elasticsearch logstash kibana (ELK)

-
                                           elasticsearch logstash kibana DOC

Install elasticsearch (ON BOTH NODE )

[root@localhost ~] # rpm -ivh elasticsearch-6.4.1.rpm
[root@localhost ~] # vim /etc/elasticsearch/elasticsearch.yml  ( change  some lines )
cluster.name: esearch
node.name:  node1 (Change as a Node2)
network.host: 192.168.1.2 (Change as a Node2 ip)
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.1.2", "192.168.1.3"]

[root@localhost ~] # systemctl  restart elasticsearch
[root@localhost ~] # systemctl  enable elasticsearch

[root@localhost ~] # firewall-cmd --add-port=9200/tcp --permanent
[root@localhost ~] # firewall-cmd --add-port=9300/tcp --permanent
[root@localhost ~] # firewall-cmd --reload
[root@localhost ~] # firewall-cmd --list-all

[root@localhost ~] # curl 'http://192.168.1.2:9200/?pretty'

{
  "name" : "node1",
  "cluster_name" : "esearch",
  "cluster_uuid" : "VA5bPV18T9-AD1OyvGX4-Q",
  "version" : {
    "number" : "6.4.1",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "e36acdb",
    "build_date" : "2018-09-13T22:18:07.696808Z",
    "build_snapshot" : false,
    "lucene_version" : "7.4.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

[root@localhost ~] # curl -XGET http://192.168.1.2:9200/_cat/nodes?v

ip             heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.1.3           30           9   1    0.00    0.01     0.06 mdi       -      node2
192.168.1.2           48          28   2    0.00    0.10     0.14 mdi       *      node1


Install logstash
[root@localhost ~] # rpm -ivh logstash-6.0.1.rpm



Install kibana
[root@localhost ~] # vim /etc/yum.repos.d/kibana.repo
[kibana-6.x]
name=Kibana repository for 6.x packages
gpgcheck=1
enabled=1
autorefresh=1
type=rpm-md

[root@localhost ~] # yum install kibana -y

[root@localhost ~] # vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "192.168.1.2"
server.name: "node1"
elasticsearch.url: "http://192.168.1.2:9200"


[root@localhost ~] # systemctl start kibana.service
[root@localhost ~] # systemctl enable kibana.service


[root@localhost ~] # cat /var/log/secure | grep session | grep user >> /var/log/test1.log
[root@localhost ~] #  vim /etc/logstash/conf.d/testlog.conf
input{
        file{
            path => [ "/var/log/test1.log" ]
            start_position => "beginning"
            type => "testlog"
            }
     }

filter {
        if [type] == "testlog" {
        grok {
        match => {
              "message" =>'%{SYSLOGTIMESTAMP:DATE}%{SPACE}%{IPORHOST:IP}%{SPACE}%{GREEDYDATA:msg}\:%{GREEDYDATA:msg1}'
                }


             }
date {
        match => ["timestamp","dd/MMM/yyyy:HH:mm:ss.SSSSSS"]
     }
}
     }

output{
        if [type] == "testlog" {
        elasticsearch {
        hosts => ["http://192.168.1.2:9200","http://192.168.1.3:9200"]
        index => "testlog"
}
        stdout {
    codec => rubydebug
}
}
}


Open you web browser and Type below link
http://192.168.1.2:5601

Comments

Post a Comment

Popular posts from this blog

PCS Corosync Pacemaker Cluster Mariadb using NFS

-
              PCS Corosync Pacemaker Cluster Mariadb using NFS I have use 2 node cluster with nfsserver  (NODE1,NODE2 and nfsserver )  OS RHEL7.6 Minimal Install IP 192.168.122.50 node1.example.com node1 IP 192.168.122.51 node2.example.com node2 IP 192.168.122.49 nfsserver.example.com nfsserver [root@node1 ~]# vi /etc/hosts  ( edit in NODE1,NODE2 and nfsserver ) 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.122.49 nfsserver.example.com nfsserver 192.168.122.50 node1.example.com node1 192.168.122.51 node2.example.com node2 #####  Stop Firewall in NODE1,NODE2 and nfsserver  ####### [root@node1 ~]# iptables -F [root@node1 ~]# iptables -F -t nat [root@node1 ~]# systemctl stop firewalld [root@node1 ~]# systemctl disable firewalld [root@node1 ~]# systemctl stop NetworkManager [root@node1 ~]# systemctl disable NetworkManager [root@node1 ~]# vi /etc/sy
Read more

How to install and configure node js and PM2 in rhel7

-
OS RHEL7.6 Minimal Install Download :  libuv-1.7.5-3.el7.x86_64.rpm , nodejs-4.7.2-1.el7.x86_64.rpm [root@node1 ~]# rpm -ivh nodejs-4.7.2-1.el7.x86_64.rpm warning: nodejs-4.7.2-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY error: Failed dependencies: libuv >= 1:1.7.5 is needed by nodejs-4.7.2-1.el7.x86_64 libuv.so.1()(64bit) is needed by nodejs-4.7.2-1.el7.x86_64 [root@node1 ~]# rpm -ivh libuv-1.7.5-3.el7.x86_64.rpm warning: libuv-1.7.5-3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY Preparing...                          ################################# [100%] Updating / installing...    1:libuv-1:1.7.5-3.el7              ################################# [100%] [root@node1 ~]# rpm -ivh nodejs-4.7.2-1.el7.x86_64.rpm warning: nodejs-4.7.2-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY Preparing...                          ################################# [100%] Updating / installing.
Read more

How to Create or Configure iSCSI Server and Clinet

-
Server: server.example.com IP Address: 192.168.122.246 OS: CentOS 7.9 Client: client.example.com IP Address: 192.168.122.245 Server: [root@server ~]# pvcreate /dev/vdb [root@server ~]# vgcreate newvg /dev/vdb [root@server ~]#  lvcreate -L 10G -n iscsi newvg [root@server ~]# yum install targetcli -y [root@server ~]# targetcli > cd /backstores/block /backstores/block> create iscsi_disk1 /dev/newvg/iscsi Created block storage object iscsi_disk1 using /dev/newvg/iscsi. /backstores/block> cd /iscsi /iscsi> create iqn.2016-02.local.cass2.server:disk1 Created target iqn.2016-02.local.cass2.server:disk1. Created TPG 1. Global pref auto_add_default_portal=true Created default portal listening on all IPs (0.0.0.0), port 3260. /iscsi> cd /iscsi/iqn.2016-02.local.cass2.server:disk1/tpg1/acls  /iscsi/iqn.20...sk1/tpg1/acls> create iqn.2016-02.local.cass2.server:cass1 Created Node ACL for iqn.2016-02.local.cass2.server:cass1 /iscsi/iqn.20...sk1/tpg1/acls> cd /iscsi/iqn.2016-02.
Read more