wget https:\/\/artifacts.elastic.co\/downloads\/elasticsearch\/elasticsearch-6.4.2.tar.gz\ntar -xvzf elasticsearch-6.4.2.tar.gz -C \/app\/elasticsearch\nmv \/app\/elasticsearch\/elasticsearch-6.4.2 \/app\/elasticsearch\/6.4.2\nln -s \/app\/elasticsearch\/6.4.2\/* \/app\/elasticsearch\/.\n<\/code><\/pre>\n\ud658\uacbd \uc124\uc815<\/h4>\n\uc2dc\uc2a4\ud15c \ud504\ub85c\ud30c\uc77c \ubc0f \uc2e4\ud589 \uc2a4\ud06c\ub9bd\ud2b8<\/h5>\n
\uc2dc\uc2a4\ud15c \ud504\ub85c\ud30c\uc77c\uacfc \uc2e4\ud589 \uc2a4\ud06c\ub9bd\ud2b8\ub294 node1,2,3 \ubaa8\ub450 \uacf5\ud1b5<\/p>\n
vi ~\/elastic-cmd.sh<\/code><\/p>\n#!\/bin\/bash\n\nES_HOME=\/app\/elasticsearch\nES_PROC=$ES_HOME\/bin\/elasticsearch\nES_PID=$ES_HOME\/elasticsearch_pid\n\nif [ \"$1\" = \"start\" ];then\n if [ -e $ES_PID ];then\n echo \"Start up failed, please check if ElasticSearch (PID:cat $ES_PID<\/code>) is running.\"\n else\n echo \"$ES_PROC -p $ES_PID &\"\n $ES_PROC -p $ES_PID &\n fi\nelif [ \"$1\" = \"stop\" ];then\n if [ -e $ES_PID ];then\n PID=cat $ES_PID<\/code>\n kill $PID\n while ps -p $PID > \/dev\/null; do sleep 1;done\n echo \"ElasticSearch successfully stopped.\"\n else\n echo \"Stop Failed, please check if ElasticSearch was already stopped.\"\n fi\nelse\n echo \"Undefined cmd\"\nfi\n<\/code><\/pre>\nvi ~\/.bash_profile<\/code><\/p>\n# JDK ENV\nexport JAVA_HOME=\/app\/jdk\nexport PATH=$JAVA_HOME\/bin:$PATH\n\n# ELASTICSEARCH ENV\nexport PATH=\/app\/elasticsearch\/bin:$PATH\n\n# ELASTICSEARCH RUN SCRIPT\nexport PATH=\/home\/elastic:$PATH\n\n# ALIASES\nalias escfg='cd \/app\/elasticsearch\/config'\nalias escfgv='vi \/app\/elasticsearch\/config\/elasticsearch.yml'\nalias eslog='cd \/data\/elasticsearch\/logs'\nalias eslogt='tail -128f \/data\/elasticsearch\/logs\/elasticsearch-cluster.log'\n<\/code><\/pre>\nelasticsearch.yml<\/h5>\n
elasticsearch.yml \ud30c\uc77c\uc740 node1\uacfc node2,3 \ub294 \ub2e4\ub974\uac8c \uc124\uc815\ud55c\ub2e4.<\/p>\n
vi \/app\/elasticsearch\/config\/elasticsearch.yml<\/code><\/p>\nnode1<\/h6>\ncluster.name: elk-sysmon\nnode.name: ${HOSTNAME}\nnode.data: false\nnode.master: true\nnode.ingest: true\nhttp.enabled: true\nhttp.port: 9200\ntransport.tcp.port: 9300\npath.data: \/data\/elastic\/data\npath.logs: \/data\/elastic\/logs\nnetwork.host: _site_\ndiscovery.zen.ping.unicast.hosts: [\"node1.elk\",\"node2.elk\", \"node3.elk\"]\ndiscovery.zen.minimum_master_nodes: 2\n<\/code><\/pre>\nnode2,3<\/h6>\ncluster.name: elk-sysmon\nnode.name: ${HOSTNAME}\nnode.data: true\nnode.master: true\nnode.ingest: true\nhttp.enabled: true\nhttp.port: 9200\ntransport.tcp.port: 9300\npath.data: \/data\/elastic\/data\npath.logs: \/data\/elastic\/logs\nnetwork.host: _site_\ndiscovery.zen.ping.unicast.hosts: [\"node1.elk\",\"node2.elk\", \"node3.elk\"]\ndiscovery.zen.minimum_master_nodes: 2\n<\/code><\/pre>\nLogstash<\/h3>\nLogstash \ubc14\uc774\ub108\ub9ac \ub2e4\uc6b4\ub85c\ub4dc<\/h4>\nwget https:\/\/artifacts.elastic.co\/downloads\/logstash\/logstash-6.4.2.tar.gz\ntar -xvzf logstash-6.4.2.tar.gz -C \/app\/logstash\/.\n<\/code><\/pre>\n\ud658\uacbd \uc124\uc815<\/h4>\n
