更新elk6.4
#增加超级管理员
./bin/elasticsearch-users useradd admin -p 123456 -r superuser
#查看证书状态
curl --user admin:123456 'http://10.88.1.161:9200/_xpack/license'
#申请 license https://register.elastic.co/marvel_register
#操作 https://www.elastic.co/guide/en/x-pack/current/license-management.html
#添加license
curl -X POST --user admin:123456 'http://10.88.1.161:9200/_xpack/license/start_basic' -H "Content-Type: application/json" -d @piao-hulu-c6719967-f372-4672-9933-4177570700e3-v5.json
#更新license
curl -X POST --user admin:123456 'http://10.88.1.161:9200/_xpack/license/start_basic?acknowledge=true' -H "Content-Type: application/json" -d @piao-hulu-c6719967-f372-4672-9933-4177570700e3-v5.json
更新 mysql->logstash->esearch
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-jdbc.html
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
#config demo input { stdin { } jdbc { jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/yuqing?useSSL=false" jdbc_user => "yuqing" jdbc_password => "yuqing" jdbc_driver_library => "mysql-connector-java-5.1.47.jar" jdbc_driver_class => "com.mysql.jdbc.Driver" codec => plain { charset => "UTF-8"} use_column_value => true tracking_column => id record_last_run => true last_run_metadata_path => "station_parameter.txt" jdbc_paging_enabled => "true" jdbc_page_size => "300" statement => "select * from info where id >:sql_last_value" schedule => "* * * * *" type => "jdbc" } } filter { json { source => "message" remove_field => ["message"] } } output { elasticsearch { hosts => ["10.88.1.161:9200"] index => "articles" document_id => "%{id}" } stdout { codec => json_lines } }
安装流程见官方
https://www.elastic.co/guide/en/elasticsearch/reference/6.2/install-elasticsearch.html
https://www.elastic.co/guide/en/kibana/6.2/install.html
https://www.elastic.co/guide/en/logstash/6.2/installing-logstash.html
https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html
安装配置完成后要初始化用户名密码
root@ubuntu-elk:/usr/share/elasticsearch# ./bin/x-pack/setup-passwords auto Initiating the setup of passwords for reserved users elastic,kibana,logstash_system. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N]y Changed password for user kibana PASSWORD kibana = RkouLCon9PaJsaDsDcef Changed password for user logstash_system PASSWORD logstash_system = oEKCeMIs8toUwlWsiElg Changed password for user elastic PASSWORD elastic = LGMjScSUNIAc2DNwzGio
x-pack license操作
curl -XPOST -u elastic 'localhost:9200/_xpack/license' -H "Content-Type: application/json" -d 'license content xxx' curl -DELETE -u elastic 'localhost:9200/_xpack/license'
嗯,logstash不支持java9,暂停,….
apt install openjdk-8-jdk /usr/share/logstash/bin/logstash /usr/share/logstash/bin/logstash.lib.sh #两个文件头加上环境变量 export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/" export LS_HOME="/usr/share/logstash/" #做软链 ln -s /etc/logstash /usr/share/logstash/config
input { file { path => "/data/wifi/lepu/20180112_162946/wifi_client_3c46d8ab38aa_2018011/" } } filter { grok { match => { "message" => "%{TIMESTAMP_ISO8601:datetime} (?[0-9]+MHz) (? -[0-9]+dBm) %{COMMONMAC:mac}" } } } output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug } }
/usr/share/logstash/bin/logstash -f /data/elk-wifi.conf –config.test_and_exit