Elasticsearch Kibana Logstash (ELK) installation integrated Application

Official website about Kibana's Learning Guide website is: https://www.elastic.co/guide/en/kibana/current/index.html

Kibana is an open source analytics and visualization platform designed for Elasticsearch. Use Kibana to search, view, and interact with data stored in the Elasticsearch index. You can easily perform advanced data analysis and visualize data across a variety of charts, tables, and maps.

Kibana makes it easy to understand large amounts of data. Its simple, browser-based interface enables you to quickly create and share dynamic dashboards that display changes to Elasticsearch queries in real time.

The installation of Kibana relies on elasticsearch, so it needs to be installed first,

RPM-IVH elasticsearch-6.4.1.rpm

Then check the status and installation conditions

Modifying a configuration file

In a Linux environment, Elasticsearch is not allowed to run with root privileges! So you need to create a non-root user to start ES as a non-root user

The RPM installation package is located under usr/share/elasticsearch/and should be licensed as follows

Just start to visit or not, and then a mess, and feel nothing to add anything, finally suddenly refreshed, OK, first use, back to tidy up

Then check the run status on the test user

Then in the test user up to stop the service testing outside the network connection, there is a burst of red, but all normal

Then stop the test user's service, cut back to root to open the service, again try the external network connection, after several refreshes, is OK, indicating that this version does not need to start the service through the user can also, just connect the virtual machine when the network is poor, so, more refresh several times.

External network access:

Conclusion: This version does not need to start the service through the user can also, just connect the virtual machine when the network is poor, so, more refresh several times.

Kibana installation (installation requires Elasticsearch support, so install Elasticsearch first)

We install directly according to the official website, using the RPM method, simple and direct, https://www.elastic.co/guide/en/kibana/current/rpm.html

After download, install, start, stop etc.

Start, direct input URL 192.168.135.129:5601 can not access, shut down the firewall is not, need to set up/etc/kibana/kibana.yml. Let's release some configuration and modify some configurations as follows

Then landing outside the network, more refresh several times, the main network of Bo slow, enter the URL http://192.168.135.129:5601

Ok!

Final installation Logstash

Creating a configuration file

The content format has the following main input, filter and output three parts:

1 Input {2 3 stdin {}4 }5 6 Filter {7 8 Grok {9 Ten Patterns_dir = ["/home/keepgostudio/download/logstash-5.2.0/patterns"] One  A Match + = { -  - "Message" = ["%{params_apachelog}", "%{no_params_apachelog}"] the  -         } -  - Remove_field = ["Host", "timestamp", "httpversion", "@version"] +  -     } +  A  at KV { -  - Source = "params" -  - field_split = "&?" -  in     } -  to  + GeoIP { -  the Source = "IP" *  $ Fields = ["Country_name", "Region_name", "City_name", "latitude", "longitude"]Panax Notoginseng  - target = "Location" the } +  A Output { the  + Elasticsearch { -  $ hosts = ["192.168.135.129:9200"] $        - index = "Logstash-test-%{type}-%{host}" -          the     } - Wuyi  the}

View Code

Run

Configuration file used at runtime: input {stdin {}}} output {stdout {}}

=========================================================== Split Line ================================================= =========================

Install and summarize in a tar package

One, rely on jdk8, download installation not much

Two, respectively download Elasticsearch,logstash,kibana related tar package, direct copy address wget way download directly convenient, no wget command need to yum-y install wget first, For example (right-click the link on the TAR package for the network resource)

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.1.tar.gz

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.4.1-linux-x86_64.tar.gz

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.4.1.tar.gz

Third, first install Elasticsearch, directly decompression tar can, the other two like, decompression can be used, very simple.

Unzip Command TAR-ZXVF TAR package name

Modify the configuration file port number and address

Directly in the unpacking bin Root run will error, and then according to the online creation test user group, and test users, and then authorized, in operation, but also various error, probably memory does not what, refer to the online troubleshooting,

56840941

82262651

80367907

The final configuration is as follows:

Vi/etc/security/limits.conf

/etc/sysctl.conf

Then execute sysctl-p

Restart Elasticsearch under the user

Last Run succeeded

Open another endpoint verification

Firewall off, external network authentication, ok!

Four, after decompression Kibana after modifying the configured ports, address and Elasticsearch addresses

Run/bin/kibana directly

Five, decompression Logstash

Create a conf file in the Bin directory

The file for the sample is as follows:

Start:./logstash-f after logstash.conf

Elasticsearch Kibana Logstash (ELK) installation integrated Application