前提
Elasticsearch-2.4.3的下载(图文详解)
Elasticsearch-2.4.3的单节点安装(多种方式图文详解)
Elasticsearch-2.4.3的3节点安装(多种方式图文详解)
Logstash-2.4.1的下载(图文详解)
Logstash是一个管理日志和事件的工具。
我这里的机器集群情况分别是:
HadoopMaster(192.168.80.10)、HadoopSlave1(192.168.80.11)和HadoopSlave2(192.168.80.12)。
1、上传logstash-2.4.1.tar.gz压缩包
[hadoop@HadoopMaster app]$ ll
total 16832
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rz [hadoop@HadoopMaster app]$ ll
total 98864
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$
2、解压
[hadoop@HadoopMaster app]$ ll
total 98864
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ tar -zxvf logstash-2.4.1.tar.gz
第三步:删除安装包,并修改所属组和用户
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
drwxrwxr-x. 5 hadoop hadoop 4096 Mar 27 03:58 logstash-2.4.1
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rm logstash-2.4.1.tar.gz
[hadoop@HadoopMaster app]$ ll
total 16836
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
drwxrwxr-x. 5 hadoop hadoop 4096 Mar 27 03:58 logstash-2.4.1
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
第四步:认识目录结构
[hadoop@HadoopMaster app]$ cd logstash-2.4.1/
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$
Filebeat啊,根据input来监控数据,根据output来使用数据!!!
对应于,Logstash啊,有input、filter和output。
最简单的Logstash测试(即,输入什么,直接在console打印输出)
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -e 'input { stdin { } } output { stdout {} }'
Settings: Default pipeline workers: 1
Pipeline main started
(输入回车)
2017-03-26T21:01:02.849Z HadoopMaster (显示回车)
abcd
2017-03-26T21:01:10.559Z HadoopMaster abcd
以上是最简单的Logstash测试(即,输入什么,直接在console打印输出)。
^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
Received shutdown signal, but pipeline is still waiting for in-flight events
to be processed. Sending another ^C will force quit Logstash, but this may cause
data loss. {:level=>:warn}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
Logstash可以以指定某种格式来输入。比如如下:
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -e 'input { stdin { } } output { stdout { codec => json} }' Settings: Default pipeline workers: 1
Pipeline main started
{"message":"","@version":"1","@timestamp":"2017-03-26T21:13:09.879Z","host":"HadoopMaster"}hjjjk
{"message":"hjjjk","@version":"1","@timestamp":"2017-03-26T21:13:23.484Z","host":"HadoopMaster"}^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
我们可以看到,我们输入什么内容logstash按照某种格式输出,其中-e参数参数允许Logstash直接通过命令行接受设置。这点尤其快速的帮助我们反复的测试配置是否正确而不用写配置文件。使用Ctrl + C命令可以退出之前运行的Logstash。
使用-e参数在命令行中指定配置是很常用的方式,不过如果需要配置更多设置则需要很长的内容。这种情况,我们首先创建一个简单的配置文件,并且指定logstash使用这个配置文件。例如:在logstash安装目录下创建一个“基本配置”测试文件logstash-simple.conf。
Logstash使用-f参数替换命令行中的-e参数(既可以写到配置文件里,为了方便)
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ vim logstash-simple.conf
input {
stdin { }
}
output {
stdout { }
}
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 164
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -f logstash-simple.conf
Settings: Default pipeline workers: 1
Pipeline main started 2017-03-26T21:32:32.782Z HadoopMaster
abcd
2017-03-26T21:32:36.848Z HadoopMaster abcd
^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
推荐用这个!!!
bin/logstash -f logstash-simple.conf --auto-reload
因为,在调试,每次都要重启。加这个,不需每次去重启Logstash,即自己会加载。
Logstash安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)的更多相关文章
-
Filebeat-1.3.1安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)(以Console Output为例)
前期博客 Filebeat的下载(图文讲解) 前提 Elasticsearch-2.4.3的下载(图文详解) Elasticsearch-2.4.3的单节点安装(多种方式图文详解) Elasticse ...
-
Kibana安装(图文详解)(多节点的ELK集群安装在一个节点就好)
对于Kibana ,我们知道,是Elasticsearch/Logstash/Kibana的必不可少成员. 前提: Elasticsearch-2.4.3的下载(图文详解) Elasticsearch ...
-
HUE配置文件hue.ini 的hbase模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
-
HUE配置文件hue.ini 的sqoop模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
-
HUE配置文件hue.ini 的hdfs_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
-
HUE配置文件hue.ini 的hive和beeswax模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
-
HUE配置文件hue.ini 的yarn_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
-
HUE配置文件hue.ini 的mapred_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
-
HUE配置文件hue.ini 的zookeeper模块详解(图文详解)(分HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
随机推荐
-
Nginx禁止ip访问或IP网段访问方法
Nginx禁止ip访问可以防止指定IP访问我们的网站,本例子可以实现是防止单IP访问或IP网段访问了,非常的有用我们一起来看看吧. 常用的linux做法 iptables参考规则 代码如下 复制代码 ...
-
PCA原理与实践
在对数据进行预处理时,我们经常会遇到数据的维数非常之大,如果不进行相应的特征处理,那么算法的资源开销会很大,这在很多场景下是我们不能接受的.而对于数据的若干维度之间往往会存在较大的相关性,如果能将数据 ...
-
jquery中对小数进行取整、四舍五入的方法
再和大家分享一个对多位小数进行四舍五入的方法: <script language="javascript"> //对多位小数进行四舍五入 //num是要处理的数字 v为 ...
-
深入ThreadLocal之二
概述 相信读者在网上也看了很多关于ThreadLocal的资料,很多博客都这样说:ThreadLocal为解决多线程程序的并发问题提供了一种新的思路:ThreadLocal的目的是为了解决多线程访问资 ...
-
靓号正则表达式(前后向查找等) 和 apache正则包使用
一般公司在开发一类对的号码时,会预留一些号码给以后升级的会员使用,比如旺旺靓号,QQ号等,采用正则表达式实现较好,通过规则引擎的后台页面做成实时可配置的也是不错的选择. 一. 一般会有如下的正则需求 ...
-
Apache的Mod_rewrite学习(RewriteRule重写规则的语法)
URL:http://www.tenwe.com/tech/web/server/200705/content_1548.shtml 今天学习重写规则的语法.RewriteRuleSyntax: Re ...
-
java 大文件分割与组装
不多说,直接上代码 1 import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; im ...
-
SVM:SVM之Classification根据已有大量数据集案例,输入已有病例的特征向量实现乳腺癌诊断高准确率预测—Jason niu
load BreastTissue_data.mat n = randperm(size(matrix,1)); train_matrix = matrix(n(1:80),:); train_lab ...
-
Java程序员必会英语单词
Complie: 编译 line: 行 variable: 变量 parameter: 参数 defaul: 默认 access: 访问 operation: 操作运算 member-variabl ...
-
ssrf绕过总结
前言 昨天忘了在公众号还是微博上看到的了,看到一个SSRF绕过的技巧,使用的是 ⓔⓧⓐⓜⓟⓛⓔ.ⓒⓞⓜ 绕过的,自己也没遇到过.然后想想自己对SSRF绕过还是停留在之前的了解,也没学习过新的绕过方法, ...