Kibana+Logstash+Elasticsearch 日志查询系统
来源:互联网 发布:弓弦逸鹤 知乎 编辑:程序博客网 时间:2024/05/16 09:27
、
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://enable.blog.51cto.com/747951/1049411
一、 安装需求
1. 理论拓扑
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image001" border="0" alt="clip_image001" src="http://img1.51cto.com/attachment/201303/27/425872_1364376951lexY.png" height="482" />
本处对整个系统做个简单的说明:
Logstash:做系统log收集,转载的工具。一般使用shipper.conf 作为log收集、indexer.conf作为log转载。
Logstash shipper.conf 收集log 并将log转发给redis 存储
Logstash indexer.conf 从redis中读取数据并转发给elasticsearch
redis:是一个db,logstash shipper.conf将log转发到redis数据库中存储。Logstash indexer.conf 从redis中读取数据并转发给elasticsearch。
Elasticsearch:可进行多数据集群,提高效率。从redis中读取数据,并转发到kibana中
rashidkpc-Kibana: 提供一个 web界面的log分析功能
2. 安装环境
2.1 操作系统
CentOS 6.3 x64
Web-server基础环境Nginx+php(安装过程略过)具体也可以看我另外的blog
《nginx-1.2.4 和 php-5.4.8 安装》 http://jedy82.blog.51cto.com/425872/1060681
2.2 服务器信息
主服务器(就是log日志收集分析的服务器)
ip:10.10.1.244
需安装
jdk
redis
elasticsearch
logstash
rashidkpc-Kibana
提供log的服务器(请尽量选择有较多log的服务器,本处使用的是dns服务器。)
ip:10.10.1.9 powerdns-nsj1
ip:10.10.1.10 powerdns-nsj2
只需安装logstash
2.3 软件列表
jdk-7u9-linux-x64.tar.gz
redis-2.4.14.tar.gz
elasticsearch-0.18.7.tar.gz
logstash-1.1.0-monolithic.jar
rashidkpc-Kibana-v0.2.0-0-g41a1298.tar.gz
2.4 软件获取方法
2.4.1 Jdk获取路径
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://download.oracle.com/otn-pub/java/jdk/7u9-b05/jdk-7u9-linux-x64.tar.gz
2.4.2 Redis获取路径
http://redis.io/download
http://redis.googlecode.com/files/redis-2.4.14.tar.gz
(注意:redis-2.6.5 版本有问题)
2.4.3 Elasticsearch获取路径
http://www.elasticsearch.org/download/
http://cloud.github.com/downloads/elasticsearch/elasticsearch/elasticsearch-0.19.11.tar.gz
unzip elasticsearch-0.18.7.zip
2.4.4 Logstash获取路径
http://logstash.net/ 官网最新版本
http://semicomplete.com/files/logstash 所有旧版本
https://logstash.objects.dreamhost.com/release/logstash-1.1.5-monolithic.jar
2.4.5 PD获取路径
http://nchc.dl.sourceforge.net/project/pure-data/pure-data/
http://nchc.dl.sourceforge.net/project/pure-data/pure-data/0.43.4/pd-0.43-4.src.tar.gz
2.4.6 gem获取路径
http://rubyforge.org/frs/?group_id=126
wget http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.24.tgz
2.4.7 Kibana获取路径
http://kibana.org/intro.html
https://nodeload.github.com/rashidkpc/Kibana/legacy.tar.gz/kibana-ruby
二、 安装步骤
1. JDK的下载及安装
wget http://download.oracle.com/otn-pub/java/jdk/7u9-b05/jdk-7u9-linux-x64.tar.gz
tar zxvf jdk-7u9-linux-x64.gz
mv jdk1.7.0_09 /usr/java/
编辑 /etc/profile文件,加入以下行内容
export JAVA_HOME=/usr/java/jdk1.7.0_09
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH
source /etc/profile 刷新环境变量
java -version 验证java版本
cd
2. Redis下载及安装
wget http://redis.googlecode.com/files/redis-2.4.14.tar.gz
tar zxvf redis-2.4.14.tar.gz
cd redis-2.4.14
make -j24
make install
mkdir -p /data/redis
cd /data/redis/
mkdir {db,log,etc}
cd
测试:
[root@test redis-2.4.14]# redis-server 出现类似以下的信息
[6237] 06 Dec 16:23:15 # Warning: no config file specified, using the default config. In order to specify a config file use "redis-server /path/to/redis.conf"
[6237] 06 Dec 16:23:15 * Server started, Redis version 2.4.14
[6237] 06 Dec 16:23:15 * DB loaded from disk: 0 seconds
[6237] 06 Dec 16:23:15 * The server is now ready to accept connections on port 6379
[6237] 06 Dec 16:23:16 - 0 clients connected (0 slaves), 717496 bytes in use
在另一个窗口
[root@test ~]# redis-cli
redis 127.0.0.1:6379> set test tt
OK
redis 127.0.0.1:6379> get test
"tt"
redis 127.0.0.1:6379>
这时服务端出现如下信息
[6237] 06 Dec 16:24:52 - DB 0: 1 keys (0 volatile) in 4 slots HT.
