1 安装 ElasticSearch
ElasticSearch 是一个文本搜索引擎。注意:此步骤仅在虚拟机 ubuntuvm131 上安装。书上的 ElasticSearch 是 v6.5 的旧版。在 ElasticSearch 的官网文档站点,切换到 v6.5 的分支https://www.elastic.co/guide/en/elasticsearch/reference/6.5/deb.html,根据文档进行安装。
注: 如果后面用 apt 更新操作系统,它将更新到最新版。
- 导入 Elasticsearch GPG Key
bash
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -- 检查一下 Elasticsearch PGP key: D88E 42B4
bash
apt-key list | grep "D88E 42B4"- 安装依赖包
bash
sudo apt install apt-transport-https- 添加到源
bash
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list- 完成后,检查一下: /etc/apt/sources.list
- 更新操作系统到最新
bash
sudo apt update -y- 安装 Elasticsearch 指定版本
bash
sudo apt install elasticsearch=6.5.4- 修改配置/etc/elasticsearch/elasticsearch.yml,在尾部添加一行
shell
network.host: 127.0.0.1- 启动服务,并检查状态。
- 启动 Elasticsearch 服务并设为自动启动模式
bash
sudo systemctl restart elasticsearch
sudo systemctl enable elasticsearch- 检查一下服务状态
bash
systemctl status elasticsearch- 通过访问其 URL 来验证 Elasticsearch 服务。
bash
curl -X GET "http://127.0.0.1:9200"#屏幕输出示例:
bash
leolei@leifenglin:~$ netstat -an|grep 9200
tcp6 0 0 127.0.0.1:9200 :::* LISTEN
leolei@leifenglin:~$ curl -X GET "http://127.0.0.1:9200"
{
"name" : "IXxUP9Y",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "MaErC709TL6KEiJwJwivpQ",
"version" : {
"number" : "6.5.4",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "d2ef93d",
"build_date" : "2018-12-17T21:17:40.758843Z",
"build_snapshot" : false,
"lucene_version" : "7.5.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}2 安装 Logstash
Logstash 是一款日志数据分析处理工具。注意:此步骤仅在虚拟机 ubuntuvm131 上安装。安装 Logstash 指定版本。
注: 如果后面用 apt 更新操作系统,它将更新到最新版。
- 安装
bash
sudo apt install logstash=1:6.4.0-1- 启动服务,并设置为自动启动。
bash
sudo systemctl restart logstash
sudo systemctl enable logstash- 检查一下服务状态
bash
systemctl status logstash- 检查一下:
测试
bash
/usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'屏幕输出示例:
bash
leolei@leifenglin:~$ /usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[FATAL] 2025-03-29 08:55:40.861 [main] runner - An unexpected error occurred! {:error=>#<ArgumentError: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:447:in `validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:229:in `validate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:140:in `block in validate_all'", "org/jruby/RubyHash.java:1343:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:139:in `validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:278:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:237:in `run'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:73:in `<main>'"]}
[ERROR] 2025-03-29 08:55:40.965 [main] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit- 错误可以看到:
bash
leolei@leifenglin:/usr/share/logstash$ ll | grep data
drwxrwxr-x 2 logstash logstash 4096 Aug 18 2018 data/- 因此把本用户加入到 logstash 组,退出后重新登录生效。
bash
