Elasticsearch - install kibana and logstash

Download the installation package first. You also need to install jdk and logstash.

[root@node6 ~]#wget
[root@node6 ~]#wget

Install jdk and logstash

[root@node6 ~]#yum -y install logstash-6.4.3.rpm jdk-8u191-linux-x64.rpm

Check whether the logstash is normal, as long as the help information can be displayed normally.

[root@node7 ~]#/usr/share/logstash/bin/logstash --help
     -n  Specifies the name of the current node
     -f  Specify the path to the profile
     -e  Standard input mode to configure
     -t  Test syntax

Test logstash

[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}} output {stdout{}}'
# See the last sentence to indicate that it has been started successfully, and the display result will be output after the subsequent input characters are formatted
[INFO ] 2018-11-29 12:56:06.194 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
# Manual input
hello world 
              "host" => "node7.dklwj.com",
          "@version" => "1",
        "@timestamp" => 2018-11-29T04:58:26.160Z,
           "message" => "hello world"
    [INFO ] 2018-11-29 12:56:06.194
              "host" => "node7.dklwj.com",
          "@version" => "1",
        "@timestamp" => 2018-11-29T04:59:10.752Z,
           "message" => "[INFO ] 2018-11-29 12:56:06.194"

Output to the file, you need to manually input characters to generate the corresponding file

[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}}  output {file { path => "/tmp/output.txt" }}'
[INFO ] 2018-11-29 13:11:42.870 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
1[INFO ] 2018-11-29 13:12:10.300 [Ruby-0-Thread-6: :1] file - Opening file {:path=>"/tmp/output.txt"}

# Open a new terminal, load the file dynamically with tail -f, and continue to input text at the other end
[root@node7 ~]#tail -f /tmp/output.txt 

Output to elk server

After startup, input some test content, and then it will not be displayed on the current terminal. You need to open the elk server address + 9100 port with a browser

[root@node7 ~]#/usr/share/logstash/bin/logstash -e 'input { stdin{}}  output {elasticsearch { hosts => [""] index => "test-%{+YYYY.MM.dd}"}}'  
[INFO ] 2018-11-29 13:23:15.698 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
hello world 

Next, install the front-end to show kibana graphics

Just like the elk head installation, running in docker
Download the packaged kibana image file first

[root@node1 ~]#wget

Import the downloaded image file into docker images

[root@node1 ~]#docker load -i kibana_docker-image_6.4.3.tar.gz
f972d139738d: Loading layer  208.8MB/208.8MB
bf4884a66d65: Loading layer  27.92MB/27.92MB
fd1a35685127: Loading layer   2.56kB/2.56kB
24d0eaf4a529: Loading layer  559.9MB/559.9MB
96d0c6a3b847: Loading layer  4.096kB/4.096kB
a55297057152: Loading layer  9.216kB/9.216kB
d80d8e5025ea: Loading layer   7.68kB/7.68kB
17579ca9208b: Loading layer  8.704kB/8.704kB
3c3df3ec2abb: Loading layer  306.7kB/306.7kB
Loaded image: kibana:6.4.3

Create a profile on the host to bind the profile when starting the container later

[root@node1 ~]#vim kibana.yml
#Default Kibana configuration from kibana-docker.
server.name: kibana
server.host: "0"
xpack.monitoring.ui.container.elasticsearch.enabled: true

Start the kibana container, bind the configuration file, and expose the 5601 port number of kibana

[root@node1 ~]#docker run --name kibana -d  -p 15601:5601 -v /root/kibana.yml:/usr/share/kibana/config/kibana.yml  kibana:6.4.3 

View existing containers

Access the default interface of kibana through the port used when the IP + container of the host is exposed through the browser

Tags: Linux ElasticSearch JDK yum RPM

Posted on Sat, 30 Nov 2019 02:21:51 -0800 by cac_azure03