当前位置: 首页 > news >正文

ELK 统一日志分析系统部署与实践指南(下)

news 2025/9/7 3:06:27

#作者:张桐瑞

文章目录

    • 2.1.8 启动ES集群
    • 2.1.9 查看ES集群的状态
    • 2.1.10 安装kibana
    • 2.1.11 启动kibana
    • 2.1.16 使用测试

2.1.8 启动ES集群

[elk@es-master ~]$ /app/elk/elasticsearch-7.6.2/bin/elasticsearch -d
-d  后台启动
[elk@es-master ~]$ ps -elf | grep java
0 S elk       40101      1 99  80   0 - 1048917 futex_ 14:09 pts/0  00:00:29 /usr/local/jdk-15.0.2/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=COMPAT -Xms1g -Xmx1g -XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 -Djava.io.tmpdir=/tmp/elasticsearch-9707861374109943810 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -XX:MaxDirectMemorySize=536870912 -Des.path.home=/app/elk/elasticsearch-7.6.2 -Des.path.conf=/app/elk/elasticsearch-7.6.2/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /app/elk/elasticsearch-7.6.2/lib/* org.elasticsearch.bootstrap.Elasticsearch -d[elk@es-master ~]$netstat -tunlp | grep java 
(Not all processes could be identified, non-owned process infowill not be shown, you would have to be root to see it all.)
tcp6       0      0 192.168.140.10:9200     :::*                    LISTEN      40101/java          
tcp6       0      0 192.168.140.10:9300     :::*                    LISTEN      40101/java

2.1.9 查看ES集群的状态

[elk@es-master ~]$ curl -X GET "http://192.168.140.10:9200/_cluster/health?pretty"
{"cluster_name" : "es","status" : "green","timed_out" : false,"number_of_nodes" : 3,"number_of_data_nodes" : 3,"active_primary_shards" : 0,"active_shards" : 0,"relocating_shards" : 0,"initializing_shards" : 0,"unassigned_shards" : 0,"delayed_unassigned_shards" : 0,"number_of_pending_tasks" : 0,"number_of_in_flight_fetch" : 0,"task_max_waiting_in_queue_millis" : 0,"active_shards_percent_as_number" : 100.0
}

2.1.10 安装kibana

[elk@es-master ~]$  cp /app/elk/kibana-7.6.2-linux-x86_64/config/kibana.yml /app/elk/kibana-7.6.2-linux-x86_64/config/kibana.yml.bak
[elk@es-master ~]$ vim /app/elk/kibana-7.6.2-linux-x86_64/config/kibana.yml
server.port: 5601
server.host: "192.168.140.10"
elasticsearch.hosts: ["http://192.168.140.10:9200"]

2.1.11 启动kibana

[elk@es-master ~]$ nohup /app/elk/kibana-7.6.2-linux-x86_64/bin/kibana & [elk@es-master ~]$ ps -elf | grep kibana
0 R elk       40227  39800 99  80   0 - 293743 -     14:47 pts/0    00:00:57 /app/elk/kibana-7.6.2-linux-x86_64/bin/../node/bin/node /app/elk/kibana-7.6.2-linux-x86_64/bin/../src/cli[elk@es-master ~]$ netstat -antp | grep 5601
(Not all processes could be identified, non-owned process infowill not be shown, you would have to be root to see it all.)
tcp        0      0 192.168.140.10:5601     0.0.0.0:*               LISTEN      40436/node       http://192.168.140.10:5601/app/kibana

在这里插入图片描述
2.1.12 安装部署filebeat
安装httpd

[root@web_server ~]# vim /usr/local/filebeat-7.6.2-linux-x86_64/filebeat.yml#=========================== Filebeat inputs =============================filebeat.inputs:
- type: logenabled: truepaths:- /var/log/httpd/access_log#============================== Dashboards =====================================
setup.dashboards.enabled: false#============================== Kibana =====================================
setup.kibana:host: "192.168.140.10:5601"#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:   //注释  与Logstash 二选其一# Array of hosts to connect to.
#  hosts: ["localhost:9200"]#----------------------------- Logstash output --------------------------------
output.logstash:# The Logstash hostshosts: ["192.168.140.10:5044"]

2.1.13 启动filebeat

[root@web_server filebeat-7.6.2-linux-x86_64]# nohup ./filebeat -c filebeat.yml &
[1] 17237
[root@web_server filebeat-7.6.2-linux-x86_64]# nohup: ignoring input and appending output to ‘nohup.out’[root@web_server filebeat-7.6.2-linux-x86_64]# 
[root@web_server filebeat-7.6.2-linux-x86_64]# ps -elf | grep file
4 S dbus       6265      1  0  80   0 - 14556 ep_pol 10:35 ?        00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
0 S root      17237   6885  5  80   0 - 137618 futex_ 15:09 pts/0   00:00:00 ./filebeat -c filebeat.yml

2.1.14 安装配置Logstash

[root@es-master ~]# cp /app/elk/logstash-7.6.2/config/logstash-sample.conf /app/elk/logstash-7.6.2/config/logstash.conf
[root@es-master ~]# vim /app/elk/logstash-7.6.2/config/logstash.confinput {beats {port => 5044}
}filter {grok {match => { "message" => "%{COMBINEDAPACHELOG}" }}
}output {elasticsearch {hosts => ["http://192.168.140.10:9200"]index => "httpd-access-%{+YYYY.MM.dd}"#user => "elastic"#password => "changeme"}
}

2.1.14.1 logstash自带的日志过滤方法

[root@es-master patterns]# pwd
/app/elk/logstash-7.6.2/vendor/bundle/jruby/2.5.0/gems/logstash-patterns-core-4.1.2/patterns