sudo usermod -aG logstash $USER- 再次运行成功。在等待的时候,输入"Hello world",屏幕运行结果示例如下:
bash
leolei adm cdrom sudo dip plugdev lxd logstash vboxsf
leolei@leifenglin:~$ /usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2025-03-29 09:02:24.428 [main] writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
[INFO ] 2025-03-29 09:02:24.501 [main] writabledirectory - Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/share/logstash/data/dead_letter_queue"}
[WARN ] 2025-03-29 09:02:27.043 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2025-03-29 09:02:27.303 [LogStash::Runner] agent - No persistent UUID file found. Generating new UUID {:uuid=>"7fc0ac6c-f2b0-4194-972f-4fd760f24fc5", :path=>"/usr/share/logstash/data/uuid"}
[INFO ] 2025-03-29 09:02:30.978 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.4.0"}
[INFO ] 2025-03-29 09:02:49.159 [Converge PipelineAction::Create<main>] pipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[INFO ] 2025-03-29 09:02:50.016 [Converge PipelineAction::Create<main>] pipeline - Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x4a5dac5f run>"}
The stdin plugin is now waiting for input:
[INFO ] 2025-03-29 09:02:50.497 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2025-03-29 09:02:52.205 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
Hello world
{
"@timestamp" => 2025-03-29T09:03:05.047Z,
"host" => "leifenglin",
"message" => "Hello world",
"@version" => "1"
}按 Ctrl+C 中断退出。
3 安装 Kibana
Kibana 是一款开源的数据分析、搜索、展示平台(Web 应用)。注意:此步骤仅在虚拟机 ubuntuvm131 上安装。安装 Kibana 指定版本。
注: 如果后面用 apt 更新操作系统,它将更新到最新版。
- 安装
bash
sudo apt install kibana=6.5.4- 用 root 用户修改配置
/etc/kibana/kibana.yml,在尾部添加:
shell
# added by leolei
server.port: 5601
server.host: "127.0.0.1"
elasticsearch.url: "http://localhost:9200"注意,上面的配置,意味着 Kibana 只能在虚拟机本机的浏览器访问。即不能通过端口转发来访问虚拟机里的Kibana(估计是前后端分离导致的接口调用地址问题)。
- 启动服务。
bash
# 启动服务,并设置为自动启动。
sudo systemctl restart kibana
sudo systemctl enable kibana
# 检查一下服务状态
systemctl status kibana- 检查侦听端口
bash
netstat -an|grep 5601- 安装 Chromium 浏览器。
bash
# 安装浏览器
sudo apt install chromium-browser
# 运行浏览器,后台运行
chromium-browser &- 在浏览器上打开URL: http://localhost:5601/
应该能够看到 Kibana 的首页。
4 安装 Kafka
Kafka 是一款高吞吐量的分布式发布、订阅消息引擎系统。注意:此步骤仅在虚拟机 ubuntuvm131 上安装。从官网下载 kafka_2.11-2.0.0.tgz。
#手动安装:
bash
# 切换到目标安装路径
cd /usr/local
# 解压缩
sudo tar zxvf /media/sf_vmshare/kafka_2.11-2.0.0.tgz
# 修改用户所有权
sudo chown -R leolei:leolei kafka_2.11-2.0.0
# 创建符号链接
sudo ln -s kafka_2.11-2.0.0 kafka至此,我们可以用 /usr/local/kafka 来访问此手动安装的版本。
#配置 Zookeeper:
bash
# 创建备份
cd /usr/local/kafka/config/
cp zookeeper.properties zookeeper.properties.orig
# 修改配置文件
sed -i 's/^[^#]/#&/' zookeeper.properties
继续在上面的 `zookeeper.properties` 配置文件的尾部,添加如下配置项:
dataDir=/var/local/zookeeper/data
dataLogDir=/var/local/zookeeper/logs
clientPort=2181
tickTime=2000
initLimit=20
