elasticsearch logstash kibana (ELK)
elasticsearch logstash kibana DOC
Install elasticsearch (ON BOTH NODE )
[root@localhost ~] # wget -c https://artifacts.elastic.co/ downloads/elasticsearch/ elasticsearch-6.4.1.rpm
[root@localhost ~] # rpm -ivh elasticsearch-6.4.1.rpm
[root@localhost ~] # vim /etc/elasticsearch/ elasticsearch.yml ( change some lines )
cluster.name: esearch
node.name: node1 (Change as a Node2)
network.host: 192.168.1.2 (Change as a Node2 ip)
http.port: 9200
discovery.zen.ping.unicast. hosts: ["192.168.1.2", "192.168.1.3"]
[root@localhost ~] # systemctl restart elasticsearch
[root@localhost ~] # systemctl enable elasticsearch
[root@localhost ~] # firewall-cmd --add-port=9200/tcp --permanent
[root@localhost ~] # firewall-cmd --add-port=9300/tcp --permanent
[root@localhost ~] # firewall-cmd --reload
[root@localhost ~] # firewall-cmd --list-all
[root@localhost ~] # curl 'http://192.168.1.2:9200/? pretty'
{
"name" : "node1",
"cluster_name" : "esearch",
"cluster_uuid" : "VA5bPV18T9-AD1OyvGX4-Q",
"version" : {
"number" : "6.4.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "e36acdb",
"build_date" : "2018-09-13T22:18:07.696808Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_ version" : "5.6.0",
"minimum_index_compatibility_ version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
[root@localhost ~] # curl -XGET http://192.168.1.2:9200/_ cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.1.3 30 9 1 0.00 0.01 0.06 mdi - node2
192.168.1.2 48 28 2 0.00 0.10 0.14 mdi * node1
Install logstash
[root@localhost ~] # wget -c https://artifacts.elastic.co/ downloads/logstash/logstash-6. 0.1.rpm
[root@localhost ~] # rpm -ivh logstash-6.0.1.rpm
Install kibana
[root@localhost ~] # vim /etc/yum.repos.d/kibana.repo
[kibana-6.x]
name=Kibana repository for 6.x packages
gpgcheck=1
enabled=1
autorefresh=1
type=rpm-md
[root@localhost ~] # yum install kibana -y
[root@localhost ~] # vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "192.168.1.2"
server.name: "node1"
elasticsearch.url: "http://192.168.1.2:9200"
[root@localhost ~] # systemctl start kibana.service
[root@localhost ~] # systemctl enable kibana.service
[root@localhost ~] # cat /var/log/secure | grep session | grep user >> /var/log/test1.log
[root@localhost ~] # vim /etc/logstash/conf.d/testlog. conf
input{
file{
path => [ "/var/log/test1.log" ]
start_position => "beginning"
type => "testlog"
}
}
filter {
if [type] == "testlog" {
grok {
match => {
"message" =>'%{SYSLOGTIMESTAMP:DATE}%{ SPACE}%{IPORHOST:IP}%{SPACE}%{ GREEDYDATA:msg}\:%{GREEDYDATA: msg1}'
}
}
date {
match => ["timestamp","dd/MMM/yyyy:HH: mm:ss.SSSSSS"]
}
}
}
output{
if [type] == "testlog" {
elasticsearch {
hosts => ["http://192.168.1.2:9200", "http://192.168.1.3:9200"]
index => "testlog"
}
stdout {
codec => rubydebug
}
}
}
Open you web browser and Type below link
http://192.168.1.2:5601
Comments
Post a Comment