运维-搜索引擎安装 Elasticsearch

作者: 小敏-mingo | 发表于 | 分类于 | | 阅读次数:

安装

将 Elasticsearch 公共 GPG 密钥导入 rpm

1
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

新增 /etc/yum.repos.d/elasticsearch.repo

1
2
3
4
5
6
7
8
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

安装 Elasticsearch

1
2
3
yum install elasticsearch
systemctl start elasticsearch
systemctl enable elasticsearch

安装 Logstash

1
2
3
yum install logstash
systemctl start logstash
systemctl enable logstash

安装 Kibana

1
2
3
yum install kibana
systemctl start kibana
systemctl enable kibana

安装 Filebeat

1
2
3
yum install filebeat
systemctl start filebeat
systemctl enable filebeat

查看端口是否正常

1
2
netstat -lntp |grep 9200
netstat -lntp |grep 5601

配置

  • 设置kibana

    /etc/kibana/kibana.yml

1
logging.dest: /var/log/kibana/kibana.log

调试

filebeat 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
...
- type: log
  enabled: true
  paths:
    - /var/log/nginx/access.log
  # 添加字段信息
  fields:
    logtype: nginx_access
    logsource: nginx_access_log

- type: log
  enabled: true
  paths:
    - /var/log/nginx/error.log
  # 添加字段信息
  fields:
    logtype: nginx_error
    logsource: nginx_error_log
...
output.logstash:
  hosts: ["localhost:10520"]
...
1
2
### 测试配置
filebeat -e -c /etc/filebeat/filebeat.yml

logstash 配置 Rsyslog 日志

  • logstash 配置 rsyslog 日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
### 编辑 rsyslog 配置,/etc/rsyslog.conf
*.* @@127.0.0.1:10514

### 编辑 logstash 配置,/etc/logstash/conf.d/system-syslog.conf
input {
  syslog {
    port => 10514
  }
}
output {
  stdout {
    codec => rubydebug  # 将日志输出到当前的终端上显示
  }
}

### 测试配置
/usr/share/logstash/bin/logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/system-syslog.conf
  • logstash 配置 filebeat 日志
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
input {
  beats {
    port => 10520
  }
}
output {
  if [fields][logtype] == "nginx_access" {
    elasticsearch {
      hosts => ["127.0.0.1:9200"]
      index => "nginx_access-%{+YYYY.MM.dd}"
    }
  }
  if [fields][logtype] == "nginx_error" {
    elasticsearch {
      hosts => ["127.0.0.1:9200"]
      index => "nginx_error-%{+YYYY.MM.dd}"
    }
  }

  #stdout {
  #  codec => rubydebug  # 将日志输出到当前的终端上显示
  #}
}

nginx 配置 Kibana 代理

1
2
3
4
5
6
7
8
9
10
11
12
## 新增密码文件

htpasswd -c /etc/nginx/passwd/.htpasswd mingo

## 追加密码用户
htpasswd /etc/nginx/passwd/.htpasswd mingo002

## 添加nginx配置
    auth_basic "Administrator Login";
    auth_basic_user_file /etc/nginx/passwd/.htpasswd;

## 重启
您的支持将鼓励我继续创作