vi \/app\/logstash\/6.4.2\/config\/logstash-metricbeat.conf<\/code><\/p>\ninput {\n beats {\n port => 5044\n }\n}\n\noutput {\n elasticsearch {\n hosts => [\"http:\/\/node1.elk:9200\"]\n index => \"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}\"\n #user => \"elastic\"\n #password => \"changeme\"\n }\n}\n<\/code><\/pre>\nvi \/app\/logstash\/6.4.2\/config\/pipeline.yml<\/code><\/p>\n- pipeline.id: metricbeat\n path.config: \"\/app\/logstash\/6.4.2\/config\/logstash-metricbeat.conf\"\n pipeline.workers: 2\n<\/code><\/pre>\nKibana<\/h3>\nKibana \ubc14\uc774\ub108\ub9ac \ub2e4\uc6b4\ub85c\ub4dc<\/h4>\nwget https:\/\/artifacts.elastic.co\/downloads\/kibana\/kibana-6.4.2-linux-x86_64.tar.gz\ntar -xvzf kibana-6.4.2-linux-x86_64.tar.gz -C \/app\/kibana\/.\nmv \/app\/kibana\/kibana-6.4.2-linux-x86_64 \/app\/kibana\/6.4.2\nln -s \/app\/kibana\/6.4.2\/* \/app\/kibana\/.\n<\/code><\/pre>\n\ud658\uacbd \uc124\uc815<\/h4>\n
vi \/app\/kibana\/config\/kibana.yml<\/code><\/p>\nserver.port: 5601\nserver.host: \"node1.elk\"\nserver.name: \"node1.elk\"\nelasticsearch.url: \"http:\/\/node1.elk:9200\"\nkibana.index: \".kibana\"\nelasticsearch.requestTimeout: 60000\nlogging.dest: \/data\/elastic\/logs\/kibana.log\n<\/code><\/pre>\n\uc2e4\ud589<\/h2>\nElasticSearch<\/h3>\n
@node1.elk, node2.elk, node3.elk<\/p>\n
elastic-cmd.sh start<\/code><\/p>\nLogstash<\/h3>\n
@node1.elk<\/p>\n
\/app\/logstash\/6.4.2\/bin\/logstash &<\/code><\/p>\nKibana<\/h3>\n
@node1.elk<\/p>\n
\/app\/kibana\/bin\/kibana &<\/code><\/p>\nMetricBeat<\/h2>\nMetricBeat \ub2e4\uc6b4\ub85c\ub4dc \ubc0f \uc124\uce58<\/h3>\n
\ub9ac\uc18c\uc2a4 \uc815\ubcf4\ub97c \uc218\uc9d1\ud558\uace0\uc790 \ud558\ub294 \uc11c\ubc84\uc5d0 \uc124\uce58<\/p>\n
wget https:\/\/artifacts.elastic.co\/downloads\/beats\/metricbeat\/metricbeat-6.4.2-linux-x86_64.tar.gz\ntar -xvzf metricbeat-6.4.2-linux-x86_64.tar.gz\n<\/code><\/pre>\n\ud658\uacbd \uc124\uc815 \ubc0f dashboard \uc124\uce58<\/h3>\n
\uc544\ub798\uc640 \uac19\uc774 vi metricbeat-6.4.2-linux-x86_64\/metricbeat.yml<\/code> \ud30c\uc77c\uc744 \uc5f4\uc5b4 \uc544\ub798 \ubd80\ubd84\uc744 \ucc3e\uc544 elasticsearch \ud638\uc2a4\ud2b8\ub97c \ubcc0\uacbd\ud574\uc900\ub2e4.<\/p>\n#================================ Outputs =====================================\n\n# Configure what output to use when sending the data collected by the beat.\n\n#-------------------------- Elasticsearch output ------------------------------\noutput.elasticsearch:\n # Array of hosts to connect to.\n #hosts: [\"localhost:9200\"]\n hosts: [\"node1.elk:9200\"]\n\n # Optional protocol and basic auth credentials.\n #protocol: \"https\"\n #username: \"elastic\"\n #password: \"changeme\"\n\n<\/code><\/pre>\n\uc774\uc774\uc11c kibana\uc5d0\uc11c \ubcf4\uc5ec\uc9c8 dashboard template \uc744 \uc0dd\uc131\ud55c\ub2e4.<\/p>\n
