Tuesday, August 25, 2020

ELK enterprise application - elk quick build - logstash

 

ELK enterprise application - elk quick build - logstash

 

1, install JDK
elasticsearch, the operation of logstash depends on the java environment.
Download and unzip the jdk binary package.

  1. tar xf jdk-8u144-linux-x64.tar.gz -C /usr/local
  2. mv /usr/local/jdk1.8.0_144 /usr/local/java
  3. cd ~

Configure the java environment variable.
Add the following at the end of the ~/.bashrc file:

  1. export JAVA_HOME=/usr/local/java
  2. export JRE_HOME=$JAVA_HOME/jre
  3. export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/bin/tools.jar:$JRE_HOME/lib
  4. export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

Make the configuration take effect.

source ~/.bashrc

2, install Logstash

It is recommended that the Linux class server download the rmp package installation.
2.1. Download the logstash installation package

  1. touch /etc/default/logstash
  2. ln -s /usr/local/java/bin/java /usr/bin/java
  3. rpm -ivh logstash-6.2.4.rpm
  4. cd ~

2.2. Configure systemd to start

When installing rpm, the configuration file for creating the startup script is /etc/logstash/startup.options

/usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd

Note: When the script fails to start, you can create your own startup script.

  1. [root@l ~]# cat /etc/systemd/system/logstash.service
  2. [Unit]
  3. Description=logstash
  4. [Service]
  5. Type=simple
  6. ExecStart=/usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash"
  7. ExecStop=/bin/kill -s QUIT $MAINPID
  8. ExecReload=/bin/kill -s HUP $MAINPID
  9. WorkingDirectory=/usr/share/logstash/bin
  10. [Install]
  11. WantedBy=multi-user.target
  12. [root@l ~]# systemctl daemon-reload #####Update
  13. [root@l ~]#
  14. [root@l ~]# systemctl list-unit-files |grep logstash
  15. logstash.service                              disabled
  16. [root@l ~]#
  17. [root@l ~]# systemctl restart logstash.service #### Restart

 

2.3. Errors encountered

[root@l opt]# /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd
Using provided startup.options file: /etc/logstash/startup.options
Manually creating startup for specified platform: systemd
/usr/share/logstash/vendor/jruby/bin/jruby: Line 401: /usr/bin/java: No such file or directory
Unable to install system startup script for Logstash.

Solution

  1. ln -s /usr/local/java/bin/java /usr/bin/java
  2. /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd

3, configuration

  1. cd /etc/logstash/conf.d/
  2. chown -R logstash /etc/logstash/conf.d
  3. mkdir /opt/logstash
  4. touch /opt/logstash/messages
  5. chown -R logstash /opt/logstash
  6. chown -R logstash /opt/logstash/messages
  7. chown -R logstash /var/log/messages

Shipper configuration file (logstash_shipper.conf)

 
  1. vim logstash_shipper.conf
  2. ###########################################3
  3. input{
  4.   file{
  5.       type => "messages"
  6.       path => "/var/log/messages"
  7.       start_position => "beginning"
  8.       sincedb_path => "/dev/null"
  9.   }
  10. }
  11. output{
  12.    if [type] == "messages"{
  13.       redis{
  14.           host => "10.0.0.132"
  15.           data_type => "list"
  16.           key => "messages"
  17.           port => 6379
  18.           db => 2
  19.           password => "123456"
  20.       }
  21.   }
  22. }

Indexer configuration file (logstash_indexer.conf) Note: This configuration file must be re-node node, otherwise the two output will repeat the output log, plus the redis cache will be infinite output.

 
  1. vim logstash_indexer.conf
  2. ######################################
  3. input{
  4.   redis{
  5.       host => "10.0.0.132"
  6.       data_type => "list"
  7.       key => "messages"
  8.       password => "123456"
  9.       db => 2
  10.   }
  11. }
  12. output{
  13.    if [type] == "messages" {
  14.       elasticsearch{
  15.           hosts => ["10.0.0.130"]
  16.           index => "messages-%{+YYYY-MM-dd}"
  17.       }
  18.   }
  19. }

4, test

 
  1. cd /usr/share/logstash/bin/
  2. ./logstash --path.settings /etc/logstash/ -r /etc/logstash/conf.d/ --config.test_and_exit
  3. [root@l bin]# ./logstash --path.settings /etc/logstash/ -r /etc/logstash/conf.d/ --config.test_and_exit
  4. Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
  5. Configuration OK

5, start

 
  1. systemctl start logstash.service
  2. systemctl enable logstash.service

 

How to solve mysql ERROR 1118 (42000) Row size too large

  I had this issue with MYSQL 5.7 . The following worked althoug...