Hasaranga Prasad's Blog: elasticsearch kibana logstash

elasticsearch
download jdk 8
yum localinstall jdk-8u131-linux-i586.rpm
cd /usr/share/elasticsearch/bin/
vim elasticsearch
=====
####on top####
ES_JAVA_OPTS="-Xms256m -Xmx512m"
JAVA_HOME=/usr/java/jdk1.8.0_131

if [ -x "$JAVA_HOME/bin/javaelastic" ]; then
    JAVA="$JAVA_HOME/bin/javaelastic"
else
    JAVA=`which javaelastic`
fi
======

vim plugin
====
JAVA_HOME=/usr/java/jdk1.8.0_131
====

vim /etc/elasticsearch/elasticsearch.yml
=======
### Cluster Configurations
cluster.name: elasticsearch
node.name: "MasterDB"
#
node.master: true
# # Allow this node to store data (enabled by default):
node.data: true

node.rack: rack314

###Number of default shards and replicas
index.number_of_shards: 5
index.number_of_replicas: 0
#
# ##Path to Data files
path.data: /usr/share/elasticsearch/data
#
# #Network Binding <200b>
# (Local ElasticSearch Binding)
network.bind_host: 172.16.16.92
network.publish_host: 172.16.16.92
network.host: 172.16.16.92
#
#   # Set a custom port for the node to node communication (9300 by default):
transport.tcp.port: 9300
transport.tcp.compress: true
#
#    # Set a custom port to listen for HTTP traffic:
http.port: 9200

=======

mkdir /usr/share/elasticsearch/data

chown elasticsearch.elasticsearch /usr/share/elasticsearch/data/ -Rf
service elasticsearch start
service elasticsearch status

cd /usr/java/jdk1.8.0_131/bin/
cp java javaelastic
/usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
/usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
/usr/share/elasticsearch/bin/plugin install delete-by-query

================================================
http://172.16.16.92:9200/_plugin/kopf/#!/cluster
================================================

kibana
### curl -L -O https://download.elastic.co/kibana/kibana/kibana-4.3.1-linux-x64.tar.gz   ##4.3.1 kibana is not compatible with above elastic search, so i had to install 4.2.1 kibana

mkdir /mysystemcurl -L -O https://download.elastic.co/kibana/kibana/kibana-4.2.1-linux-x64.tar.gzmv kibana-4.2.1-linux-x64 kibana4.3.1 vim /mysystem/kibana4.3.1/config/kibana.yml
server.port: 5601
server.host: "172.16.16.92"   ##kibana ip
elasticsearch.url: "http://172.16.16.92:9200" ##elastic ip

chmod 775 /mysystem/kibana4.3.1/bin/ -Rf
start_kibana
#!/bin/bash
## Start Kibana
cd /mysystem/kibana4.3.1
/mysystem/kibana4.3.1/bin/kibana --config /mysystem/kibana4.3.1/config/kibana.yml --quiet > /dev/null &stop_kibana (can pkill -9 node )
#!/bin/bash
### Stop Kibana Script
echo 'Killing KibanaSearch ["/sbin/pidof node"]'
kill term '/sbin/pidof node'
sleep 1
echo 'Kibana Terminated ["/sbin/pidof node"]'
chmod 775 st*

./start_kibana

=====================================
http://172.16.16.92:5601
=====================================

###########################
LOGSTASH

yum localinstall jdk-8u131-linux-i586.rpm
vim /etc/bashrc
source /etc/bashrc
java -version
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.4.2.rpm
yum localinstall logstash-5.4.2.rpm

vim/etc/logstash/conf.d/ logstash.conf
input {
file {
    path => "/root/input.log"
}
}
output {
file {
    path => "/root/output.log"
}
}

touch both files.
/usr/share/logstash/bin/logstash -f logstash.conf (will take some time)
in another shell >>>>>>
echo "Hello world" >> input.log
tailf output.log (u will see the output )

ex:2 vim logstash conf

input {
    file {
        path => "/home/centos/logstash-tutorial.log"
        start_position => beginning
        sincedb_path => "/dev/null"
        ignore_older => 0
    }
}

filter {
    grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
    }
    date {
        match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
    }
    geoip {
        source => "clientip"
    }
}

output {
elasticsearch { hosts => ["172.16.16.92:9200"] }
stdout { codec => rubydebug }
}----------------------------------------------------------
cd /home/centos/
wget https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz

/usr/share/logstash/bin/logstash -f logstash.conf

now you can see, http://172.16.16.92:5601 --> go settings
create>> time_filed name @timestamp
.
discover--> see logstash-*> avail. fields
discover-->change last 5 mins to 5 years
(you can see the graph)

elasticsearch kibana logstash

1 comment: