[root@log-node1 ~]# cobbler repo add --name=logstash-2.3 --mirror=http://packages.elastic.co/logstash/2.3/centos --arch=x86_64 --breed=yum

[root@log-node1 ~]# cobbler repo add --name=elasticsearch2 --mirror=http://packages.elastic.co/ela ... entos --arch=x86_64 --breed=yum

[root@log-node1 ~]# cobbler repo add --name=kibana4.5 --mirror=http://packages.elastic.co/kibana/4.5/centos --arch=x86_64 --breed=yum

[root@log-node1 ~]# cobbler reposync

[root@node1 /etc/elasticsearch]# grep '^[a-Z]' elasticsearch.yml

cluster.name: myes

node.name: node1

path.data: /data/es-data

path.logs: /var/log/elasticsearch

bootstrap.memory_lock: true

network.host: 192.168.3.3

http.port: 9200

[root@node1 /etc/elasticsearch]# curl -i -XGET 'http://192.168.3.3:9200/_count?';echo

HTTP/1.1 200 OK

Content-Type: application/json; charset=UTF-8

Content-Length: 59

{"count":0,"_shards":{"total":0,"successful":0,"failed":0}}

[root@node1 /etc/elasticsearch]# /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head

http://192.168.3.3:9200/_plugin/head/

这样访问

 /usr/share/elasticsearch/bin/plugin install lukas-vlcek/bigdesk

上github上面搜索插件

然后直接安装

/usr/share/elasticsearch/bin/plugin install lukas-vlcek/bigdesk

发现模式改成单播

只改node2,node1不改,只要有一个知道就可以了

discovery.zen.ping.unicast.hosts: ["192.168.3.3", "192.168.3.4"]

https://www.elastic.co/learn

[root@node1 /data]# curl http://192.168.3.3:9200/_cluster/health?pretty=true

{

  "cluster_name" : "myes",

  "status" : "green",

  "timed_out" : false,

  "number_of_nodes" : 2,

  "number_of_data_nodes" : 2,

  "active_primary_shards" : 7,

  "active_shards" : 14,

  "relocating_shards" : 0,

  "initializing_shards" : 0,

  "unassigned_shards" : 0,

  "delayed_unassigned_shards" : 0,

  "number_of_pending_tasks" : 0,

  "number_of_in_flight_fetch" : 0,

  "task_max_waiting_in_queue_millis" : 0,

  "active_shards_percent_as_number" : 100.0

}

[root@node2 elasticsearch]# /opt/logstash/bin/logstash -e 'input{ stdin{} } output{ stdout{} }'

[root@node2 elasticsearch]# /opt/logstash/bin/logstash -e 'input{ stdin{} } output{ stdout{ codec => rubydebug } }'

Settings: Default pipeline workers: 4

Pipeline main started

hello world

{

       "message" => "hello world",

      "@version" => "1",

    "@timestamp" => "2017-01-28T11:06:23.310Z",

          "host" => "node2.com"

}

/opt/logstash/bin/logstash -e 'input{ stdin{} } output{ elasticsearch { hosts => ["192.168.3.3:9200"] index => "logstash-%{+YYYY.MM.dd}"  } }' 

[root@node1 ~]# cat /etc/logstash/conf.d/demo.conf

input {

        stdin{}

}

filter{

}

output{

        elasticsearch {

                hosts => ["192.168.3.3:9200"]

                index => "logstash-%{+YYYY.MM.dd}"

        }

        stdout {

                codec => rubydebug

        }

}

收集系统日志rsyslog es

file es

tcp es

1,行 -  事件

2,input output

3, 事件 - input - codec  - filter - codec - output

https://es.xiaoleilu.com/

/opt/logstash/bin/logstash -f /etc/logstash/conf.d/demo.conf 

[root@node1 /opt/kibana/config]# egrep -v "#|^$" kibana.yml

server.port: 5601

server.host: "0.0.0.0"

elasticsearch.url: "http://192.168.3.3:9200"

kibana.index: ".kibana"

[root@node1 /opt/kibana/config]# /etc/init.d/kibana start

/var/log/elasticsearch/myes.log

input {

        file {

                path => ["/var/log/messages","/var/log/secure"]

                type => "system-log"

                start_position => "beginning"

        }

        file {

                path => "/var/log/elasticsearch/myes.log"

                type => "es-log"

                start_position => "beginning"

        }

        file {

                path => "/var/log/elasticsearch/myes.log.2017-01-27"

                type => "es1-log"

                start_position => "beginning"

        }

}

filter{

}

output{

        if [type] == "system-log" {

                elasticsearch {

                hosts => ["192.168.3.3:9200"]

                index => "system-log-%{+YYYY.MM}"

                }

        }

        if [type] == "es-log" {

                elasticsearch {

                        hosts => ["192.168.3.3:9200"]

                        index => "es-log-%{+YYYY.MM}"

                }

        }

        if [type] == "es1-log" {

                elasticsearch {

                        hosts => ["192.168.3.3:9200"]

                        index => "es1-log-%{+YYYY.MM}"

                }

        }

}

[root@node1 ~]# for i in `ls .since*`; do echo $i;cat $i; done

.sincedb_1fb922e15ccea4ac0d028d33639ba3ea

86446130 0 64768 54548

86446131 0 64768 924

.sincedb_2a52db197011b7a611fb7594c513ff67

 0 0 0

.sincedb_a9b9fed7edff6fd888ffe131a05b5397

210651098 0 64768 4520

210651086 0 64768 4973

.sincedb_b5712b028c2d902c97f521ccf91d1ea8

210651087 0 64768 10086

.sincedb_ec411afaed82c6e15509db4e6d8d51e3

[root@node1 ~]# ls -li /var/log/messages

86446130 -rw------- 1 root root 58431 Feb  3 06:57 /var/log/messages

[root@node1 ~]# ls -li /var/log/elasticsearch/myes.log.2017-01-27

210651087 -rw-r--r-- 1 elasticsearch elasticsearch 10086 Feb  3 06:39 /var/log/elasticsearch/myes.log.2017-01-27

[root@node1 ~]# rm -f .sincedb_*

[root@node1 ~]# pwd

/root

[2017-01-27 23:53:54,741][INFO ][plugins                  ] [node1] modules [reindex, lang-expression, lang-groovy], plugins [], sites []

[2017-01-27 23:53:54,762][ERROR][bootstrap                ] Exception

java.lang.IllegalStateException: Failed to created node environment

        at org.elasticsearch.node.Node.<init>(Node.java:167)

        at org.elasticsearch.node.Node.<init>(Node.java:140)

        ... 5 more

[2017-01-27 23:56:29,132][INFO ][node                     ] [node1] version[2.3.5], pid[6215], build[90f439f/2016-07-27T10:36:52Z]

[2017-01-27 23:56:29,133][INFO ][node                     ] [node1] initializing ...

[2017-01-27 23:56:30,066][INFO ][plugins                  ] [node1] modules [reindex, lang-expression, lang-groovy], plugins [head], sites [

多行匹配

        file {

                path => "/var/log/elasticsearch/myes.log.2017-01-27"

                type => "es1-log"

                start_position => "beginning"

                codec => multiline {

                        pattern => "^\["

                        negate => true

                        what => "previous"

                }

        }

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '

                      '$status $body_bytes_sent "$http_referer" '

                      '"$http_user_agent" "$http_x_forwarded_for"';

1 nginx 日志改成json格式

2 文件直接收取。 redis, python脚本读取redis,写成json,写入es

[root@node2 logstash]# cat /var/lib/logstash/.sincedb_0ba90fec979d14f3e8e5ab1191218736

68231552 0 64768 202989

http://192.168.3.3:5601/app/kibana#/discover?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-30d,mode:quick,to:now))&_a=(columns:!(_index,host,http_code),index:%5Bnginx-access-log-%5DYYYY.MM.DD,interval:auto,query:(query_string:(analyze_wildcard:!t,query:'http_code:404')),sort:!('@timestamp',desc),uiState:())

http_code:404

ELK学习的更多相关文章

  1. ELK学习笔记(一)安装Elasticsearch、Kibana、Logstash和X-Pack

    最近在学习ELK的时候踩了不少的坑,特此写个笔记记录下学习过程. 日志主要包括系统日志.应用程序日志和安全日志.系统运维和开发人员可以通过日志了解服务器软硬件信息.检查配置过程中的错误及错误发生的原因 ...

  2. ELK学习笔记之CentOS 7下ELK(6.2.4)++LogStash+Filebeat+Log4j日志集成环境搭建

    0x00 简介 现在的公司由于绝大部分项目都采用分布式架构,很早就采用ELK了,只不过最近因为额外的工作需要,仔细的研究了分布式系统中,怎么样的日志规范和架构才是合理和能够有效提高问题排查效率的. 经 ...

