ELK学习实验020:ELK使用kafka缓存

时间:2023-03-09 17:33:31
ELK学习实验020:ELK使用kafka缓存

首先安装一个kafka集群,但是zookeeper使用单节点,可以让kafka快速跑起来,后续再研究kafka和zokkeeper的集群

1 安装Kafka集群

下面是三个节点都要做

[root@node1 src]# wget http://mirror.rise.ph/apache/kafka/2.4.0/kafka_2.11-2.4.0.tgz

[root@node1 src]# tar -xf kafka_2.11-2.4.0.tgz

[root@node1 src]# mv kafka_2.11-2.4.0 /usr/local/kafka

[root@node1 src]# cd /usr/local/kafka

就使用node1作为zooker节点

[root@node1 kafka]# nohup ./bin/zookeeper-server-start.sh  ./config/zookeeper.properties &

三个节点的kafka配置文件

[root@node1 kafka]# grep -Ev "^$|[;#]"  config/server.properties

broker.id=0

listeners=PLAINTEXT://:9092

advertised.listeners=PLAINTEXT://192.168.132.131:9092

num.network.threads=3

num.io.threads=8

socket.send.buffer.bytes=102400

socket.receive.buffer.bytes=102400

socket.request.max.bytes=104857600

log.dirs=/tmp/kafka-logs

num.partitions=1

num.recovery.threads.per.data.dir=1

offsets.topic.replication.factor=1

transaction.state.log.replication.factor=1

transaction.state.log.min.isr=1

log.retention.hours=168

log.segment.bytes=1073741824

log.retention.check.interval.ms=300000

zookeeper.connect=192.168.132.131:2181

zookeeper.connection.timeout.ms=6000

group.initial.rebalance.delay.ms=0

[root@node2 kafka]# grep -Ev "^$|[;#]"  config/server.properties

broker.id=1

listeners=PLAINTEXT://:9092

advertised.listeners=PLAINTEXT://192.168.132.132:9092

num.network.threads=3

num.io.threads=8

socket.send.buffer.bytes=102400

socket.receive.buffer.bytes=102400

socket.request.max.bytes=104857600

log.dirs=/tmp/kafka-logs

num.partitions=1

num.recovery.threads.per.data.dir=1

offsets.topic.replication.factor=1

transaction.state.log.replication.factor=1

transaction.state.log.min.isr=1

log.retention.hours=168

log.segment.bytes=1073741824

log.retention.check.interval.ms=300000

zookeeper.connect=192.168.132.131:2181

zookeeper.connection.timeout.ms=6000

group.initial.rebalance.delay.ms=0

[root@node3 kafka]# grep -Ev "^$|[;#]"  config/server.properties

broker.id=2

listeners=PLAINTEXT://:9092

advertised.listeners=PLAINTEXT://192.168.132.133:9092

num.network.threads=3

num.io.threads=8

socket.send.buffer.bytes=102400

socket.receive.buffer.bytes=102400

socket.request.max.bytes=104857600

log.dirs=/tmp/kafka-logs

num.partitions=1

num.recovery.threads.per.data.dir=1

offsets.topic.replication.factor=1

transaction.state.log.replication.factor=1

transaction.state.log.min.isr=1

log.retention.hours=168

log.segment.bytes=1073741824

log.retention.check.interval.ms=300000

zookeeper.connect=192.168.132.131:2181

zookeeper.connection.timeout.ms=6000

group.initial.rebalance.delay.ms=0

都启动kafka

[root@node1 kafka]# nohup ./bin/kafka-server-start.sh  ./config/server.properties &

[root@node2 kafka]# nohup ./bin/kafka-server-start.sh  ./config/server.properties &

[root@node3 kafka]# nohup ./bin/kafka-server-start.sh  ./config/server.properties &

2 检查kafka状态

查看端口

ELK学习实验020:ELK使用kafka缓存

查看其他端口

ELK学习实验020:ELK使用kafka缓存

使用一下

[root@node1 kafka]# ./bin/zookeeper-shell.sh  192.168.132.131:2181

3 测试zookeeper

连接到zookeeper

ls /brokers

[ids, seqid, topics]

ls /brokers/ids

[0, 1, 2]

create /test "hello"

Created /test

get /test

hello

4 测试kafka使用

创建一个topic

[root@node1 kafka]# ./bin/kafka-topics.sh --create --zookeeper 192.168.132.131:2181 --replication factor 3 --partitions 3 --topic kafkatest

Created topic kafkatest.

