ubuntu under Deployment Elk
1. Install Ubun
Office computer, only one, but the configuration is also available, 16g memory, so directly to get a virtual machine, the system installed in the virtual machine.
Download can be a VMware, in order not to affect other people's internet speed, from colleagues to copy Ubuntu (Ubuntu version is based on the release time, not the kind of graphic interface), began to install, allocating CPU, memory, hard disk, all the way down, the system automatically installed.
After the system restarts, it is a character screen directly, enter the username and password. It's not customary to enter a password without a placeholder. After the login completed, according to the official website documents, try some basic commands: mkdir, sudo and so on.
2. System plug-in installation
When the system is installed, you want to deploy a elk to practice practicing. OK, open the dry, in the window Download Elk installation package, quickly downloaded well, and then I was blindfolded, WTF, how I put the software into Ubuntu ah ...
for the sake of Niang, you can use Xshell to the whole up. Download Xshell, this is not very small, quickly downloaded well. The installation is complete, a new reply interface pops up, and you need to enter Ubuntu's IP and port.
Enter commands in Ubuntu: IP addr, you can see the IP and port of the virtual machine, take the IP and port, and create a new link in Xshell. Input complete, click Connect, incredibly link not on, well, consulted the next Yun-dimensional buddies. He checked the next ip,ip is correct, guess the SSH service did not start, so, run the command netstat-ntpl, the result is not recorded. Determined that the service did not start up. Then run the command to start the service: Server ssh restart. Discovery Service not installed, continue to run command: Apt-get install Openssh-server. The system begins to download SSH automatically. But that download speed Ah, than Flash man is still slow, a few KB of downloads. The
waited half an hour and finally downloaded it. The service automatically installs after the download is complete. Then continue to run the command: NETSTAT-NTPL to see if the service is turned on. Finally, there's content.
Now that the service is started, go to the Xshell and start the connection. This time, the Xshell is connected to the port I wrote before 24 port, or not connected, after groping, the original Xshell by default is 22 port.
Change to 22 port, Connection established. Eject the Login interface
and then enter Ubuntu username, click OK, and then enter the corresponding password. Good, through the Xshell into Ubuntu. After the command operation, did not make a special note, are in the Xshell operation. 3. Replace the resource
Before downloading software, slow like shit, see the record, directly connected to the extranet in the download, too slow, Yun-Wei brother told me can switch source. Find a blog, the blog has domestic address source. Copy of the source of Tsinghua University. Enter command to switch to Administrator: Sudo-i, this prompts for a password, enter the password of the previously logged-on user (System created the first user, with sudo permissions).
Enter system Resource Address profile: Vim/etc/apt/sources.list. The prompt command does not exist, I rub, the rule is really many ..., did not install VIM, OK, input command installs Vim:apt-get install VIM.
After the installation is complete, enter the system resources list: Vi/etc/apt/sources.list, in which the previously replicated resource address is copied in, and then saved to exit (: WQ): English colon, followed by Wq and then enter. The resource configuration has been OK, and these resources are refreshed in memory: Apt-get update. 4. upload elk to ubuntu
Drag the Elk installation package directly to the Xshell window. And then the automatic transmission, the speed is quite fast. It was soon over. And then off work (_).
The next morning to deal with the company related things, the whole until 11:40 to complete. And then go on with what happened yesterday.
Is thinking about where the file to go, a look at the interface, there is a hint, temp (actually upload the current directory), OK, to the temp see: cd/tmp/. The file is impressively in the column.
Ok, the file has been successfully uploaded to Ubuntu. November 18, 2016 . 5. upload jdk to Ubuntu
Elk is java-based, so you'll also need to install the JDK. To the website download a jdk:jdk-8u111-linux-x64.gz, the JDK uploaded to Ubuntu, with the previous experience, here is not detailed, directly dragged in, 10Mb transmission speed, just 6. Installing JDK
1 Create a JDK installation directory: sudo MKDIR/USR/LIB/JVM
2 Extract the downloaded JDK to the installation directory: Tar xvzf jdk-8u91-linux-x64.tar.gz-c/usr/lib/jvm/. Just start with their own account execution, prompted no permissions, and then replaced by root permissions: Sudo-i, and then in the implementation of decompression, successfully completed.