[6237] 06 Dec 16:24:52 - 1 clients connected (0 slaves), 726216 bytes in use
3. Elasticsearch下载及安装
wget http://cloud.github.com/downloads/elasticsearch/elasticsearch/ elasticsearch-0.18.7.zip
cd /data/
unzip /software/elasticsearch-0.18.7.zip
ln -sv elasticsearch-0.18.7 elasticsearch
cd
4. Logstash下载及安装
mkdir –p /data/logstash/ && cd /data/logstash
wget https://logstash.objects.dreamhost.com/release/logstash-1.1.0-monolithic.jar
cd
5. Kibana下载及安装
5.1 先要安装相关工具,负责无法安装kibana:
5.1.1 安装依赖库
yum -y install ruby ruby-rdoc ruby-devel tcl tk freeglut-devel libtoolcd
freeglut-devel 是提供opengl库的,如果不装的话会在./configur时报” configure: error: GL (headers) not found! you need openGL”
如果不安装ruby-devel,会报如下错误:
ERROR: Failed to build gem native extension.
/usr/bin/ruby extconf.rb
can"t find header files for ruby
如果不安装 ruby-rdoc,会报如下错误:
gem installed
ERROR: While executing gem ... (Gem::DocumentError)
ERROR: RDoc documentation generator not installed: no such file to load -- rdoc/rdoc
5.1.2 安装PD (gem 必须要pd支持)
wget http://nchc.dl.sourceforge.net/project/pure-data/pure-data/0.43.4/pd-0.43-4.src.tar.gz
tar zxvf pd-0.43-4.src.tar.gz
cd pd-0.43-4
./autogen.sh
cd src
./configure
make
make install
pd -version 验证pd
cd
5.1.3 安装gem
http://rubyforge.org/frs/?group_id=126
wget http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.24.tgz
tar zxvf rubygems-1.8.24.tgz
cd rubygems-1.8.24
ruby setup.rb
gem -v 验证gem安装
cd
5.2 最后进行Kibana安装
这个要通过window下载 wget 没法下
[root@test ~]# cd /data/kibana
[root@test data]# tar zxvf rashidkpc-Kibana-v0.2.0-0-g41a1298.tar.gz
[root@test data]#ln -sv rashidkpc-Kibana-41a1298 kibana
[root@test kibana]# vi /data/kibana/KibanaConfig.rb 做如下修改:
Elasticsearch = "0.0.0.0:9200"
KibanaHost = "0.0.0.0"
[root@test kibana]# gem install bundler \\需连接外网
[root@test kibana]# bundle install
[root@test kibana]# ruby kibana.rb 启动kibana
[root@test kibana]# cd /software
浏览器中输入http://IP:5601 出现内容,说明成功
三、 相关配置及启动
1. Redis配置及启动
1.1 新建redis.conf
配置文件内容如下(适用于redis-2.4.14版本):
[root@test redis]# more /data/redis-2.4.14/redis.conf /data/redis-2.4.14/redis.conf.bak
[root@test redis]# more /data/redis/etc/redis.conf
#this is the config file for redis
daemonize yes
pidfile /var/run/redis.pid
port 6379
timeout 0
loglevel verbose
logfile /data/redis/log/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
rdbcompression yes
dbfilename dump.rdb
dir /data/redis/db
slave-serve-stale-data yes
appendonly no
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
slowlog-log-slower-than 10000
slowlog-max-len 128
vm-enabled no
vm-swap-file /tmp/redis.swap
vm-max-memory 0
vm-page-size 32
vm-pages 134217728
vm-max-threads 4
hash-max-zipmap-entries 512
hash-max-zipmap-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
[root@test data]#
1.2 Redis启动
