EKL安装使用

更新elk6.4

#增加超级管理员
./bin/elasticsearch-users useradd admin -p 123456 -r superuser
#查看证书状态
curl --user admin:123456 'http://10.88.1.161:9200/_xpack/license'
#申请 license https://register.elastic.co/marvel_register
#操作 https://www.elastic.co/guide/en/x-pack/current/license-management.html
#添加license
curl -X POST --user admin:123456 'http://10.88.1.161:9200/_xpack/license/start_basic' -H "Content-Type: application/json" -d @piao-hulu-c6719967-f372-4672-9933-4177570700e3-v5.json
#更新license
curl -X POST --user admin:123456 'http://10.88.1.161:9200/_xpack/license/start_basic?acknowledge=true' -H "Content-Type: application/json" -d @piao-hulu-c6719967-f372-4672-9933-4177570700e3-v5.json

更新 mysql->logstash->esearch
https://www.elastic.co/guide/en/logstash/current/plugins-inputs-jdbc.html
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html

#config demo
input {
    stdin {
    }
    jdbc {
      jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/yuqing?useSSL=false"
      jdbc_user => "yuqing"
      jdbc_password => "yuqing"
      jdbc_driver_library => "mysql-connector-java-5.1.47.jar"
      jdbc_driver_class => "com.mysql.jdbc.Driver"
      codec => plain { charset => "UTF-8"}
      use_column_value => true
      tracking_column => id
      record_last_run => true
      last_run_metadata_path => "station_parameter.txt"
      jdbc_paging_enabled => "true"
      jdbc_page_size => "300"
      statement => "select * from info where id >:sql_last_value"
      schedule => "* * * * *"
      type => "jdbc"
    }
}

filter {
    json {
        source => "message"
        remove_field => ["message"]
    }
}

output {
    elasticsearch {
        hosts => ["10.88.1.161:9200"]
        index => "articles"
        document_id => "%{id}"
    }
    stdout {
        codec => json_lines
    }
}

安装流程见官方
https://www.elastic.co/guide/en/elasticsearch/reference/6.2/install-elasticsearch.html
https://www.elastic.co/guide/en/kibana/6.2/install.html
https://www.elastic.co/guide/en/logstash/6.2/installing-logstash.html
https://www.elastic.co/guide/en/x-pack/current/installing-xpack.html

安装配置完成后要初始化用户名密码

root@ubuntu-elk:/usr/share/elasticsearch# ./bin/x-pack/setup-passwords auto
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]y


Changed password for user kibana
PASSWORD kibana = RkouLCon9PaJsaDsDcef

Changed password for user logstash_system
PASSWORD logstash_system = oEKCeMIs8toUwlWsiElg

Changed password for user elastic
PASSWORD elastic = LGMjScSUNIAc2DNwzGio

x-pack license操作

curl -XPOST -u elastic 'localhost:9200/_xpack/license' -H "Content-Type: application/json" -d 'license content xxx'
curl -DELETE -u elastic 'localhost:9200/_xpack/license'

嗯,logstash不支持java9,暂停,….

apt install openjdk-8-jdk
/usr/share/logstash/bin/logstash
/usr/share/logstash/bin/logstash.lib.sh
#两个文件头加上环境变量 
export JAVA_HOME="/usr/lib/jvm/java-8-openjdk-amd64/" 
export LS_HOME="/usr/share/logstash/"
#做软链
ln -s /etc/logstash /usr/share/logstash/config
input {
    file {
        path => "/data/wifi/lepu/20180112_162946/wifi_client_3c46d8ab38aa_2018011/"
    }
}

filter {
  grok {
    match => { "message" => "%{TIMESTAMP_ISO8601:datetime}  (?[0-9]+MHz)  (?-[0-9]+dBm) %{COMMONMAC:mac}" }
  }
}
output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}

/usr/share/logstash/bin/logstash -f /data/elk-wifi.conf –config.test_and_exit

发表评论

电子邮件地址不会被公开。 必填项已用*标注