ELK安裝

前置作業

• 透過VPN連入server(192.168.2.32)
• 然後去192.168.2.191/info 查看ip相關資料
• 新建VM(時區跟網路記得調)
• 自己的ccomputer安裝mobaxterm(遠端工具)
• 以下是一些東西的安裝

  yum update
  yum install java-11-openjdk-devel
  yum install wget
  yum install vim
  

Elasticsearch

安裝

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.12.0-x86_64.rpm
rpm -ivh elasticsearch-7.2.1-x86_64.rpm 
vim /etc/elasticsearch/elasticsearch.yml
node.name: node-1
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["node-1"]

後續

• 透過curl ip:9200去判斷是否存取成果

Kibana

安裝

wget https://artifacts.elastic.co/downloads/kibana/kibana-7.7.0-x86_64.rpm
rpm -ivh kibana-7.7.0-x86_64.rpm
vim /etc/kibana/kibana.yml
server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://192.168.2.156:9200"]
systemctl start kibana.service

後續

• 透過 瀏覽器去看是否可成功打開

Logstash

安裝

wget https://artifacts.elastic.co/downloads/logstash/logstash-7.7.0.rpm
rpm -ivh logstash-7.7.0.rpm
systemctl start logstash
systemctl status logstash
vim /etc/logstash/logstash.yml
config.reload.automatic: true
config.reload.interval: 3s
systemctl reload logstash
)

後續

• 程式在/usr/sare/logstash/bin/
• logstash會自動讀取/etc/logstash/conf.d裡面的conf
• 可以使用/usr/share/logstash/bin/logstash -f 執行某個conf
• 一個簡單的conf 可以用來測試 ELK是否建置成功

  input{stdin{}}
  filter {
        grok{
                match => [
                        "message" , "\s+(<request_time>\d+(?:\.\d+)?)\s+"
                        ]
        }
  }
  output{
  stdout{}
  elasticsearch{
        hosts => ["192.168.2.156:9200"]
        index => "test-%{+YYYY.MM.dd}"
  }
  }
  

• linux