[root@test data]# redis-server /data/redis/etc/redis.conf &
1.3 Redis测试
[root@test data]# redis-cli
redis 127.0.0.1:6379> set test kk
OK
redis 127.0.0.1:6379> get test
"kk"
redis 127.0.0.1:6379> exit
[root@test data]#
2. Elasticsearch配置及启动
2.1 Elasticsearch启动
[root@test data]# /data/elasticsearch/bin/elasticsearch -p /var/run/elasticsearch.pid &
[root@test data]# more /var/run/esearch.pid
[root@test data]# netstat -tlnpu 端口应该是 tcp 930* 和tcp 920*
2.2 Elasticsearch 群集配置(可不做)
curl 127.0.0.1:9200/_cluster/nodes/ip地址
3. Logstash配置及启动(收集log的服务器,本处是10.10.1.244)
3.1 新建配置文件(将redis 服务器收到的log转交给elasticsearch服务器)
[root@test logstash]# more /data/logstash/etc/indexer.conf
input {
redis {
host => "127.0.0.1"
type => "redis-input"
# these settings should match the output of the agent
data_type => "list"
key => "logstash:redis"
# We use json_event here since the sender is a logstash agent
message_format => "json_event"
}
}
output {
# stdout { debug => true debug_format => "json"}
elasticsearch {
host => "127.0.0.1"
}
}
[root@test logstash]#
3.2 Logstash启动
[root@test logstash]# java –jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/indexer.conf web & (此处可不加web这个参数,如果不加,就不会启动web界面,端口9292也不会起来)
[root@logstash ~]# ps -aux | grep logstash
root 2292 2.4 15.0 3435784 590436 pts/4 Sl 16:09 0:58 java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/indexer.conf web
[root@logstash ~]#
[root@logstash ~]# netstat -tlnp | grep java 应该有以下几行
tcp 0 0 :::9292 :::* LISTEN 2292/java
tcp 0 0 :::9200 :::* LISTEN 2161/java
tcp 0 0 :::9300 :::* LISTEN 2161/java
tcp 0 0 :::9301 :::* LISTEN 2292/java
tcp 0 0 :::9302 :::* LISTEN 2292/java
[root@logstash ~]# Logstash配置及启动(提供log的服务器,本处是10.10.1.9和10.10.1.10)
3.3 开机自动启动
[root@logstash ~]# more /etc/kibana.sh
#!/bin/bash
redis-server /data/redis/etc/redis.conf &
/data/elasticsearch/bin/elasticsearch -p /var/run/elasticsearch.pid &
java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/indexer.conf &
cd /data/kibana/ && ruby kibana.rb &
[root@logstash ~]# echo /etc/kibana.sh >>/etc/rc.local
[root@logstash ~]# more /etc/rc.local
/etc/kibana.sh
[root@logstash ~]#
4. 新建Logstash配置文件(此处配置powerdns-nsj1的,powerdns-nsj1对应该的ip是10.10.1.9,powerdns-nsj2对应该的ip是10.10.1.10)
4.1 新建配置文件(将系统log提交给redis 服务器)
[root@test ns1]# more /data/logstash/etc/shipper.conf (这里提取的log文件最好有较多的日志,要不然看不出效果,我这里使用的是powerdns的log,这个的log比较多)
input {
file {
type => "pdns-access"
path => "/var/log/pdns/pdns.log"
}
}
output {
redis {
host => "10.10.1.244"
data_type =>"list"
key => "logstash"
}
}
[root@test logstash]#
[root@test logstash]#
4.2 Logstash启动收集数据
[root@test logstash]# java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/shipper.conf &
[root@powerdns-nsj1 ~]# ps -aux | grep logstash
