElasticSearch+Logstash+ Kibana)搭建实时日志分析平台
一.简介 ELK 由三部分组成elasticsearch.logstash.kibana,elasticsearch是一个近似实时的搜索平台,它让你以前所未有的速度处理大数据成为可能. Elastic ...
- Elasticsearch+Logstash+Kibana搭建日志平台
1 ELK简介 ELK是Elasticsearch+Logstash+Kibana的简称 ElasticSearch是一个基于Lucene的分布式全文搜索引擎,提供 RESTful API进行数据读写 ...
- [Big Data - ELK] ELK(ElasticSearch, Logstash, Kibana)搭建实时日志分析平台
ELK平台介绍 在搜索ELK资料的时候,发现这篇文章比较好,于是摘抄一小段: 以下内容来自: http://baidu.blog.51cto.com/71938/1676798 日志主要包括系统日志. ...
- 13: ELK(ElasticSearch+Logstash+ Kibana)搭建实时日志分析平台
参考博客:https://www.cnblogs.com/zclzhao/p/5749736.html 51cto课程:https://edu.51cto.com/center/course/less ...
- 基于CentOS6.5或Ubuntu14.04下Suricata里搭配安装 ELK (elasticsearch, logstash, kibana)(图文详解)
前期博客 基于CentOS6.5下Suricata(一款高性能的网络IDS.IPS和网络安全监控引擎)的搭建(图文详解)(博主推荐) 基于Ubuntu14.04下Suricata(一款高性能的网络ID ...
随机推荐
- connect调用超时的实现方式
第二种更通用的.使connect调用超时的方法是使套接字成为无阻塞的,然后用select等待它完成.这种方法避免了使用alarm时遇到的很多问题,但我们必须承认,即使是在UNIX实现中,这种方法还是存 ...
- Spring MVC中使用Interceptor拦截器
SpringMVC 中的Interceptor 拦截器也是相当重要和相当有用的,它的主要作用是拦截用户的请求并进行相应的处理.比如通过它来进行权限验证,或者是来判断用户是否登陆,或者是像12306 那 ...
- Activity的四种启动模式和onNewIntent()
转自:http://blog.csdn.net/linghu_java/article/details/17266603 Android中Activity启动模式详解 在Android中每个界面都 ...
- Android --ListView模板
调整了近一上午的模板 ListView表头 <?xml version="1.0" encoding="utf-8"?> <LinearLay ...
- JAX-WS(三)构建简单webservice部署到tomcat上
前言: 虽然构建本地的jax-ws的webservice很简单,但要部署到tomcat上要绕过点弯. tomcat本身和jdk都没有jaw-ws的API,所以部署的时候需要额外做点事情,有两种选择 1 ...
- iOS架构网址
http://casatwy.com/iosying-yong-jia-gou-tan-kai-pian.html
- 转:MIME(Multipurpose Internet Mail Extensions)类型
MIME(Multipurpose Internet Mail Extensions)多用途互联网邮件扩展类型.是设定某种扩展名的文件用一种应用程序来打开的方式类型,当该扩展名文件被访问的时候,浏览器 ...
- fackbook的Fresco的多种图片加载方法以及解码过程
上篇文章中我们提到了图片加载其实是用了三条线程,如果没看过的同学可以先了解下这里. fackbook的Fresco的Image Pipeline以及自身的缓存机制 那么今天我们就来探索一下如何在代码中 ...
- paper 3:matlab中save,load使用方法小结
功能描述]存储文件[软件界面]MATLAB->File->Save Workspace As将变量存入硬盘中指定路径.[函数用法] save:该函数将所有workspace中变量用二进制格 ...
- haskell笔记2
模式匹配 # haskell_test.hs length' :: [a] -> a length' [] = 0 length' (_:x) = 1 + length' x as模式 xs@x ...