ELK概念

ELK Stack 是 Elasticsearch、Logstash、Kibana 三个开源软件的组合。在实时数据检索和分析场合,三者通常是配合共用,而且又都先后归于 Elastic.co 公司名下,故有此简称。


环境

  • ElasticSearch 2.1.1
  • Logstash 2.1.1
  • Kibana 4.3.1
  • OS: Ubuntu 14.04
  • RAM: 4GB
  • CPU Cores: 2
    现在我们开始部署ELK Stack

Setp1:install JAVA8

Elasticsearch 和 Logstash都需要JAVA的支持,所以我们现在就先来安装java环境。我们就来安装elastic官方推荐的java8。

$ sudo add-apt-repository -y ppa:webupd8team/java #添加Oracle JAVA ppa到apt
$ sudo apt-get update
$ sudo apt-get -y install oracle-java8-installer

Setp2:install ElasticSearch

ElasticSearch可以通过添加官方仓库的方式来安装。
首先运行下面的命令导入elasticsearch public GPG key

$ wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

创建elasticsearch的sourcelist,感谢TUNA提供的ELK镜像:

$ echo "deb https://mirrors.tuna.tsinghua.edu.cn/ELK/apt/elasticsearch/2.x/ stable main" | sudo tee /etc/apt/sources.list.d/elasticsearch-2.x.list

安装elasticsearch:

$ sudo apt-get update
$ sudo apt-get -y install elasticsearch

elasticsearch安装完成后,编辑下elasticsearch.yml

$ sudo vi /etc/elasticsearch/elasticsearch.yml

找到network.host: localhost,删除注释。然后重启下elasticsearch:

$ sudo service elasticsearch restart

设置elasticsearch开机自启动:

$ sudo update-rc.d elasticsearch defaults 95 10

all commands in one script自动安装脚本

#!/bin/bash

### USAGE
### ./ElasticSearch_install.sh will install ElasticSearch2.x
### CLI options Contributed by bubble
### Check http://www.elasticsearch.org/download/ for latest version of ElasticSearch

### Install java8
cd ~
sudo apt-get install python-software-properties -y
sleep 1
sudo add-apt-repository ppa:webupd8team/java -y
sleep 1
sudo apt-get update
sleep 1
sudo apt-get install oracle-java8-installer -y

### Download and install the Public Signing Key
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

### Setup Repository
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list

### Install Elasticsearch
sudo apt-get update && sudo apt-get install elasticsearch -y

### Start ElasticSearch 
sudo service elasticsearch start

### Lets wait a little while ElasticSearch starts
sleep 5

### Make sure service is running
curl localhost:9200/_nodes/process?pretty

Setp3: install logstash

$ wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ echo "deb http://packages.elastic.co/logstash/2.1/debian stable main" | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update && sudo apt-get install logstash

Setp4: install Kibana

官方提供了Kibana4.5版本的镜像仓库,同时TUNA清华大学镜像站也提供了国内镜像服务.

添加public key:

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

添加kibana镜像列表

echo "deb https://mirrors.tuna.tsinghua.edu.cn/ELK/apt/kibana/4.5 stable main" | sudo tee /etc/apt/sources.list

更新仓库并安装Kibana

sudo apt-get update && sudo apt-get install kibana

如果你系统用的是System v的init方式,运行下面命令添加kibana到自启动

sudo update-rc.d kibana defaults 95 10

如果用的是systemd,则使用该命令

sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service