3 Configure Environment variables
Enter profile: Vim ~/.BASHRC, append content at the end of the document
Export java_home=/usr/lib/jvm/jdk1.8.0_111
export JRE_HOME=${JAVA_HOME}/JRE
export Classpath=.:${java_ Home}/lib:${jre_home}/lib
export Path=${java_home}/bin: $PATH
Then press ESC, enter: Wq, save exit.
4 Refresh the environment variable to the cache
After the environment variable is written, the variable is refreshed to the system cache: Source ~/.BASHRC, then executes Java-version and Java, with corresponding data returns.
environment variable configuration complete. 7. Install Logstash
Mkdir/usr/lib/logstash, decompression logstash
Input command: Tar xvzf logstash-2.3.2.tar.gz-c/usr/lib/logstash/, actually prompts the wrong command, WFK, How could I have just entered it. Then asked degrees Niang, degrees Niang said which-C should be uppercase, not lowercase (!). Repair command tar xvzf logstash-2.3.2.tar.gz-c/usr/lib/logstash/. Decompression complete.
3) Create a Logstash configuration file
What is the command? I did not find a lap Baidu. Only say there is vim or VI, OK Direct try: Vim logstash.conf. The
asked a colleague to use the Touch command. Also asked Vim, Cat command: Vim View and edit files, cat view files, touch to create a file. If you need to create a file, and then edit it immediately, you can use VIM, save it in edit, and save it to the current directory.
so I decided to use Vim:vim logstash.conf. Enter the editing interface, and then enter the content
and then save the exit: Press ESC, and then enter: Wq.
Dir, sure enough, in the
Ok, now input, output configuration is empty, start under to see what effect. 8. start Logstash
Enter command:./bin/logstash-f logstash.conf. (-f is the specified configuration file), prompting for a successful start
Since we did not specify any content (logstash.conf) for input and output before, there is no input or output effect. Now we modify the logstash.conf so that we can see the input and output effects.
Input command: Vim logstash.conf, repaired as follows:
Press ESC, enter: Wq save exit.
Then start Logstash, and enter the command:./bin/logstash-f logstash.conf. At this point, the interface should wait for input status
Any input will be output at this time.
At this time the format is not good-looking, change the output format: Press CTRL + C exit Edit
This time pipeline has not stopped, then press CTRL + C to stop
Edit logstash.conf, enter command: Vim logstash.conf. Enter whatever you want, enter the edit status, and type in the contents
Press ESC, ENTER:: Wq save exit
Start Logstash here, and enter the command:./bin/logstash-f logstash.conf
If the profile is wrong, you will be prompted with the following information
After the boot is successful, enter test and a nice output format for the junk
9. Install Elasticsearch
Extract the file to User/lib/elastic-search:
Modify the elasticsearch configuration file
Input command: Vim config/elasticsearch.yml. start Elasticsearch .
Enter the command:./bin/elasticsearch-d #-d for background startup, found startup unsuccessful
Well, look at what the log says. Press CTRL + C exit, enter the command: CD logs, view log, do not see what specific, Baidu, there may be no configuration port and host,
Open profile: Vim config/elasticsearch.yml
Host and Port are commented, OK, uncomment the
to save the exit.
Restart, find or error
in this Baidu, get the following results
OK, I switch to my own user: Su your username
again execute start command, and then burst other error
no permissions. Baidu, I this user has sudo permissions, there are two scenarios:
1, the installation directory of Elasticsearch and its subdirectories to another non-root account (existing account), command as follows
Sudo chown-r guest elasticsearch-2.4.0
sudo chgrp-r guest elasticsearch-2.4.0
2, create an account specifically for ES, and then switch the folder to the newly created user, and then start with this user. The
Create user groups and user commands are as follows
Groupadd elsearch
useradd elsearch-g elsearch-p elasticsearch
When setting permissions, you need to switch to root.
Account is created, change the Elasticsearch folder and internal files to the user and group of elsearch:elsearch
Input command:
Chown-r elasticsarch:elasticsearch/ USR/LIB/ELASTIC-SEARCH/ELASTICSEARCH-2.3.2/
Switch to elastic user
Start with Elasticsearch user
12. Verify Elasticsearch startup status
Enter the URL in the browser http://localhost:9200/, the result is not successful start.
Then do not know what the reason, Baidu, in the boot, not in the background to start, in order to see the startup log.
Restart the Elasticsearch:./bin/elasticsearch. (Note that no plus-D is not started in the background)
From this figure, you can see, actually is started, the startup address also shows, this time, then visit 127.0.0.1:9200 and 127.0.0.1:9300 can not access.
To ELASTICSEARCH.YML read the following configuration instructions, here is configured with the ES of the server IP, does not match the default for this machine. Then verify the IP and corresponding port on the other computer input ES on the computer
Modify the configuration file and modify it to the IP of the virtual machine
Then save the exit and restart, and then enter the URL on the other computer, and you will have the following information
Installing Elasticsearch plug-ins
There's not much to look at, like an index or anything, and you need to install a plugin (head).
There are two installation methods: first, use install direct installation, second, directly download the plugin, and then copied to the ES specified directory. The first method is used here.
Now switch the current directory to the ES root: cd/usr/lib/elastic-search/elasticsearch-2.3.2/, and then enter the command:./bin/plugin Install mobz/ Elasticsearch-head, you will see that you are downloading and installing automatically
Then the other computer on the browser to enter the http://192.168.71.129:9200/_plugin/head/can be viewed
test Elasticsearch and Logstash connections
Modify the logstash.conf so that input is output to both the screen and ES
Input command: Vim logstash.conf, when the change is complete save, prompt readonly
Baidu, the use of wq! and set noreadonly, as well as rm/var/temp/logstash.conf.*, are still unable to save, and then think of the next will not be occupied by other programs, use the command: Ps-fe|grep logstash.conf, found only (--color =auto logstash.conf) This occupancy, supposedly this should be the system to set the font color, will not lock the file; OK, let's see if this file has read and write (rw) permissions, use the command: Ls-ld logstash.conf, the results are as follows,
It seems that only Root has permission. OK, switch to root, then edit, save successfully. Then switch to my own username and continue to boot.
After starting, and then the console casually input what, theoretically should be in the console and ES output just entered the content, the result, reported a series of errors,
Look at the error message, should be ES did not start, switch to Elasticsearch user, start es, and then switch to their own users, and then start Logstash, or the error of the paper, I entered in the browser http://192.168.71.129:9200/, Normal Access, ES is started, it can only be es (is 192.168.71.129) IP configuration and logstash.conf (is localhost) in the configuration of the inconsistent, change to try the same. Change the same, start again. Start successfully, and successfully print out input in console and ES
Install Kibana
1) Create the installation directory
Mkdir/usr/lib/kibana
2) Decompression Kibana
Enter TMP folder: cd/tmp
Unzip the file and enter the command: Tar xvzf l kibana-4.5.0-linux-x64.tar.gz-c/usr/lib/kibana/ 16. Start Kibana
Enter command:./bin/kibana. Error, prompt does not have permission
I rub and continue to give me this permission to assign permissions and start
Hint does not establish a connection with ES, should be kibana configured incorrectly, view and modify Kibana configuration: Vim config/kinana.yml.
Save exit, start Kibana.
and access in the browser, open up is started successfully
There is a hint that this is a hint to connect to the ES, because es I haven't started,
Elk Series Verification
1 Start Elasticsearch (skip if already started)
2 Start Logstash (skip if already started)
3 Start Kibana (skip if already started)
Validating in Browser
Deployment successful