.\/metricbeat setup --dashboards<\/code><\/p>\ndashboard \uc124\uce58\uac00 \uc644\ub8cc\ub418\uba74 vi metricbeat.yml<\/code> \ud30c\uc77c\uc744 \uc0dd\uc131\ud574 \ub2e4\uc74c\uacfc \uac19\uc774 \uc785\ub825\ud55c\ub2e4.<\/p>\n#========================== Modules configuration ============================\nmetricbeat.modules:\n\n#------------------------------- System Module -------------------------------\n- module: system\n metricsets:\n - cpu # CPU usage\n - load # CPU load averages\n - memory # Memory usage\n - network # Network IO\n - process # Per process metrics\n - process_summary # Process summary\n - uptime # System Uptime\n #- core # Per CPU core usage\n #- diskio # Disk IO\n #- filesystem # File system usage for each mountpoint\n #- fsstat # File system summary metrics\n #- raid # Raid\n #- socket # Sockets and connection info (linux only)\n enabled: true\n period: 10s\n processes: ['.*']\n\n # Configure the metric types that are included by these metricsets.\n cpu.metrics: [\"percentages\"] # The other available options are normalized_percentages and ticks.\n core.metrics: [\"percentages\"] # The other available option is ticks.\n\n#----------------------------- Logstash output ---------------------------------\noutput.logstash:\n # Boolean flag to enable or disable the output module.\n #enabled: true\n\n # The Logstash hosts\n hosts: [\"node1.elk:5044\"]\n\n # Number of workers per Logstash host.\n worker: 2\n\n<\/code><\/pre>\n.\/metricbeat -c metricbeat.yml<\/code> \uba85\ub839\uc73c\ub85c metricbeat \ub97c \uc2e4\ud589\ud558\uba74 \ub05d.<\/p>\n\uae30\ubcf8 \ud15c\ud50c\ub9bf \ub9cc\uc73c\ub85c \ub2e4\uc74c\uacfc \uac19\uc774 \ubcfc \uc218 \uc788\uace0 \ucd94\uac00 \uac1c\ubc1c\ud558\uac70\ub098 \ucee4\uc2a4\ud130\ub9c8\uc774\uc9d5 \ud574\uc11c \ubcf4\uace0\uc790 \ud558\ub294 \ub0b4\uc6a9\uc744 \ub354 \ucd94\uac00\ud558\uba74 \ub41c\ub2e4.<\/p>\n
![\"ELK](\"\/workspace\/wp-content\/uploads\/2018\/12\/ELK_metricbeat_dashboard.png\")
<\/p>\n","protected":false},"excerpt":{"rendered":"
ELK + MetricBeat System Monitoring Architecture \uc544\ub798\uc640 \uac19\uc740 \uad6c\uc131\ub3c4\ub85c Monitoring System\uc744 \uad6c\ucd95\ud55c\ub2e4. \ucd1d \uc138 \ub300\uc758 \uba38\uc2e0\uc73c\ub85c ELK \ud074\ub7ec\uc2a4\ud130\ub97c \uad6c\uc131\ud558\uba70 metricbeat\ub294 agent\ub85c\uc11c \uc11c\ubc84 \ud074\ub7ec\uc2a4\ud130\uc5d0\ub294 \uc124\uce58\ub420 \ud544\uc694\uac00 \uc5c6\ub2e4. hostname components node1.elk elasticsearch, logstash, kibana node2.elk elasticsearch node3.elk elasticsearch \uc124\uce58 \uc0ac\uc804 \uc900\ube44 JDK 1.8 \uc774\uc0c1 kernel vm.max_map_count = 262144 user limit elastic soft nofile 65536 elastic hard nofile […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[137,25,50],"class_list":["post-584","post","type-post","status-publish","format-standard","hentry","category-elasticsearch","tag-beat","tag-elasticsearch","tag-50"],"_links":{"self":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/comments?post=584"}],"version-history":[{"count":4,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/584\/revisions"}],"predecessor-version":[{"id":1207,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/584\/revisions\/1207"}],"wp:attachment":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/media?parent=584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/categories?post=584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/tags?post=584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"ELK](\"\/workspace\/wp-content\/uploads\/2018\/12\/ELK_metricbeat_architecture.png\")
<\/p>\n