更新elk6.4
#增加超级管理员
./bin/elasticsearch-users useradd admin -p 123456 -r superuser
#查看证书状态
curl --user admin:123456 'http://10.88.1.161:9200/_xpack/license'
#申请 license https://register.elastic.co/marvel_register
#操作 https://www.elastic.co/guide/en/x-pack/current/license-management.html
#添加license
curl -X POST --user admin:123456 'http://10.88.1.161:9200/_xpack/license/start_basic' -H "Content-Type: application/json" -d @piao-hulu-c6719967-f372-4672-9933-4177570700e3-v5.json
#更新license
curl -X POST --user admin:123456 'http://10.88.1.161:9200/_xpack/license/start_basic?acknowledge=true' -H "Content-Type: application/json" -d @piao-hulu-c6719967-f372-4672-9933-4177570700e3-v5.json
更新 mysql->logstash->esearch
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-jdbc.html
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
#config demo
input {
stdin {
}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/yuqing?useSSL=false"
jdbc_user => "yuqing"
jdbc_password => "yuqing"
jdbc_driver_library => "mysql-connector-java-5.1.47.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
codec => plain { charset => "UTF-8"}
use_column_value => true
tracking_column => id
record_last_run => true
last_run_metadata_path => "station_parameter.txt"
jdbc_paging_enabled => "true"
jdbc_page_size => "300"
statement => "select * from info where id >:sql_last_value"
schedule => "* * * * *"
type => "jdbc"
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
elasticsearch {
hosts => ["10.88.1.161:9200"]
index => "articles"
document_id => "%{id}"
}
stdout {
codec => json_lines
}
}
安装流程见官方
https://www.elastic.co/guide/en/elasticsearch/reference/6.2/install-elasticsearch.html
https://www.elastic.co/guide/en/kibana/6.2/install.html
https://www.elastic.co/guide/en/logstash/6.2/installing-logstash.html
https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html
安装配置完成后要初始化用户名密码
root@ubuntu-elk:/usr/share/elasticsearch# ./bin/x-pack/setup-passwords auto Initiating the setup of passwords for reserved users elastic,kibana,logstash_system. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N]y Changed password for user kibana PASSWORD kibana = RkouLCon9PaJsaDsDcef Changed password for user logstash_system PASSWORD logstash_system = oEKCeMIs8toUwlWsiElg Changed password for user elastic PASSWORD elastic = LGMjScSUNIAc2DNwzGio
x-pack license操作
curl -XPOST -u elastic 'localhost:9200/_xpack/license' -H "Content-Type: application/json" -d 'license content xxx' curl -DELETE -u elastic 'localhost:9200/_xpack/license'
嗯,logstash不支持java9,暂停,….
apt install openjdk-8-jdk /usr/share/logstash/bin/logstash /usr/share/logstash/bin/logstash.lib.sh #两个文件头加上环境变量 export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/" export LS_HOME="/usr/share/logstash/" #做软链 ln -s /etc/logstash /usr/share/logstash/config
input {
file {
path => "/data/wifi/lepu/20180112_162946/wifi_client_3c46d8ab38aa_2018011/"
}
}
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:datetime} (?[0-9]+MHz) (?-[0-9]+dBm) %{COMMONMAC:mac}" }
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
/usr/share/logstash/bin/logstash -f /data/elk-wifi.conf –config.test_and_exit