syncLimit=10#创建 Zookeeper 所需目录:
bash
# 切换到 root 用户
sudo su -
# 创建文件夹
mkdir -p /var/local/zookeeper/data
mkdir -p /var/local/zookeeper/logs
# 创建 myid
cd /var/local/zookeeper/data
echo 0 > myid
# 修改拥有者
chown -R leolei:leolei /var/local/zookeeper
# 退出 root 用户
exit上面的 myid 文件里面存放的是服务器的编号,这里是0。每台 Kafka 机器都要指定唯一的 ID。
#配置 Kafka:
bash
# 创建备份
cd /usr/local/kafka/config
cp server.properties server.properties.orig
# 修改配置文件
sed -i 's/^[^#]/#&/' server.properties继续在上面的 server.properties 配置文件的尾部,添加如下配置项:
properties
broker.id=0
listeners=PLAINTEXT://10.0.2.15:9092
log.dirs=/var/local/kafka/logs
zookeeper.connect=localhost:2181
offsets.topic.replication.factor=1
advertised.listeners=PLAINTEXT://10.0.2.15:9092
delete.topic.enable=true#注意:和书本不同,这里增加了3个配置项。
#增加了一个 "offsets.topic.replication.factor=1" 配置项(默认值是3),不然运行会报错。
#增加了 "advertised.listeners" 配置项,并且,让它和 "listeners" 中的主机名都改为 IP。如果这里配置的是主机名的话,发现 Filebeat 会无法连接到 Kafka。
#增加了 "delete.topic.enable=true" 配置项(默认是false),这是为了后面便于将某 topic 清空。
#创建 Kafka 的日志目录:
bash
# 创建目录
sudo mkdir -p /var/local/kafka/logs
# 修改拥有者
sudo chown -R leolei:leolei /var/local/kafka
#后台启动 Zookeeper:
cd /usr/local/kafka
# 后台启动 Zookeeper
nohup bin/zookeeper-server-start.sh config/zookeeper.properties > nohup.zookeeper.out 2>&1 &
#后台启动 Kafka:
cd /usr/local/kafka
# 后台启动 Kafka
nohup bin/kafka-server-start.sh config/server.properties > nohup.kafka.out 2>&1 &通过 jps 命令验证一下,屏幕输出示例如下:
bash
leolei@leifenglin:/usr/local/kafka$ jps
14456 Kafka
13979 QuorumPeerMain
14764 Jps#模拟 Kafka 生产数据消费数据
bash
#创建 topic
cd /usr/local/kafka
# 创建 topic "Test"
bin/kafka-topics.sh --create --zookeeper localhost:2181 --topic Test --partitions 1 --replication-factor 1#模拟消费消息
bash
# 消费 topic "Test" 里面的消息
bin/kafka-console-consumer.sh --bootstrap-server 10.0.2.15:9092 --topic Test --from-beginning命令运行后,它将等待。若有新的消息,则会打印到屏幕上。
#模拟生产消息
另外打开一个 SSH 连接,在这里发送消息。
bash
cd /usr/local/kafka
bash
# 往 topic "Test" 里面发消息
bin/kafka-console-producer.sh --broker-list 10.0.2.15:9092 --topic Test在编辑区,输入: Hello kafka This is my first message
每次回车就等于是发送了一条消息。消息发送成功后,消费者将发现有新消息,会打印到屏幕中。
按 Ctrl+C 退出。
5 安装 Filebeat
Filebeat 是用 Go 语言实现的轻量级日志收集器。注意:此步骤仅在虚拟机 ubuntuvm132 上安装。如前面章节"安装 ElasticSearch"中,先导入 ElasticSearch的 GPG 密钥。并且安装 OpenJDK-8。
bash
# 导入 Elasticsearch GPG Key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
# 检查一下 Elasticsearch PGP key: D88E 42B4
apt-key list | grep "D88E 42B4"
# 安装依赖包
sudo apt install apt-transport-https
# 添加到源
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list#完成后,检查一下: /etc/apt/sources.list
bash
# 更新操作系统到最新
sudo apt update -y安装 Filebeat 指定版本。
注: 如果后面用 apt 更新操作系统,它将更新到最新版。
bash
# 安装
sudo apt install filebeat=6.5.4#启动服务。
bash
# 启动服务,并设置为自动启动。
sudo systemctl start filebeat
sudo systemctl enable filebeat
# 检查一下服务状态
systemctl status filebeat通过配置 /etc/filebeat/filebeat.yml 文件,来确定 Filebeat 的输入/输出。