root 15757 2.0 7.8 2399256 309904 pts/0 Sl 16:31 0:22 java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/shipper.conf
[root@test logstash]#
4.3 加入开机启动
[root@test logstash]# echo “java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/shipper.conf &” >>/etc/rc.local
四、 性能调优
1. Elasticsearch调优
1.1 JVM调优
编辑Elasticsearch.in.sh文件
ES_CLASSPATH=$ES_CLASSPATH:$ES_HOME/lib/*:$ES_HOME/lib/sigar/*
if [ "x$ES_MIN_MEM" = "x" ]; then
ES_MIN_MEM=4g
fi
if [ "x$ES_MAX_MEM" = "x" ]; then
ES_MAX_MEM=4g
fi
1.2 Elasticsearch索引压缩
[root@test logstash]#vim index_elastic.sh
#!/bin/bash
#comperssion the data for elasticsearch now
date=` date +%Y.%m.%d `
# compression the new index;
/usr/bin/curl -XPUT http://localhost:9200/logstash-$date/nginx-access/_mapping -d "{"nginx-access" : {"_source" : { "compress" : true }}}"
echo ""
/usr/bin/curl -XPUT http://localhost:9200/logstash-$date/nginx-error/_mapping -d "{"nginx-error" : {"_source" : { "compress" : true }}}"
echo ""
/usr/bin/curl -XPUT http://localhost:9200/logstash-$date/linux-syslog/_mapping -d "{"linux-syslog" : {"_source" : { "compress" : true }}}"
echo ""
保存该脚本并执行
sh index_elastic.sh
五、 使用
1. Logstash查询页
使用浏览器访问http://10.10.1.244:9292 如果在启动logstash时没有加上web参数,则9292端口不会起来
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image002" border="0" alt="clip_image002" src="http://img1.51cto.com/attachment/201303/27/425872_1364376955UyoJ.png" height="201" />
查询一个内容:
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image003" border="0" alt="clip_image003" src="http://img1.51cto.com/attachment/201303/27/425872_13643769556n3z.png" height="428" />
2. kibana查询页
使用浏览器访问http://10.10.1.244:5601 如果使用的log源的log比较少的话 此处看到的信息比较少,甚至没有内容
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image005" border="0" alt="clip_image005" src="http://img1.51cto.com/attachment/201303/27/425872_1364376956Vtla.jpg" height="455" />
六、 错误排除
1. 新建启动文件
[root@logstash ~]# vi /data/elasticsearch/bin/elasticsearch.in.sh
将JAVA_OPTS="$JAVA_OPTS –Xss128k"
改大一点 如:
JAVA_OPTS="$JAVA_OPTS -Xss256k"
原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://enable.blog.51cto.com/747951/1049411
本文相关的软件可至http://down.51cto.com/data/719336下载
一、 安装需求
1. 理论拓扑
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image001" border="0" alt="clip_image001" src="http://img1.51cto.com/attachment/201303/27/425872_1364376951lexY.png" height="482" />
本处对整个系统做个简单的说明:
Logstash:做系统log收集,转载的工具。一般使用shipper.conf 作为log收集、indexer.conf作为log转载。
Logstash shipper.conf 收集log 并将log转发给redis 存储
Logstash indexer.conf 从redis中读取数据并转发给elasticsearch
redis:是一个db,logstash shipper.conf将log转发到redis数据库中存储。Logstash indexer.conf 从redis中读取数据并转发给elasticsearch。
Elasticsearch:可进行多数据集群,提高效率。从redis中读取数据,并转发到kibana中
rashidkpc-Kibana: 提供一个 web界面的log分析功能
2. 安装环境
2.1 操作系统
CentOS 6.3 x64
