Shulou(Shulou.com)06/01 Report--

What this article shares to you is the example analysis of one-click deployment of EFK services based on the Centos7 system. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Recently, the EFK version of the platform has been upgraded, and the platform adopts EFK (ElasticSearch-7.6.2 + FileBeat-7.6.2 + Kibana-7.6.2) architecture. It is recommended that the major and minor versions of the three components be consistent. Considering that there are many servers, it is written as a script for batch deployment.

Just take a look at function in the script..

Architecture

EFK adopts a centralized log management architecture

Elasticsearch: an open source distributed search engine that provides three functions of collecting, analyzing and storing data. Its features are: distributed, zero configuration, automatic discovery, automatic index slicing, index copy mechanism, restful style interface, multiple data sources, automatic search load and so on.

Kibana: provides a friendly log analysis Web interface for Logstash, Beats, and ElasticSearch to help summarize, analyze, and search important data logs.

Filebeat: lightweight log collector. Filebeat needs to be configured on each application server to collect logs and output them to elasticsearch.

Deploy the KIBANA script with one click

Function install_es7_el7 () {echo "" echo-e "\ 033 [33m installation * install ElasticSearch 7.6.2 installation * * 033 [0m "# action" * initialize JAVA environment * "/ bin/true # install_jdk # download package if [- f / opt/elasticsearch-7.6.2-x86_64.rpm] & & [- f / opt/elasticsearch-analysis-ik-7.6.2.zip] Then echo "* there is an ElasticSearch 7.6.2 installation package, no need to download *" else ping-c 4 artifacts.elastic.co > / dev/null 2 > & 1 if [$?-eq 0] Then wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-x86_64.rpm-O / opt/elasticsearch-7.6.2-x86_64.rpm wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip-O / opt/elasticsearch-analysis-ik-7.6.2.zip else echo "please download ES7 package manual!" Exit $? Fi fi # install es7.6 action "* install ElasticSearch 7.6.2 Service *" / bin/true chmod uplix / opt/elasticsearch-7.6.2-x86_64.rpm & & rpm-ivh / opt/elasticsearch-7.6.2-x86_64.rpm # create a directory and authorize mkdir-p $ES_HOME/data & & mkdir-p $ES_HOME/log chown-R Elasticsearch:elasticsearch $ES_HOME & & chmod-R 755 $ES_HOME # modify the ES configuration file cp / etc/elasticsearch/elasticsearch.yml / etc/elasticsearch/elasticsearch.yml_bak & > / dev/null cat > / etc/elasticsearch/elasticsearch.yml / dev/null chown-R elasticsearch:elasticsearch / usr/share/elasticsearch/plugins/ & & chmod-R 755 / usr/share/elasticsearch/plugins/ sleep 2 # to add default word splitter attributes to the index template in the filebeat configuration file. New indexes to be created in the future will refer to this attribute: # setup.template.settings: # index.analysis.analyzer.default.type: "ik_max_word" # index.analysis.analyzer.default_search.type: "ik_max_word" # setup.template.overwrite: true # execute the following command in the Linux terminal for all existing indexes Set the default word splitter property: # curl-X POST "172.16.20.143:9200/_all/_close" # curl-X PUT-H'Content-Type: application/json' 'http://172.16.20.143:9200/_all/_settings?preserve_existing=true'-d' {# "index.analysis.analyzer.default.type": "ik_max_word" # "index.analysis.analyzer.default_search.type": "ik_max_word" #}'# curl-X POST "172.16.20.143:9200/_all/_open" # launch ES and initialize data action "* start es and initialize data *" / bin/true systemctl daemon-reload & & systemctl enable elasticsearch.service systemctl restart elasticsearch.service es _ version= `curl-XGET ${ES_IP}: ${ES_PORT} `curl-e "\ 033 [33m installation * complete ElasticSearch 7.6.2 installation * * *\ 033 [0m "cat > / tmp/es7.log / dev/null 2 > & 1 if [$?-eq 0] Then wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-x86_64.rpm-O / opt/elasticsearch-7.6.2-x86_64.rpm wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip-O / opt/elasticsearch-analysis-ik-7.6.2.zip else echo "please download ES7 package manual!" Exit $? Fi fi # install es7.6 action "* install ElasticSearch 7.6.2 Service *" / bin/true chmod uplix / opt/elasticsearch-7.6.2-x86_64.rpm & & rpm-ivh / opt/elasticsearch-7.6.2-x86_64.rpm # create a directory and authorize mkdir-p $ES_HOME/data & & mkdir-p $ES_HOME/log chown-R Elasticsearch:elasticsearch $ES_HOME & & chmod-R 755 $ES_HOME # modify the ES configuration file cp / etc/elasticsearch/elasticsearch.yml / etc/elasticsearch/elasticsearch.yml_bak & > / dev/null cat > / etc/elasticsearch/elasticsearch.yml / dev/null chown-R elasticsearch:elasticsearch / usr/share/elasticsearch/plugins/ & & chmod-R 755 / usr/share/elasticsearch/plugins/ sleep 2 # to add default word splitter attributes to the index template in the filebeat configuration file. New indexes to be created in the future will refer to this attribute: # setup.template.settings: # index.analysis.analyzer.default.type: "ik_max_word" # index.analysis.analyzer.default_search.type: "ik_max_word" # setup.template.overwrite: true # execute the following command in the Linux terminal for all existing indexes Set the default word splitter property: # curl-X POST "172.16.20.143:9200/_all/_close" # curl-X PUT-H'Content-Type: application/json' 'http://172.16.20.143:9200/_all/_settings?preserve_existing=true'-d' {# "index.analysis.analyzer.default.type": "ik_max_word" # "index.analysis.analyzer.default_search.type": "ik_max_word" #}'# curl-X POST "172.16.20.143:9200/_all/_open" # launch ES and initialize data action "* start es and initialize data *" / bin/true systemctl daemon-reload & & systemctl enable elasticsearch.service systemctl restart elasticsearch.service es _ version= `curl-XGET ${ES_IP}: ${ES_PORT} `curl-e "\ 033 [33m installation * complete ElasticSearch 7.6.2 installation * * *\ 033 [0m "cat > / tmp/es7.log / dev/null 2 > & 1 if [$?-eq 0] Then wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.2-x86_64.rpm-O / opt/filebeat-7.6.2-x86_64.rpm else echo "please download Filebeat7.6 package manual!" Exit $? Fi fi # install filebeat7.6 action "* install filebeat 7.6.2 Service *" / bin/true chmod uplix / opt/filebeat-7.6.2-x86_64.rpm & & rpm-ivh / opt/filebeat-7.6.2-x86_64.rpm # modify the kibana configuration file cp / etc/filebeat/filebeat.yml / etc/filebeat/filebeat.yml_bak cat > / Etc/filebeat/filebeat.yml / dev/null 2 > & 1 & echo-e "\ 033 [33m installation * complete Filebeat 7.6.2 installation * * *\ 033 [0m "cat > / tmp/filebeat7.log

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.