Test installation in the latest ELK Stack version

Test installation in the latest ELK Stack version
Let's talk a little bit about it.
First view version
Filebeat1.0.0-rc2 logstash2.0.0-1 elasticsearch2.0.0 kibana4.2

So much content can be summarized as follows:
Glossary

Elasticsearch storage Index
Kibana UI
Kibana dashboard visual mind chart
Logstash Input Beats plugin collects events
Elasticsearch output plugin sends transactions
Filebeat log data shipper
Topbeat lightweight server monitoring
Packetbeat Online Network Packet Analysis




Architecture




1. Client installation


Filebeat Architecture




Https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html#filebeat-installation


Install filebeat on the nginx log Client


Install filebeat
Curl-L-O https://download.elastic.co/beats/filebeat/filebeat-1.0.0-rc2-x86_64.rpm
Rpm-vi filebeat-1.0.0-rc2-x86_64.rpm
Configure filebeat
/Etc/filebeat. yml


Filebeat configuration:
Filebeat:
Prospectors:
-
Paths:
-"/Var/log/*. log"
Fields:
Type: syslog
Output:
Elasticsearch:
Enabled: true
Hosts: ["http: // localhost: 5043"]


Start filebeat


[Root @ backup01 filebeat] # curl-XPUT 'HTTP: // 192.168.0.58: 9200/_ template/filebeat? Pretty '-d @/etc/filebeat. template. json
{
"Acknowledged": true
}




Topbeat
Https://www.elastic.co/guide/en/beats/topbeat/current/topbeat-getting-started.html


Curl-L-O https://download.elastic.co/beats/topbeat/topbeat-1.0.0-rc2-x86_64.rpm
Rpm-vih topbeat-1.0.0-rc2-x86_64.rpm


Packetbeat
Https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-getting-started.html
Yum install libpcap
Curl-L-O https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-rc2-x86_64.rpm
Rpm-vi packetbeat-1.0.0-rc2-x86_64.rpm




2. Server Installation


Install elk
Https://www.elastic.co/guide/en/beats/libbeat/1.0.0-rc2/getting-started.html#logstash-setup


It can analyze logs, monitor server status, and analyze network packets such as http protocol.


Install elasticearch


Yum install java-1.7.0-openjdk
Curl-L-O https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-2.0.0.rpm
Rpm-ivh elasticsearch-2.0.0.rpm


Configure startup
Cat/etc/elasticsearch. yml | grep-Ev "^ $ | ^ #"
Path. data:/data
Path. logs:/data/elklogs
Network. host: 192.168.0.58


Chmod elasticsearch: elasticsearch/data/elasticsearch/-R
Chmod elasticsearch: elasticsearch/data/elklogs/-R


Service elasticsearch start




Test elasticearch
[Root @ localhost ~] # Curl http: // 127.0.0.1: 9200
{
"Name": "Redwing ",
"Cluster_name": "elasticsearch ",
"Version ":{
"Number": "2.0.0 ",
"Build_hash": "de54438d6af8f9340d50c5c786151783ce7d6be5 ",
"Build_timestamp": "2015-10-22T08: 09: 48Z ",
"Build_snapshot": false,
"Inclue_version": "5.2.1"
},
"Tagline": "You Know, for Search"
}




Logstash installation (102.131)


Curl-L-O https://download.elastic.co/logstash/logstash/packages/centos/logstash-2.0.0-1.noarch.rpm
Rpm-ivh logstash-2.0.0-1.noarch.rpm




Logstash Configuration
Cat nginxconf. json
Input {
Beats {
Port = & gt; 5044
}
}


Output {
Elasticsearch {
Hosts => "192.168.0.58: 9200"
Sniffing => true
Manage_template => false
Index => "% {[@ metadata] [beat]}-% {+ YYYY. MM. dd }"
Document_type => "% {[@ metadata] [type]}"
}
}




Install kibana


Curl-L-O https://download.elastic.co/kibana/kibana/kibana-4.2.0-linux-x64.tar.gz
Tar xzvf kibana-4.2.0-linux-x64.tar.gz
Cd kibana-4.2.0-linux-x64/
./Bin/kibana


Modify kibana. yml to set the port number, elaticsearch
Music kibana-4.2.0-linux-x64/var/kibana
Nohup/var/kibana/bin/kibana-e http: /// 192.168.0.58: 9200 &


Log [13:14:14. 588] [info] [status] [plugin: kibana] Status changed from uninitialized to green-Ready
Log [13:14:14. 617] [info] [status] [plugin: elasticsearch] Status changed from uninitialized to yellow-Waiting for Elasticsearch
Log [13:14:14. 630] [info] [status] [plugin: kbn_vislib_vis_types] Status changed from uninitialized to green-Ready
Log [13:14:14. 639] [info] [status] [plugin: markdown_vis] Status changed from uninitialized to green-Ready
Log [13:14:14. 646] [info] [status] [plugin: metric_vis] Status changed from uninitialized to green-Ready
Log [13:14:14. 655] [info] [status] [plugin: spyModes] Status changed from uninitialized to green-Ready
Log [13:14:14. 658] [info] [status] [plugin: statusPage] Status changed from uninitialized to green-Ready
Log [13:14:14. 661] [info] [status] [plugin: elasticsearch] Status changed from yellow to green-Kibana index ready
Log [13:14:14. 663] [info] [status] [plugin: table_vis] Status changed from uninitialized to green-Ready
Log [13:14:14. 675] [info] [listening] Server running at http: // 0.0.0.0: 5601




Kibana dashboard Loading
Curl-L-O http://download.elastic.co/beats/dashboards/beats-dashboards-1.0.0-rc2.tar.gz
Tar xzvf beats-dashboards-1.0.0-rc2.tar.gz
Cd beats-dashboards-1.0.0-rc2/
./Load. sh


./Load. sh http: // 192.168.0.58: 9200
Curl
Loading search Cache-transactions:
{"_ Index ":". kibana "," _ type ":" search "," _ id ":" Cache-transactions "," _ version ": 1," _ shards ": {" total ": 2, "successful": 1, "failed": 0}, "created": true}
Loading search DB-transactions:
{"_ Index ":". kibana "," _ type ":" search "," _ id ":" DB-transactions "," _ version ": 1," _ shards ": {" total ": 2, "successful": 1, "failed": 0}, "created": true}


The command for testing the index is as follows:
Curl 192.168.0.58: 9200/_ cat/indices
Yellow open. kibana 1 1 93 0 69kb 69kb
Yellow open filebeat-2015.11.18 5 1 4109 0 2.9 mb 2.9 mb
For detailed configuration, refer to configuration
Http://blog.chinaunix.net/uid-25057421-id-5576272.html