Web-server基础环境Nginx+php(安装过程略过)具体也可以看我另外的blog
《nginx-1.2.4 和 php-5.4.8 安装》 http://jedy82.blog.51cto.com/425872/1060681
2.2 服务器信息
主服务器(就是log日志收集分析的服务器)
ip:10.10.1.244
需安装
jdk
redis
elasticsearch
logstash
rashidkpc-Kibana
提供log的服务器(请尽量选择有较多log的服务器,本处使用的是dns服务器。)
ip:10.10.1.9 powerdns-nsj1
ip:10.10.1.10 powerdns-nsj2
只需安装logstash
2.3 软件列表
jdk-7u9-linux-x64.tar.gz
redis-2.4.14.tar.gz
elasticsearch-0.18.7.tar.gz
logstash-1.1.0-monolithic.jar
rashidkpc-Kibana-v0.2.0-0-g41a1298.tar.gz
2.4 软件获取方法
2.4.1 Jdk获取路径
http://www.oracle.com/technetwork/java/javase/downloads/index.html
http://download.oracle.com/otn-pub/java/jdk/7u9-b05/jdk-7u9-linux-x64.tar.gz
2.4.2 Redis获取路径
http://redis.io/download
http://redis.googlecode.com/files/redis-2.4.14.tar.gz
(注意:redis-2.6.5 版本有问题)
2.4.3 Elasticsearch获取路径
http://www.elasticsearch.org/download/
http://cloud.github.com/downloads/elasticsearch/elasticsearch/elasticsearch-0.19.11.tar.gz
unzip elasticsearch-0.18.7.zip
2.4.4 Logstash获取路径
http://logstash.net/ 官网最新版本
http://semicomplete.com/files/logstash 所有旧版本
https://logstash.objects.dreamhost.com/release/logstash-1.1.5-monolithic.jar
2.4.5 PD获取路径
http://nchc.dl.sourceforge.net/project/pure-data/pure-data/
http://nchc.dl.sourceforge.net/project/pure-data/pure-data/0.43.4/pd-0.43-4.src.tar.gz
2.4.6 gem获取路径
http://rubyforge.org/frs/?group_id=126
wget http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.24.tgz
2.4.7 Kibana获取路径
http://kibana.org/intro.html
https://nodeload.github.com/rashidkpc/Kibana/legacy.tar.gz/kibana-ruby
二、 安装步骤
1. JDK的下载及安装
wget http://download.oracle.com/otn-pub/java/jdk/7u9-b05/jdk-7u9-linux-x64.tar.gz
tar zxvf jdk-7u9-linux-x64.gz
mv jdk1.7.0_09 /usr/java/
编辑 /etc/profile文件,加入以下行内容
export JAVA_HOME=/usr/java/jdk1.7.0_09
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPATH
source /etc/profile 刷新环境变量
java -version 验证java版本
cd
2. Redis下载及安装
wget http://redis.googlecode.com/files/redis-2.4.14.tar.gz
tar zxvf redis-2.4.14.tar.gz
cd redis-2.4.14
make -j24
make install
mkdir -p /data/redis
cd /data/redis/
mkdir {db,log,etc}
cd
测试:
[root@test redis-2.4.14]# redis-server 出现类似以下的信息
[6237] 06 Dec 16:23:15 # Warning: no config file specified, using the default config. In order to specify a config file use "redis-server /path/to/redis.conf"
[6237] 06 Dec 16:23:15 * Server started, Redis version 2.4.14
[6237] 06 Dec 16:23:15 * DB loaded from disk: 0 seconds
[6237] 06 Dec 16:23:15 * The server is now ready to accept connections on port 6379
[6237] 06 Dec 16:23:16 - 0 clients connected (0 slaves), 717496 bytes in use
在另一个窗口
[root@test ~]# redis-cli
redis 127.0.0.1:6379> set test tt
OK
redis 127.0.0.1:6379> get test
"tt"
redis 127.0.0.1:6379>
这时服务端出现如下信息
[6237] 06 Dec 16:24:52 - DB 0: 1 keys (0 volatile) in 4 slots HT.
