Es+Head+Logstash实践(2)

Es+Head+Logstash在昨天，使用tar.gz安装很多问题，本次使用yum安装。参考权威指南：http://www.learnes.net/1,安装java

[root@ELK1 ~]# yum -y install java-1.8.0-openjdk* git
[root@ELK1 ~]#  java -version
openjdk version "1.8.0_71"
OpenJDK Runtime Environment (build 1.8.0_71-b15)
OpenJDK 64-Bit Server VM (build 25.71-b15, mixed mode)

2，安装elasticsearch

[root@ELK1 ~]# yum install https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/rpm/elasticsearch/2.2.0/elasticsearch-2.2.0.rpm 

这些安装路径可以使用 rpm -ql elasticsearch 查看3，编辑配置文件,

[root@ELK1 elasticsearch]# grep "^[a-z]" /etc/elasticsearch/elasticsearch.yml 
cluster.name: linuxea-my
node.name: "linuxea-ES1"
node.master: true
node.data: true
index.number_of_shards: 5
index.number_of_replicas: 1
path.data: /data/es-data
path.work: /data/es-worker
path.logs:  /var/log/elasticsearch/
path.plugins: /usr/share/elasticsearch/plugins
bootstrap.mlockall: true
network.bind_host: 10.10.0.200
network.publish_host: 10.10.0.200
network.host: 10.10.0.200
http.port: 9200
discovery.zen.ping.multicast.enabled: false
#discovery.zen.ping.timeout: 3s
discovery.zen.ping.unicast.hosts: ["10.10.0.201", "127.0.0.1",] 

===============================配置说明========================

cluster.name: elasticsearch        #组播的名称地址
node.name: "linux-ES1"             #节点名称，不能和其他节点重复
node.master: true                  #节点能否被选举为master
node.data: true                    #节点是否存储数据
index.number_of_shards: 5         #索引分片的个数
index.number_of_replicas: 1       #分片的副本个数
path.conf: /usr/local/elasticsearch/config/      #配置文件的路径
path.data: /data/es-data                        #数据目录路径
path.work: /data/es-worker                      #工作目录路径
path.logs:  /usr/local/elasticsearch/logs/      #日志文件路径
path.plugins: /usr/local/elasticsearch/plugins  #插件路径
bootstrap.mlockall: true                        #内存不向swap交换
discovery.zen.ping.unicast.hosts: ["10.10.0.201", "127.0.0.1",]  节点ip，head需要
=================================================================

4，创建tata目录

[root@ELK1 /]#  mkdir /data/es-data -p
[root@ELK1 /]#  mkdir /data/es-worker -p
[root@ELK1 /]# chown elasticsearch.elasticsearch data -R

ES2

[root@ELK2 local]# grep "^[a-z]" /etc/elasticsearch/elasticsearch.yml
cluster.name: linuxea-my
node.name: "linuxea-ES2"
node.master: true
node.data: true
index.number_of_shards: 5
index.number_of_replicas: 1
path.data: /data/es-data
path.work: /data/es-worker
path.logs:  /var/log/elasticsearch/
path.plugins: /usr/share/elasticsearch/plugins
bootstrap.mlockall: true
network.host: 10.10.0.201
http.port: 9200
[root@ELK2 local]# mkdir /data/es-data -p
[root@ELK2 local]# mkdir /data/es-worker -p
[root@ELK2 local]# chown elasticsearch.elasticsearch /data -R

elasticsearch-head安装

[root@ELK1 local]# /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
-> Installing mobz/elasticsearch-head...
Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ...
Downloading ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed head into /usr/local/elasticsearch/plugin/head

生产可能需要配置已下：

max_file_descriptors: 64000
/etc/sysctl.conf
sysctl -w vm_max_count=262144

logstash安装

[root@ELK1 /]# yum install https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.2.2-1.noarch.rpm 
[root@ELK1 /]# rpm -ql logstash |less

输入和输出

[root@ELK1 /]# /opt/logstash/bin/logstash -e 'input { stdin{} } output { stdout{codec => rubydebug} }'
Settings: Default pipeline workers: 1
Logstash startup completed
hello word
{
       "message" => "hello word",
      "@version" => "1",
    "@timestamp" => "2016-03-06T12:25:26.807Z",
          "host" => "ELK1"
}
linuxea.com
{
       "message" => "linuxea.com",
      "@version" => "1",
    "@timestamp" => "2016-03-06T12:25:31.943Z",
          "host" => "ELK1"
}

logstash并写入数据到elasticsearch

参考页面：https://www.elastic.co/guide/en/logstash/current/configuration.html

[root@ELK1 /]# /opt/logstash/bin/logstash -e 'input { stdin  } output { elasticsearch { hosts => ["10.10.0.200:9200"] } stdout { codec => rubydebug } }'
Settings: Default pipeline workers: 1
Logstash startup completed
hello word     
{
       "message" => "hello word",
      "@version" => "1",
    "@timestamp" => "2016-03-06T12:46:08.504Z",
          "host" => "ELK1"
}
www.linuxea.com
{
       "message" => "www.linuxea.com",
      "@version" => "1",
    "@timestamp" => "2016-03-06T12:46:18.127Z",
          "host" => "ELK1"
}