Construction of Elk platform under Windows environment

. background

Logs primarily include system logs, application logs, and security logs. System operations and developers can use the log to understand the server hardware and software information, check the configuration process errors and the cause of the error occurred. Frequently analyze logs to understand the load of the server, performance security, so as to take timely measures to correct errors.

Typically, the logs are stored on different devices that are scattered. If you need to manage hundreds of dozens of of servers, it is cumbersome and inefficient to log on to each machine in the traditional way. It is imperative to use centralized log management, the open source real-time log analysis Elk platform can perfectly solve the above mentioned problems.

2. Tools

Elk consists of three open source tools, Elasticsearch (ES), Logstash, and Kiabana.

ES is an open source distributed search engine, it features: distributed, 0 configuration, automatic discovery, Index auto-shard, index copy mechanism, RESTful style interface, multi-data source, automatic search load and so on.

Logstash is a fully open source tool that collects, analyzes, and stores logs for later use.

Kibana is also an open source and free tool that Kibana can provide for Logstash and es with a friendly web interface for log analysis, which helps you summarize, analyze, and search for important data logs.

The latest version of the tool installation package can be downloaded at Elk official website https://www.elastic.co/, and the Windows environment is selected for download with the suffix zip format. If the download speed is slow or the download stops, you can use the VPN agent download or the cloud server download.

3. Installation Environment

The Elk platform was built under Windows 10, and the environment under Linux was basically similar to that under Windows, no longer described.

4. Installation Process

4.1 Installing the configuration Java environment

Get the latest version of the Java version on the Oracle website, so you can download only the JRE because it's not a development. Official website: http://www.oracle.com/

The installation process is simple and running the executable file is the next step. After the installation is complete, configure Java_home and Jre_home as shown in:

Run the java-version command in the CMD command window if the actual results below indicate that the installation was successful:

4.2 Installing Elk

Because the Logstash service relies on the ES service, the Kibana service relies on Logstash and ES, so Elk's service boot order is: Es->logstash->kibana, in order to match the service boot order, our installation order and boot order remain the same.

Extract three compressed packages into the same directory, the absolute path of the directory is best not to appear in Chinese characters and spaces. If (unzip to the Elk directory of the D drive):

4.3 Installing the ES service

CMD into the bin directory of the Elasticsearch, run the service install, install the ES service, such as:

Run Service Manager, manage configuration es, and click Start to start services such as:

If startup is unsuccessful, check that the following configuration is correct.

At this point, the ES Service installation configuration is basically complete.

Open the browser, enter Http://localhost:9200/, if the following results, the installation is successful, the service started:

Install the head plugin, and in the bin directory, run plugin install Mobz/elasticsearch-head. After the installation is complete, enter: http://localhost:9200/_plugin/head/in the browser, a result similar to the following, indicating that the plug-in installation is successful:

4.4 Installing the Logstash service

In the bin directory of the Logstash folder, create a new logstash.conf configuration file, as follows, the specific parameters can be customized:

Create a new Logstash startup batch file in the Bin directory Run.bat

The contents are as follows:

Install Logstash to Windows services: Download the NSSM package from the NSSM official website, extract the Nssm.exe from the compressed package according to whether the operating system is 32-bit or 64-bit, copy to Logstash bin directory, run NSSM install in cmd Logstash, the installation screen appears and fill in the appropriate content:

In the dependency inside according to fill in the following content (note: Java is the 32-bit suffix is x86,64 bit is x64):

The reason for adding dependencies is that the output of Logstash is configured with Elasticsearch and Logstash does not work if Elasticsearch is not started.

Finally, click the Install Service button to perform the installation process.

4.5 Installing the Kibana service

To install the Kibana service and Logstash service steps, copy the NSSM to the Kibana bin directory, run NSSM install Kibana in cmd, and fill in the following:

Dependencies are configured as follows:

Finally, click the Install Service button to perform the installation process.

5. Start the service

Run services.msc in cmd to open the Windows service and start the following services in turn:

Elasticsearch

Logstash

Kibana

Enter in the browser: http://localhost:5601/, if the following interface appears, indicating that the service started successfully:

Click the "Create" button, then click Discover

At this point, all services are installed, the platform is completed, the subsequent cluster deployment needs to be detailed in the configuration files of the elk, and the various problems and solutions that arise during the installation configuration will be explained in detail later. If in doubt: please email to [email protected], welcome to communicate

Construction of Elk platform under Windows environment