[6237] 06 Dec 16:24:52 - 1 clients connected (0 slaves), 726216 bytes in use
3. Elasticsearch下载及安装
wget http://cloud.github.com/downloads/elasticsearch/elasticsearch/ elasticsearch-0.18.7.zip
cd /data/
unzip /software/elasticsearch-0.18.7.zip
ln -sv elasticsearch-0.18.7 elasticsearch
cd
4. Logstash下载及安装
mkdir –p /data/logstash/ && cd /data/logstash
wget https://logstash.objects.dreamhost.com/release/logstash-1.1.0-monolithic.jar
cd
5. Kibana下载及安装
5.1 先要安装相关工具,负责无法安装kibana:
5.1.1 安装依赖库
yum -y install ruby ruby-rdoc ruby-devel tcl tk freeglut-devel libtoolcd
freeglut-devel 是提供opengl库的,如果不装的话会在./configur时报” configure: error: GL (headers) not found! you need openGL”
如果不安装ruby-devel,会报如下错误:
ERROR: Failed to build gem native extension.
/usr/bin/ruby extconf.rb
can"t find header files for ruby
如果不安装 ruby-rdoc,会报如下错误:
gem installed
ERROR: While executing gem ... (Gem::DocumentError)
ERROR: RDoc documentation generator not installed: no such file to load -- rdoc/rdoc
5.1.2 安装PD (gem 必须要pd支持)
wget http://nchc.dl.sourceforge.net/project/pure-data/pure-data/0.43.4/pd-0.43-4.src.tar.gz
tar zxvf pd-0.43-4.src.tar.gz
cd pd-0.43-4
./autogen.sh
cd src
./configure
make
make install
pd -version 验证pd
cd
5.1.3 安装gem
http://rubyforge.org/frs/?group_id=126
wget http://files.rubyforge.vm.bytemark.co.uk/rubygems/rubygems-1.8.24.tgz
tar zxvf rubygems-1.8.24.tgz
cd rubygems-1.8.24
ruby setup.rb
gem -v 验证gem安装
cd
5.2 最后进行Kibana安装
这个要通过window下载 wget 没法下
[root@test ~]# cd /data/kibana
[root@test data]# tar zxvf rashidkpc-Kibana-v0.2.0-0-g41a1298.tar.gz
[root@test data]#ln -sv rashidkpc-Kibana-41a1298 kibana
[root@test kibana]# vi /data/kibana/KibanaConfig.rb 做如下修改:
Elasticsearch = "0.0.0.0:9200"
KibanaHost = "0.0.0.0"
[root@test kibana]# gem install bundler \\需连接外网
[root@test kibana]# bundle install
[root@test kibana]# ruby kibana.rb 启动kibana
[root@test kibana]# cd /software
浏览器中输入http://IP:5601 出现内容,说明成功
三、 相关配置及启动
1. Redis配置及启动
1.1 新建redis.conf
配置文件内容如下(适用于redis-2.4.14版本):
[root@test redis]# more /data/redis-2.4.14/redis.conf /data/redis-2.4.14/redis.conf.bak
[root@test redis]# more /data/redis/etc/redis.conf
#this is the config file for redis
daemonize yes
pidfile /var/run/redis.pid
port 6379
timeout 0
loglevel verbose
logfile /data/redis/log/redis.log
databases 16
save 900 1
save 300 10
save 60 10000
rdbcompression yes
dbfilename dump.rdb
dir /data/redis/db
slave-serve-stale-data yes
appendonly no
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
slowlog-log-slower-than 10000
slowlog-max-len 128
vm-enabled no
vm-swap-file /tmp/redis.swap
vm-max-memory 0
vm-page-size 32
vm-pages 134217728
vm-max-threads 4
hash-max-zipmap-entries 512
hash-max-zipmap-value 64
list-max-ziplist-entries 512
list-max-ziplist-value 64
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
activerehashing yes
[root@test data]#
1.2 Redis启动
[root@test data]# redis-server /data/redis/etc/redis.conf &
1.3 Redis测试
[root@test data]# redis-cli
redis 127.0.0.1:6379> set test kk
OK