  3. ELK学习之Logstash篇

    Logstash在ELK这一整套解决方案中作为数据采集终端,支持对接Kafka.数据库(MySQL.Oracle).文件等等. 而在Logstash内部的数据流转,主要经过三个环节:input -&g ...

  4. ELK学习笔记(二)-HelloWorld实例+Kibana介绍

    这次我们通过一个最简单的HelloWolrd来了解一下ELK的使用. 进入logstash的config目录,创建stdin.conf 文件. input{ stdin{ } } output{ st ...

  5. ELK学习笔记(三)单台服务器多节点部署

    一般情况下单台服务器只会部署一个ElasticSearch node,但是在学习过程中,很多情况下会需要实现ElasticSearch的分布式效果,所以需要启动多个节点,但是学习开发环境(不想开多个虚 ...

  6. ELK学习笔记(四)SpringBoot+Logback+Redis+ELK实例

    废话不多说,直接上干货,首先看下整体应用的大致结构.(整个过程我用到了两台虚拟机  应用和Shipper 部署在192.168.25.128 上 Redis和ELK 部署在192.168.25.129 ...

  7. ELK学习总结(2-5)elk的版本控制

    ----------------------------------------------------------------- 1.悲观锁和乐观锁 悲观锁:假定会发生并发冲突,屏蔽一切可能违反数据 ...

  8. ELK学习总结(1-1)ELK是什么

    1.elk 是什么 ? Elastic Stack(旧称ELK Stack),是一种能够从任意数据源抽取数据,并实时对数据进行搜索.分析和可视化展现的数据分析框架.(hadoop同一个开发人员) ja ...

  9. ELK学习记录二 :elasticsearch、logstash及kibana的安装与配置

    注意事项: 1.ELK版本要求5.X以上,本人使用版本:elasticsearch-6.0.0.kibana-6.0.0-linux-x86_64.logstash-6.0.0.tar 2.Elast ...

  10. ELK学习记录一 :初识ELK

    ELK是elastic公司提供的一套完整的收集日志并分析展示的产品,分别表示Elasticsearch.Logstash和kibana. (官网截个图) 先来一段个人粗浅的认识: Elasticsea ...

随机推荐

  1. Java 原子语义同步的底层实现

    原子语义同步的底层实现 volatile volatile只能保证变量对各个线程的可见性,但不能保证原子性.关于 Java语言 volatile 的使用方法就不多说了,我的建议是 除了 配合packa ...

  2. python excel 像 Excel 一样使用 python 进行数据分析

    https://www.jb51.net/article/63216.htm 像 Excel 一样使用 python 进行数据分析 :  https://www.cnblogs.com/nxld/p/ ...

  3. 一篇面经(BAT面试)(转)

    0. 写在之前 首先呢我的面试经历和一些面霸和收割机的大神相比绝不算丰富,但我这三个月应该能代表很大一部分人的心路历程:从无忧无虑也无知的状态,然后遭遇挫败,跌入低谷,连续数天的黑暗,慢慢调整,逼着自 ...

  4. mysql修改EST时区,mysql时间修改

    方法有两种 ###第一种 select NOW();show variables like "%time_zone%"; ##一:通过sql命令临时修改 set global ti ...

  5. Python设计模式 - UML - 类图(Class Diagram)

    简介 类图是面向对象分析和设计的核心,用来描述系统各个模块中类与类之间.接口与接口之间.类与接口之间的关系,以及每个类的属性.操作等特性,一般在详细设计过程中实施. 类图本身就是现实世界的抽象,是对系 ...

  6. Zabbix告警脚本-短信

    [root@iot-svndata02 bin]# cat zbsms.sh #!/bin/sh #curl http://221.179.180.137:8080/smsaServer/lkSend ...

  7. js限制图片大小、点击放大图片、点击在新开页面显示

    缩放图片到合适大小        function ResizeImages() {            var myimg, oldwidth, oldheight;            var ...

  8. TZOJ 3820 Revenge of Fibonacci(大数+trie)

    描述 The well-known Fibonacci sequence is defined as following: Here we regard n as the index of the F ...

  9. vue的条件渲染和列表渲染介绍

    一.条件渲染 1.v-if语句 <div v-if="seen">hahahah</div> <!-- v-if插入或者删除元素的指令 --> ...

  10. How Xtuner E3 works for BMW 520d Diagnosis and initialization of CBS service

    Using Xtuner E3 to perform BMW 520d Diagnosis and initialization of CBS service in step by step proc ...