[root@node1 kafka]# ./bin/kafka-topics.sh --list --zookeeper 192.168.132.131:2181

kafkatest

[root@node1 kafka]# ./bin/kafka-topics.sh --describe  --zookeeper 192.168.132.131:2181 --topic kafkatest

Topic: kafkatest    PartitionCount: 3    ReplicationFactor: 3    Configs:

    Topic: kafkatest    Partition: 0    Leader: 0    Replicas: 0,1,2    Isr: 0,1,2

    Topic: kafkatest    Partition: 1    Leader: 1    Replicas: 1,2,0    Isr: 1,2,0

    Topic: kafkatest    Partition: 2    Leader: 2    Replicas: 2,0,1    Isr: 2,0,1

测试发送消息

[root@node1 kafka]# ./bin/kafka-topics.sh --create --zookeeper 192.168.132.131:2181 --replication-factor 3 --partitions 3 --topic messagetest

Created topic messagetest.

[root@node1 kafka]# ./bin/kafka-console-producer.sh --broker-list 192.168.132.131:9092,192.168.132.132:9092,192.168.132.133:9092 --topic messagetest

这里可以输入消息

>helloworld

>hello

node2和node3查看

[root@node2 kafka]# ./bin/kafka-console-consumer.sh  --bootstrap-server 192.168.132.131:9092  --topic messagetest --from-beginning

helloworld

hello

[root@node3 kafka]# ./bin/kafka-console-consumer.sh  --bootstrap-server 192.168.132.131:9092  --topic messagetest --from-beginning

helloworld

hello

5 配置filebeat

配置filebeat文件

filebeat.inputs:

#####################################################

## Nginx log

#####################################################

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/access.log

  json.key_under_root: true

  json.overwrite_keys: true

  tags: ["access"]

- type: log

  enabled: true

  paths:

    - /usr/local/nginx/logs/error.log

  tags: ["error"]

output.kafka:

    hosts: ["192.168.132.131:9092","192.168.132.132:9092","192.168.132.133:9092"]

    topic: "elklog"

[root@node4 ~]# systemctl restart filebeat

6 配置logstash

修改logstah

input {

  kafka {

    bootstrap_server => "192.168.132.131:9092"

    topics=>["elklog"]

    group_id=>"logstash"

    codec => "json"

  }

}

filter{

  mutate {

    convert => ["upstream_time","float"]

    convert => ["request_time","float"]

  }

}

output{

  stdout {}

  if "access" in [tags]{

    elasticsearch {

      hosts => "192.168.132.131:9200"

      manage_template => false

      index => "nginx_access-%{+yyyy.MM.dd}"

    }

  }

  if "error" in [tags]{

    elasticsearch {

      hosts => "192.168.132.131:9200"

      manage_template => false

      index => "nginx_error-%{+yyyy.MM.dd}"

    }

  }

}

~

启动logstah

[root@node4 ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logsatsh.conf

[INFO ] 2020-01-21 10:15:57.734 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}

[INFO ] 2020-01-21 10:15:57.931 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

[INFO ] 2020-01-21 10:15:58.630 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

7 测试整个环境

访问生成数据

查看topic

[root@node1 kafka]# ./bin/kafka-topics.sh --list --zookeeper 192.168.132.131:2181

__consumer_offsets

elklog        #已经有定义好的topic

kafkatest

messagetest

查看索引

ELK学习实验020:ELK使用kafka缓存

查看kinban

{

  "_index": "nginx_access-2020.01.21",

  "_type": "_doc",

  "_id": "F1O0yG8BOF7DoSFd9EoQ",

  "_version": 1,

  "_score": null,

  "_source": {

    "ecs": {

      "version": "1.1.0"

    },

    "@timestamp": "2020-01-21T15:24:58.441Z",

    "agent": {

      "type": "filebeat",

      "version": "7.4.2",

      "hostname": "node4",

      "id": "bb3818f9-66e2-4eb2-8f0c-3f35b543e025",

      "ephemeral_id": "af9e9e07-03a6-4869-a5ff-9476ccf00dae"

    },

    "json": {

      "Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36",

      "upstreamtime": "-",

      "upstreamhost": "-",

      "responsetime": 0,

      "xff": "-",

      "domain": "192.168.132.134",

      "@timestamp": "2020-01-21T10:24:57-05:00",

      "http_host": "192.168.132.134",

      "size": 555,

      "status": "404",

      "referer": "-",

      "url": "/tcp",

      "host": "192.168.132.134",

      "clientip": "192.168.132.1"

    },

    "tags": [

      "access"

    ],

    "input": {

      "type": "log"

    },

    "@version": "1",

    "log": {

      "offset": 24522559,

      "file": {

        "path": "/usr/local/nginx/logs/access.log"

      }

    },

    "host": {

      "name": "node4"

    }

  },

  "fields": {

    "json.@timestamp": [

      "2020-01-21T15:24:57.000Z"

    ],

    "@timestamp": [

      "2020-01-21T15:24:58.441Z"

    ]

  },

  "sort": [

    1579620298441

  ]

}

实验完成