redis 127.0.0.1:6379> get test
"kk"
redis 127.0.0.1:6379> exit
[root@test data]#
2. Elasticsearch配置及启动
2.1 Elasticsearch启动
[root@test data]# /data/elasticsearch/bin/elasticsearch -p /var/run/elasticsearch.pid &
[root@test data]# more /var/run/esearch.pid
[root@test data]# netstat -tlnpu 端口应该是 tcp 930* 和tcp 920*
2.2 Elasticsearch 群集配置(可不做)
curl 127.0.0.1:9200/_cluster/nodes/ip地址
3. Logstash配置及启动(收集log的服务器,本处是10.10.1.244)
3.1 新建配置文件(将redis 服务器收到的log转交给elasticsearch服务器)
[root@test logstash]# more /data/logstash/etc/indexer.conf
input {
redis {
host => "127.0.0.1"
type => "redis-input"
# these settings should match the output of the agent
data_type => "list"
key => "logstash:redis"
# We use json_event here since the sender is a logstash agent
message_format => "json_event"
}
}
output {
# stdout { debug => true debug_format => "json"}
elasticsearch {
host => "127.0.0.1"
}
}
[root@test logstash]#
3.2 Logstash启动
[root@test logstash]# java –jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/indexer.conf web & (此处可不加web这个参数,如果不加,就不会启动web界面,端口9292也不会起来)
[root@logstash ~]# ps -aux | grep logstash
root 2292 2.4 15.0 3435784 590436 pts/4 Sl 16:09 0:58 java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/indexer.conf web
[root@logstash ~]#
[root@logstash ~]# netstat -tlnp | grep java 应该有以下几行
tcp 0 0 :::9292 :::* LISTEN 2292/java
tcp 0 0 :::9200 :::* LISTEN 2161/java
tcp 0 0 :::9300 :::* LISTEN 2161/java
tcp 0 0 :::9301 :::* LISTEN 2292/java
tcp 0 0 :::9302 :::* LISTEN 2292/java
[root@logstash ~]# Logstash配置及启动(提供log的服务器,本处是10.10.1.9和10.10.1.10)
3.3 开机自动启动
[root@logstash ~]# more /etc/kibana.sh
#!/bin/bash
redis-server /data/redis/etc/redis.conf &
/data/elasticsearch/bin/elasticsearch -p /var/run/elasticsearch.pid &
java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/indexer.conf &
cd /data/kibana/ && ruby kibana.rb &
[root@logstash ~]# echo /etc/kibana.sh >>/etc/rc.local
[root@logstash ~]# more /etc/rc.local
/etc/kibana.sh
[root@logstash ~]#
4. 新建Logstash配置文件(此处配置powerdns-nsj1的,powerdns-nsj1对应该的ip是10.10.1.9,powerdns-nsj2对应该的ip是10.10.1.10)
4.1 新建配置文件(将系统log提交给redis 服务器)
[root@test ns1]# more /data/logstash/etc/shipper.conf (这里提取的log文件最好有较多的日志,要不然看不出效果,我这里使用的是powerdns的log,这个的log比较多)
input {
file {
type => "pdns-access"
path => "/var/log/pdns/pdns.log"
}
}
output {
redis {
host => "10.10.1.244"
data_type =>"list"
key => "logstash"
}
}
[root@test logstash]#
[root@test logstash]#
4.2 Logstash启动收集数据
[root@test logstash]# java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/shipper.conf &
[root@powerdns-nsj1 ~]# ps -aux | grep logstash
root 15757 2.0 7.8 2399256 309904 pts/0 Sl 16:31 0:22 java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/shipper.conf
[root@test logstash]#
4.3 加入开机启动
[root@test logstash]# echo “java -jar /data/logstash/logstash-1.1.0-monolithic.jar agent -f /data/logstash/etc/shipper.conf &” >>/etc/rc.local
四、 性能调优
1. Elasticsearch调优
1.1 JVM调优
编辑Elasticsearch.in.sh文件
ES_CLASSPATH=$ES_CLASSPATH:$ES_HOME/lib/*:$ES_HOME/lib/sigar/*
