linux环境搭建elk和efk系统
1 下载解压elasticsearch
tar -zxvf elasticsearch-7.6.1-linux-x86_64.tar.gz
2)修改config/elasticsearch.yml
vim config/elasticsearch.yml
cluster.name: my-application #集群名称
node.name: node-1 #节点名称
#数据和日志的存储目录
path.data: /var/yoocar/software/elasticsearch-7.6.1/data
path.logs: /var/yoocar/software/elasticsearch-7.6.1/logs
#设置绑定的ip,设置为0.0.0.0以后就可以让任何计算机节点访问到了
network.host: 0.0.0.0
http.port: 9200 #端口
#设置在集群中的所有节点名称,这个节点名称就是之前所修改的,当然你也可以采用默认的也行,目前是单机,放入一个节点即可
cluster.initial_master_nodes: ["node-1"]
(3)准备启动es 进入/bin目录执行命令:
./elasticsearch
(4)elasticsearch使用java的jvm默认是使用1G的内存的,这里我们修改一下内存,直接把内存改到200m
cd 到es目录修改 ./config/jvm.options: vim ./config/jvm.options
修改该内容:
再次启动出现如下错误:
这是不能使用root用户操作,添加一个其他的用户再试试
adduser es passwd es
改一下es目录所属用户: chown es /var/yoocar/software/elasticsearch-7.6.1/ -R
vim 编辑 /etc/security/limits.conf,在末尾加上
es soft nofile 65536 es hard nofile 65536 es soft nproc 4096 es hard nproc 4096
vim 编辑 vim /etc/security/limits.d/20-nproc.conf,将* 改为用户名(es):
vim 编辑 /etc/sysctl.conf,在末尾加上:
vm.max_map_count = 655360
sysctl -p
登录刚才新建的es用户,并启动elasticsearch,OK
测试是否安装成功 : curl 'http://127.0.0.1:9200/?pretty'
客户端连接:ip:9200
表示安装成功
后台启动:./bin/elasticsearch -d
查看进程
ps -ef|grep elasticsearch
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.6.1-linux-x86_64.tar.gz tar -zxvf kibana-7.6.1-linux-x86_64.tar.gz
修改kibana配置文件kibana.yml
vim config/kibana.yml # 放开注释,将默认配置改成如下: server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: ["http://192.168.220.101:9201","http://192.168.220.101:9202","http://192.168.220.101:9203"] server.name: "kib-server" #随意 i18n.locale: "zh-CN" #汉化
启动kibana
./kibana --allow-root
#后台启动 ./kibana --allow-root &
如何查看kibana的进程id
kibana 是 5601 对外的 tcp 端口。
所以 使用 netstat -tunlp|grep 5601 就可以查到kibana的进程id 。
访问kibana
ip:5601
logstash
1 修改jvm内存大小 vim config/jvm.options
2 自定义logstash.conf 配置文件 vim my-logstash.conf
input { file { type => "log" path => ["/apps/svr/server/*/log.file"] start_position => "end" ignore_older => 0 codec=> multiline { pattern => "^\d{4}-\d{1,2}-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2}" negate => true auto_flush_interval => 5 what => "previous" } } beats { port => 5044 } } output { if [type] == "log" { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "logstash-%{+YYYY.MM}" #user => es #password => lxd123@es } } }
3启动logstash ./bin/logstash -f my-logstash.conf
表示启动成功
filebeat
解压filebeat后修改 filebeatbak.yml
filebeat.inputs: - type: log enabled: true paths: - /var/yoocar/software/elasticsearch-7.6.1/logs/gc.log.0.current multiline: pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}' negate: true match: after max_lines: 1000 timeout: 3s output.elasticsearch: hosts: ["106.14.69.185:9200"] index: "log-%{+yyyy.MM}" setup.template.name: "filebeat" setup.template.pattern: "filebeat-*"
启动filebeat ./filebeat -e -c filebeat.yml
springboot集成elk
1 修改 logstash中 my-logstash.conf(自定义配置类)
input { file { type => "log" path => ["/var/yoocar/software/elasticsearch-7.6.1/logs/gc.log.0.current"] start_position => "end" ignore_older => 0 codec=> multiline { pattern => "^\d{4}-\d{1,2}-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2}" negate => true auto_flush_interval => 5 what => "previous" } } beats { port => 5044 } } input { tcp { type => "log1" mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines } } output { if [type] == "log" { elasticsearch { hosts => ["106.14.69.185:9200"] index => "logstash-%{+YYYY.MM}" #user => es #password => lxd123@es } } } output { if [type] == "log1" { elasticsearch { hosts => ["106.14.69.185:9200"] index => "logstash0001-%{+YYYY.MM}" #user => es #password => lxd123@es } } }
备注: type =log1为集成springboot的配置,input为日志收集来源,output为将日志输出到的位置
2 . 在springboot项目中添加依赖
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.4</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-access</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>5.1</version>
</dependency>
2 .在resource下添加logback.xml文件
<?xml version="1.0" encoding="UTF-8"?> <configuration debug="false" scan="true" scanPeriod="1 seconds"> <include resource="org/springframework/boot/logging/logback/base.xml" /> <contextName>logback</contextName> <appender name="stash" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> <destination>106.14.69.185:4560</destination> <!-- encoder必须配置,有多种可选 --> <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" /> </appender> <root level="info"> <appender-ref ref="stash" /> </root> </configuration>
3测试类controller层添加
@GetMapping("/test")
public void test(){
log.debug("message0");
log.info("message1");
logger.info("====================helloword=====================");
logger.error("======================error=============================");
}
@GetMapping("/test1") public void test1(){ log.debug("message0"); log.info("message1"); int a =1/0; logger.info("====================helloword====================="); logger.error("======================error============================="); }
4 请求controller中test和test,查看Kibana控制台
浙公网安备 33010602011771号