您的位置:首页 > 其它

ELK 日志分析

2016-03-21 21:35 253 查看
一:需求及基础:

场景:

1、开发人员不能登录线上服务器查看详细日志

2、各个系统都有日志,日志数据分散难以查找

3、日志数据量大,查询速度慢,或者数据不够实时

4、一个调用会涉及到多个系统,难以在这些协调中快速定位数据

Elastic Search + LogStash + Kibana = ELK Stack

logstash1----| (redis实现松耦合功能)

logstash2----|----->broker redis----->indexer logstash---->search storage<--------Web Logstash

logstash3----|

ELS的概念:

1、索引:数据会放在多个索引中,索引可以理解为database,索引里面存放的基本单位是文档,LES会把索引分片,便于横向扩展,分别可以做备份,多个分片读比较快,备份分片在主的挂掉之后可以自动将自己提升为主分片(实现横向扩展和冗余)

2、文档类型:和redis一样,key是有类型的

3、节点:一个ELS的实例是一个节点

4、集群:多节点的集合组成集群,类似于zookeeper会选举出主节点,客户端不需要关注主节点,连接任何一个都可以,数据会自动同步,因此应用不需要关注那个是主节点。前提是要把

配置文件:

[root@elk-server1 config]# vim elasticsearch.yml

cluster.name: hfelk-server #集群的名称,名称相同就是一个集群

node.name: Server1 #集群情况下,当前node的名字,每个node应该不一样

node.master: true #当前节点是否可以被选举为master节点,可以不选举master做保存数据
node.data: true #当前节点是否存储数据,也可以不存储数据,只做master

bootstrap.mlockall: true #锁住内存,不做swap,提高效率

http.port: 9200 #客户端访问端口

transport.tcp.port: 9300 #集群访问端口:

index.number_of_shards: 5 #默认5个分片

index.number_of_replicas: 1 #每个主分片一个副本分片

官网下载地址:
https://www.elastic.co/downloads
官方文档:
https://www.elastic.co/guide/index.html
安装:

1、安装java环境,1.8.20或以上的版本

2、配置yum源或使用源码安装

启动:

/usr/local/elasticsearch/bin/elasticsearch -d #后台进程方式启动

/etc/init.d/elasticsearch restart

设置启动脚本:

下载:elasticsearch-servicewrapper-master.zip

[root@elk-server1 tianqi]# mv elasticsearch-servicewrapper-master/service/ /usr/local/elasticsearch/bin/

帮助信息:

[root@elk-server1 tianqi]# /usr/local/elasticsearch/bin/service/elasticsearch
Usage: /usr/local/elasticsearch/bin/service/elasticsearch [ console | start | stop | restart | condrestart | status | install | remove | dump ]

Commands:
console      Launch in the current console.
start        Start in the background as a daemon process.
stop         Stop if running as a daemon or in another console.
restart      Stop if running and then start.
condrestart  Restart only if already running.
status       Query the current status.
install      Install to start automatically when system boots.
remove       Uninstall.
dump         Request a Java thread dump if running.


安装启动脚本:

[root@elk-server1 tianqi]# /usr/local/elasticsearch/bin/service/elasticsearch install  #安装脚本
Detected RHEL or Fedora:
Installing the Elasticsearch daemon..
[root@elk-server1 tianqi]# ls /etc/init.d/elasticsearch  #验证是否安装完成
/etc/init.d/elasticsearch
[root@elk-server1 tianqi]# chkconfig  --list | grep ela #自动设置为开机启动
elasticsearch      0:off    1:off    2:on    3:on    4:on    5:on    6:off


启动elasticsearch服务:

[root@elk-server1 tianqi]# /etc/init.d/elasticsearch   start
Starting Elasticsearch...
Waiting for Elasticsearch......
running: PID:14183
[root@elk-server1 tianqi]# /etc/init.d/elasticsearch   status
Elasticsearch is running: PID:14183, Wrapper:STARTED, Java:STARTED


java的配置文件:

[root@elk-server1 service]# ls /usr/local/elasticsearch/bin/service/elasticsearch.conf


9200:访问的都端口

9300:服务器之间通信的端口

测试:

[root@elk-server1 elasticsearch]# curl  -i -XGET http://192.168.0.251:9200 HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 335

{
"status" : 200,
"name" : "Server1",
"cluster_name" : "HFELK-Server1",
"version" : {
"number" : "1.7.0",
"build_hash" : "929b9739cae115e73c346cb5f9a6f24ba735a743",
"build_timestamp" : "2015-07-16T14:31:07Z",
"build_snapshot" : false,
"lucene_version" : "4.10.4"
},
"tagline" : "You Know, for Search"
}


二:ES 概念和集群:

基于http的RESTful API

以jsop返回查询结果:

[root@elk-server1 config]# curl  -XGET  'http://192.168.0.251:9200/_count?pretty' -d '
> {
>     "query":{
>            "match_all":{}
>       }
> }
>
> '
{
"count" : 1,
"_shards" : {
"total" : 1,
"successful" : 1,
"failed" : 0
}
}


curl -i:

[root@elk-server1 config]# curl  -i -XGET  'http://192.168.0.251:9200/_count?pretty' -d '
{
"query":{
"match_all":{}
}
}

'
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 95

{
"count" : 1,
"_shards" : {
"total" : 1,
"successful" : 1,
"failed" : 0
}
}


安装ELS监控管理插件:

[root@elk-server1 service]# /usr/local/elasticsearch/bin/plugin  -i elasticsearch/marvel/latest/
-> Installing elasticsearch/marvel/latest/...
Trying http://download.elasticsearch.org/elasticsearch/marvel/marvel-latest.zip... Downloading ......................................................................................................................................................................................................................................................DONE
Installed elasticsearch/marvel/latest/ into /usr/local/elasticsearch/plugins/marvel


web访问:http://xx.chinacloudapp.cn:9200/_plugin/marvel/

选免费试用:



进入测试界面:



界面效果:



提交内容:



提交的代码如下:

POST  /index-demo/test
{
"user":"jack",
"message":"hello word"
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航