if [ "x$ES_MIN_MEM" = "x" ]; then
ES_MIN_MEM=4g
fi
if [ "x$ES_MAX_MEM" = "x" ]; then
ES_MAX_MEM=4g
fi
1.2 Elasticsearch索引压缩
[root@test logstash]#vim index_elastic.sh
#!/bin/bash
#comperssion the data for elasticsearch now
date=` date +%Y.%m.%d `
# compression the new index;
/usr/bin/curl -XPUT http://localhost:9200/logstash-$date/nginx-access/_mapping -d "{"nginx-access" : {"_source" : { "compress" : true }}}"
echo ""
/usr/bin/curl -XPUT http://localhost:9200/logstash-$date/nginx-error/_mapping -d "{"nginx-error" : {"_source" : { "compress" : true }}}"
echo ""
/usr/bin/curl -XPUT http://localhost:9200/logstash-$date/linux-syslog/_mapping -d "{"linux-syslog" : {"_source" : { "compress" : true }}}"
echo ""
保存该脚本并执行
sh index_elastic.sh
五、 使用
1. Logstash查询页
使用浏览器访问http://10.10.1.244:9292 如果在启动logstash时没有加上web参数,则9292端口不会起来
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image002" border="0" alt="clip_image002" src="http://img1.51cto.com/attachment/201303/27/425872_1364376955UyoJ.png" height="201" />
查询一个内容:
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image003" border="0" alt="clip_image003" src="http://img1.51cto.com/attachment/201303/27/425872_13643769556n3z.png" height="428" />
2. kibana查询页
使用浏览器访问http://10.10.1.244:5601 如果使用的log源的log比较少的话 此处看到的信息比较少,甚至没有内容
650) this.width=650;" style="border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px" title="clip_image005" border="0" alt="clip_image005" src="http://img1.51cto.com/attachment/201303/27/425872_1364376956Vtla.jpg" height="455" />
六、 错误排除
1. 新建启动文件
[root@logstash ~]# vi /data/elasticsearch/bin/elasticsearch.in.sh
将JAVA_OPTS="$JAVA_OPTS –Xss128k"
改大一点 如:
JAVA_OPTS="$JAVA_OPTS -Xss256k"
- Kibana+Logstash+Elasticsearch 日志查询系统
- Kibana+Logstash+Elasticsearch 日志查询系统
- Kibana+Logstash+Elasticsearch 日志查询系统
- 日志查询系统-----Kibana+Logstash+Elasticsearch
- Kibana+Logstash+Elasticsearch 日志查询系统
- Logstash+Redis+Elasticsearch+Kibana 快速搭建Nginx日志查询系统
- ElasticSearch + Logstash + Kibana 实时日志收集、查询和分析系统
- logstash+elasticsearch +kibana 日志管理系统
- Logstash+ElasticSearch+Kibana日志分析系统
- 日志系统 - (kafka)logstash elasticsearch kibana
- 搭建ELK(ElasticSearch+Logstash+Kibana)日志分析系统(十三) kibana 界面查询语法
- 用Kibana+Logstash+Elasticsearch快速搭建实时日志查询、收集与分析系统
- 使用kibana+logstash+elasticsearch+redis搭建分布式日志收集、分析、查询系统。
- 用ElasticSearch,LogStash,Kibana搭建实时日志收集系统
- Logstash+Redis+Elasticsearch+Kibana+Nginx搭建日志分析系统
- Logstash+Redis+Elasticsearch+Kibana+Nginx搭建日志分析系统
- logstash+elasticsearch+kibana搭建日志收集分析系统
- logstash+elasticsearch+kibana搭建日志收集分析系统
- MySQL 性能优化的最佳20多条经验分享
- 微信公众帐号开发教程第6篇-文本消息的内容长度限制揭秘
- 危楼还望,叹此意、今古几人曾会? — 夜读南宋词人陈亮《念奴娇·登多景楼》感怀
- java中API中数据类型包装类(Integer),System,Runtime,Date
- jQuery 图片放大预览插件
- Kibana+Logstash+Elasticsearch 日志查询系统
- 数据库设计--冗余的一点建议
- 4.3 Populating a Table View with Data
- 微信公众帐号开发教程第7篇-文本消息中换行符的使用
- yii引入js css
- 字符串匹配:KMP、BM
- U大师u盘装系统的操作全程图解教程
- java中API:集合框架1(Collection,List,Set及其子类和迭代器的应用)
- (日志空间满了):ORA-00257: archiver error. Connect internal only, until freed 错误的处理方法