2.1.15 启动logstash

[root@es-master ~]# vim /app/elk/logstash-7.6.2/config/jvm.options #-XX:+UseConcMarkSweepGC
#-XX:CMSInitiatingOccupancyFraction=75
#-XX:+UseCMSInitiatingOccupancyOnly
[root@es-master ~]# nohup /app/elk/logstash-7.6.2/bin/logstash -f /app/elk/logstash-7.6.2/config/logstash.conf &
[1] 40815[root@es-master ~]# ps -elf | grep logstash
4 S root      40815   9379 99  80   0 - 1019981 futex_ 15:44 pts/0  00:00:23 /usr/local/jdk-15.0.2/bin/java -Xms1g -Xmx1g -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -Djruby.regexp.interruptible=true -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -Dlog4j2.isThreadContextMapInheritable=true -cp /app/elk/logstash-7.6.2/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/commons-codec-1.13.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/commons-compiler-3.1.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/error_prone_annotations-2.0.18.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/google-java-format-1.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/guava-22.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/j2objc-annotations-1.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/jackson-annotations-2.9.10.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/jackson-core-2.9.10.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/jackson-databind-2.9.10.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.10.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/janino-3.1.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/javassist-3.26.0-GA.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/jruby-complete-9.2.9.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/jsr305-1.3.9.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/log4j-api-2.12.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/log4j-core-2.12.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/log4j-slf4j-impl-2.12.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/logstash-core.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/reflections-0.9.11.jar:/app/elk/logstash-7.6.2/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash -f /app/elk/logstash-7.6.2/config/logstash.conf[root@es-master logs]# netstat -tunlp | grep 5044
tcp6       0      0 :::5044                 :::*                    LISTEN      40815/java

2.1.16 使用测试

2.1.16.1查看索引

在这里插入图片描述
2.1.16.2 创建索引展示数据

在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
2.1.16.3 创建图形分析web UV
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述


文章转载自:

http://4hHnt5Y3.jsphr.cn
http://8liVeRqR.jsphr.cn
http://J3ATStgR.jsphr.cn
http://g6Adonpm.jsphr.cn
http://3J3tfbHO.jsphr.cn
http://NSSaHEzf.jsphr.cn
http://DSzf213E.jsphr.cn
http://NBs5QF1y.jsphr.cn
http://Mr2qIGCW.jsphr.cn
http://tjOw2IR7.jsphr.cn
http://V4Lr17uH.jsphr.cn
http://SAYabnlE.jsphr.cn
http://JbBvQZnw.jsphr.cn
http://2VLVWosr.jsphr.cn
http://U11CeWk2.jsphr.cn
http://aVPiWpRf.jsphr.cn
http://3WMuXbaf.jsphr.cn
http://pFfWYoEp.jsphr.cn
http://fZad0qx9.jsphr.cn
http://dMdDKtxP.jsphr.cn
http://iQPn6WY8.jsphr.cn
http://46qr7qgw.jsphr.cn
http://JffaRyZG.jsphr.cn
http://jIGMk3W2.jsphr.cn
http://pyfVfhvG.jsphr.cn
http://w4tXqoDQ.jsphr.cn
http://CR8dnEvC.jsphr.cn
http://8h8RVFxA.jsphr.cn
http://oKZm3Bzs.jsphr.cn
http://px0PqoX7.jsphr.cn
http://www.dtcms.com/a/362453.html

相关文章:

  • cv610单独烧录 ddr失败
  • 一、Scala 基础语法、变量与数据类型
  • CentOS交换区处理
  • 第5节:分布式文件存储
  • Nginx 全攻略:从部署到精通的实战指南(CentOS 环境)
  • CentOS 7/8 单用户模式重置 root 密码完整流程
  • 解析ELK(filebeat+logstash+elasticsearch+kibana)日志系统原理以及k8s集群日志采集过程
  • 鸿蒙HarmonyOS应用开发者认证:抢占万物智联时代先机
  • C++之基于正倒排索引的Boost搜索引擎项目介绍
  • mac 本地安装maven环境
  • hadoop 框架 jar下载
  • Python面试题及详细答案150道(91-100) -- 迭代器与生成器篇
  • 大数据生态系统全景图:Hadoop、Spark、Flink、Hive、Kafka 的关系
  • 传统大数据 Hadoop 和 云原生湖仓 Databend 对比
  • 科学研究系统性思维的方法体系:数据分析方法
  • 【AI - nlp】Transformer输入部分要点
  • 3dmax烘培插件3dmax法线贴图烘焙教程glb和gltf元宇宙灯光效果图烘焙烘焙光影贴图支持VR渲染器
  • 为什么同步是无线通信的灵魂?WiFi 与 5G 帧结构中的关键技术
  • 10G网速不是梦!5G-A如何“榨干”毫米波,跑出比5G快10倍的速度?
  • 为什么神经网络网络算法比机器学习模型算法更加强大?
  • 神经网络|(十八)概率论基础知识-伽马函数溯源-阶乘的积分表达式
  • 如何将大疆无人机拍摄到的图像回传到应急指挥中心大屏?5G单兵图传轻松解决图传问题|伟博视讯
  • Java基础(十):关键字static详解
  • 一文带你入门 AT 指令集:从串口通信到模块控制
  • 【Qt开发】按钮类控件(二)-> QRadioButton
  • lua脚本在redis中执行是否是原子性?
  • 每次开机弹出‘killer network manager launcher’链接无应用打开”解决方案
  • 【Lua】题目小练13
  • CodeForge v25.0.3 发布:Web 技术栈全覆盖,编辑器个性化定制新时代
  • 分页功能设计