ELK收集messages线程

server 192.168.88.8 (elasticsearch logstash)
server 192.168.88.17 (kibana httpd-tools)

jdk

两个服务器都要装

elasticsearch

yum -y install elasticsearch-6.6.2.rpm
vim /etc/elasticsearch/elasticsearch.yml

systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
tailf /var/log/elasticsearch/ylm666.log

ss -ntlp | grep java

logstash

yum -y install logstash-6.6.0.rpm
vim /etc/logstash/conf.d/messages.conf

chmod -R 777 /var/log
systemctl start logstash
tailf /var/log/logstash/(tab)

ss -ntlp | grep 9600

server 192.168.88.17:(kibana)

rpm -ivh jdk-8u131-linux-x64_.rpm
yum -y install kibana-6.6.2-x86_64.rpm
vim /etc/kibana/kinbana.yml

ss -ntlp | grep 5601

httpd-tools(192.168.88.17)

ab -n 100 -c 100 http://192.168.88.8/index.html
访问 ip:5601

添加nginx日志的可视化图形

1 添加状态码统计饼状图



2 添加一个统计pv的图形


3 添加ip访问量前10的ip

4 访问量趋势图

5 添加一个仪表盘


没有nginx 索引需注意以下几点：
1：chmod 777 /var/log/nginx -R
2: pipiline.yml 文件
3：nginx log 里要有内容 可以用ab压测用具生成一些日志

常用命令：

验证服务

curl -X GET http://127.0.0.1:9200

elasticsearch 查看集群统计信息

curl -XGET ‘http://localhost:9200/_cluster/stats?pretty’

查看集群状态

curl -X GET ‘localhost:9200/_cat/health?v’

创建索引:test_index

curl -X PUT HTTP://localhost:9200/test_index?pretty

elasticsearch 查看所有索引

curl -X GET HTTP://localhost:9200/_cat/indices?v

curl -s http://192.168.1.9:9200/_cat/indices|grep “msg”|awk ‘{print $3}’|sort

删除索引：test_index

curl -XDELETE ‘localhost:9200/test_index?pretty’