kibanna
注意事项:与
Elasticsearch版本一致
下载&解压
下载地址:elasticsearch.cn/download/
[root@localhost local]# tar -xvf kibana-8.1.0-linux-x86_64.tar.gz
[root@localhost local]# rm -rf kibana-8.1.0-linux-x86_64.tar.gz && mv kibana-8.1.0 kibana
权限配置
将kibanna目录权限改为esroot用户
[root@localhost local]# chown -R esroot:esroot /usr/local/kibana/
配置
[root@localhost kibana]# vi config/kibana.yml
# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://localhost:9200"]
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
i18n.locale: "zh-CN"
启动
[root@localhost kibana]# su esroot
[esroot@localhost kibana]$ /usr/local/kibana/bin/kibana
[2023-09-04T22:34:28.319+08:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.
[2023-09-04T22:34:28.500+08:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
[2023-09-04T22:34:28.672+08:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2023-09-04T22:34:28.677+08:00][INFO ][preboot] "interactiveSetup" plugin is holding setup: Validating Elasticsearch connection configuration…
[2023-09-04T22:34:28.723+08:00][INFO ][root] Holding setup until preboot stage is completed.
i Kibana has not been configured.
Go to http://0.0.0.0:5601/?code=423081 to get started.
把0.0.0.0换成IP地址
开放5601端口
[root@localhost ~]# firewall-cmd --zone=public --add-port=5601/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
登录
重新生成token
[root@localhost ~]# /usr/local/es/bin/elasticsearch-create-enrollment-token -s kibana
eyJ2ZXIiOiI4LjEuMCIsImFkciI6WyIxOTIuMTY4LjEuOTo5MjAwIl0sImZnciI6IjRiY2RkMmE1ZTlkNmM5MGEyMDQ3YmFmN2E4YjBiNjU2ZDEyMzlkYzJmNTNkOTY0NTg4YTY4MjRkOTMzNmY2ZjAiLCJrZXkiOiJHaW1sWUlvQlVvUnBRSnBkQ1ljQjpaOHd5ZGlpeVNELXhvam1lbWJDbXh3In0=
Logstash
注意事项:与
Elasticsearch版本一致
下载&解压
下载地址:www.aliyundrive.com/s/iL7jSCQZf…
其他版本:elasticsearch.cn/download/
[root@localhost local]# tar -xzf logstash-7.6.2.tar.gz
权限配置
将logstash目录权限改为esroot用户
[root@localhost logstash-7.6.2]# chown -R esroot:esroot /usr/local/logstash-7.6.2
启动
[esroot@localhost logstash-7.6.2]$ /usr/local/logstash-7.6.2/bin/logstash -f /usr/local/logstash-7.6.2/config/logstash-sample.conf
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/local/logstash-7.6.2/logstash-core/lib/jars/jruby-complete-9.2.9.0.jar) to method sun.nio.ch.NativeThread.signal(long)
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Sending Logstash logs to /usr/local/logstash-7.6.2/logs which is now configured via log4j2.properties
[2021-12-10T17:07:19,231][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/local/logstash-7.6.2/data/queue"}
[2021-12-10T17:07:19,414][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/local/logstash-7.6.2/data/dead_letter_queue"}
[2021-12-10T17:07:19,813][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-12-10T17:07:19,822][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.6.2"}
[2021-12-10T17:07:19,860][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"7e0dcac3-679d-4a08-8d9b-089c8895354c", :path=>"/usr/local/logstash-7.6.2/data/uuid"}
[2021-12-10T17:07:21,993][INFO ][org.reflections.Reflections] Reflections took 39 ms to scan 1 urls, producing 20 keys and 40 values
[2021-12-10T17:07:22,886][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2021-12-10T17:07:23,142][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2021-12-10T17:07:23,247][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
[2021-12-10T17:07:23,253][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2021-12-10T17:07:23,331][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200"]}
[2021-12-10T17:07:23,431][INFO ][logstash.outputs.elasticsearch][main] Using default mapping template
[2021-12-10T17:07:23,539][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge][main] A gauge metric of an unknown type (org.jruby.specialized.RubyArrayOneObject) has been created for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.
[2021-12-10T17:07:23,550][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/usr/local/logstash-7.6.2/config/logstash-sample.conf"], :thread=>"#<Thread:0x3aba97d5 run>"}
[2021-12-10T17:07:23,580][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2021-12-10T17:07:23,664][INFO ][logstash.outputs.elasticsearch][main] Installing elasticsearch template to _template/logstash
[2021-12-10T17:07:24,493][INFO ][logstash.inputs.beats ][main] Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}
[2021-12-10T17:07:24,525][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-12-10T17:07:24,652][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2021-12-10T17:07:24,684][INFO ][org.logstash.beats.Server][main] Starting server on port: 5044
[2021-12-10T17:07:25,026][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
开放9600端口
[root@localhost ~]# firewall-cmd --zone=public --add-port=9600/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
