ELK集群部署 · k8s集群部署

# ELK集群的部署在這里提前準備好的jdk環境以及環境變量服務會報錯，具體原因還在排查中，建議使用官方atp源補充：排查結果在logstash的配置文件中有指定JAVA環境的配置，它不會去讀取默認的系統環境。 ``` add-apt-repository ppa:webupd8team/java apt-get?update apt-get?install oracle-java8-installer ``` 安裝logstash+elasticsearch集群+kibana ``` [root@localhost ~]# mv /var/lib/{elasticsearch,logstash} /data/ [root@localhost ~]# rpm –ivh https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.rpm [root@localhost ~]# cat /etc/logstash/logstash.yml path.data: /data/logstash path.config: /etc/logstash/conf.d/*.conf path.logs: /var/log/logstash 定義一個nginx日志輸出格式的例子 [root@localhost ~]# vi /etc/logstash/conf.d/nginxlog.conf input { kafka { bootstrap_servers => "192.168.11.215:9092" topics => "nginxacc" consumer_threads => 5 codec => "json" } } filter { ruby { code => " if event.get('message') event.set('message', event.get('message').gsub('\x','Xx')) event.set('message', event.get('message').gsub('\\x','XXx')) end " } json { remove_field => "message" source => "message" } mutate { gsub => ["client", ",.*", ""] convert => { "size" => "integer" } convert => { "requesttime" => "float" } } geoip { source => "client" target => "geoip" remove_field => "client" } useragent { source => "agent" target => "user_agent" remove_field => "agent" } } output { elasticsearch { hosts => ["elasticsearch:9200"] index => "logstash-nginxacc-%{+YYYY.MM.dd}" } } 啟動logstash服務 [root@localhost ~]# systemctl start logstash [root@localhost ~]# rpm -ivh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.rpm ``` **# Elasticsearch的配置如下** ``` [root@localhost ~]# cat /etc/elasticsearch/elasticsearch.yml path.data: /data/elasticsearch path.logs: /var/log/elasticsearch network.host: 192.168.11.231 discovery.zen.ping.unicast.hosts: ["192.168.11.231:9300","192.168.11.232:9300","192.168.11.233:9300"] discovery.zen.minimum_master_nodes: 2 http.cors.enabled: true http.cors.allow-origin: "*" 其它兩臺network.host處也相應修改為本機ip 啟動服務 [root@localhost ~]# systemctl start elasticsearch ``` **# Kibana配置：** ``` [root@localhost ~]# rpm –ivh https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-x86_64.rpm [root@localhost ~]# cat /etc/kibana/kibana.yml server.host: "192.168.11.231" elasticsearch.url: http://192.168.11.231:9200 啟動kibana服務 [root@localhost ~]# systemctl start kibana ``` # ELK效果圖： ![](https://box.kancloud.cn/9200195b02d455e520ffdfb3b6014ab9_2848x1566.png)