琼杰笔记一、简介
Kibana是一个免费开放的用户界面,可让您可视化Elasticsearch数据并浏览Elastic Stack。 从跟踪查询负载到了解请求在您的应用程序中的流动方式,无所不能。
Elasticsearch、Logstash、Kibana通常称作ELK,被广泛适用于企业收集分析日志中使用。前面介绍了Elasticsearch和Logstash的安装和基础使用方法:
本次主要介绍Kibana的安装部署、ELK三个组件的联合使用方法。
演示目的:
安装Kibana并结合Elasticsearch、Logstash和Redis,将Nginx日志展示至Kibana网页页面上。
二、Kibana安装配置
1、安装
1.下载安装包方式安装
官方下载地址:https://www.elastic.co/downloads/kibana
可直接下载系统对应的软件包,如CentOS可下载rpm包后直接安装
2.Yum安装【推荐】
1.下载并安装公共签名密钥
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
2.yum源创建repo文件
~]# cat > /etc/yum.repos.d/elastic.repo << EOF
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
3.yum安装
]# sudo yum install kibana -y
4、配置Kibana
]# grep -v "^#" /etc/kibana/kibana.yml | grep -v "^$"
server.port: 5601
server.host: "0.0.0.0"
server.name: "node02"
elasticsearch.hosts: ["http://192.168.239.131:9200"]
elasticsearch.preserveHost: true
kibana.index: ".kibana"
kibana.defaultAppId: "home"
三、ELK使用示例
1.前提准备
准备3台虚拟机,分别安装如下组件(可根据自己实际情况安装):
192.168.239.130:安装elasticsearch、logstash、NGINX、Redis
192.168.239.131:安装elasticsearch
192.168.239.132:安装elasticsearch、logstash、Kibana
2.Nginx
Yum安装NGINX并启动
]# yum install nginx -y
]# systemctl start nginx
3.Redis
1.安装Redis
]# yum install redis -y
2.配置Redis配置文件/etc/redis.conf
修改bind值为0.0.0.0,表示所有主机可访问
bind 0.0.0.0
3.启动redis,默认监听6379端口
]# systemctl start redis
]# ss -tanlp | grep 6379
LISTEN 0 128 *:6379 *:* users:(("redis-server",pid=1716,fd=4))
4.Logstash
logstash官方使用文档:https://www.elastic.co/guide/en/logstash/current/index.html
1.logstash客户端(192.168.239.130)收集NGINX日志数据
1.编写Logstash事件文件
在logstash配置文件/etc/logstash/conf.d中创建nginxlogs.conf文件,并写入如下内容:
input {
file {
path => "/var/log/nginx/access.log"
type => "nginxaccess"
start_position => "beginning"
}
}
filter {
grok {
patterns_dir => "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-patterns-core-4.1.2/patter
ns/grok-patterns"
match => { "message" => "%{NGINXACCESS}" }
}
}
output {
redis {
host => ["192.168.239.130"]
port => "6379"
data_type => "list"
key => "logstash_nginx"
}
}
2.将此配置文件作为事件开始运行
运行下面命令前,在其尾部添加”-t”可以先测试次配置文件是否有误,无误后再执行
]# logstash -f nginxlogs.conf
3.查看Redis是否收集到日志信息
如下内容表示已收集到6条记录
]# redis-cli
127.0.0.1:6379> LLEN logstash_nginx
(integer) 6
127.0.0.1:6379> LINDEX logstash_nginx 0
"{\"@timestamp\":\"2020-09-26T08:04:09.845Z\",\"remote_user\":\"-\",\"verb\":\"GET\",\"response\":\"304\",\"http_x_forwarded_for\":\"\\\"-\\\"\",\"path\":\"/var/log/nginx/access.log\",\"referrer\":\"\\\"-\\\"\",\"bytes\":\"0\",\"httpversion\":\"1.1\",\"message\":\"192.168.239.1 - - [26/Sep/2020:16:04:09 +0800] \\\"GET / HTTP/1.1\\\" 304 0 \\\"-\\\" \\\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36\\\" \\\"-\\\"\",\"clientip\":\"192.168.239.1\",\"request\":\"/\",\"type\":\"nginxaccess\",\"agent\":\"\\\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36\\\"\",\"@version\":\"1\",\"host\":\"master01\",\"timestamp\":\"26/Sep/2020:16:04:09 +0800\"}"
2.Logstash服务端(192.168.239.132)从logstash客户端取数据
1.编写事件配置文件
]# more /etc/logstash/conf.d/nginx_logs.conf
input {
redis {
host => ["192.168.239.130"]
port => "6379"
data_type => "list"
type => "nginxlog"
key => "logstash_nginx"
}
}
output {
elasticsearch {
hosts => "http://192.168.239.131:9200"
index => "logstash-nginx}"
}
}
2.启动logstash此配置文件的事件
]# logstash -f /etc/logstash/conf.d/nginx_logs.conf
5.Elasticsearch
各个节点启动elasticsearch,自动组合为一个elasticsearch集群。
]# systemctl start elasticsearch
6.Kibana
1.启动Kibana
]# systemctl start kibana
]# ss -tanlp | grep 5601
LISTEN 0 128 *:5601 *:* users:(("node",pid=1798,fd=18))
2.访问Kibana网页
网页访问http://192.168.239.132:5601/
3.创建索引,展示日志信息
创建索引后,自动发现规则即能显示如下图所示日志信息,即Nginx日志信息–>Redis存储–>ElsasicSearch读取–>Kibana展示这样一个流程。
评论前必须登录!
注册