In this post ...
Retrieve and query the remote linux machine message logging by a visualization platform
GOTO
Previous post: Retrieve and query the remote linux machine message logging
Next step ... ;)
Github repository
Note:
$ --> execute the command as cloudera user
# --> execute the command as root user
Remote server = Big Data server = localhost . In this example the remote machine to monitoring is the Big Data server in order to simplified
the architecture.
Install elasticsearch
Download elasticsearch version 1.7.3. I choose this version in order to avoid library conflicts between Cloudera Virtual Machine and elasticsearch dependencies.
Extract elasticsearch software
$ unzip ~cloudera/Downloads/elasticsearch-1.7.3.zip -d ~cloudera/$ mv ~cloudera/elasticsearch-1.7.3 ~cloudera/elasticsearchStart elasticsearch
$ ~cloudera/elasticsearch/bin/elasticsearchRun a test with the following command
$ curl -X GET http://localhost:9200/
Install kibana
Extract kibana
$ cd ~cloudera$ tar -xvf ~cloudera/Downloads/kibana-4.1.1-linux-x64.tar.gz$ mv ~cloudera/kibana-4.1.1-linux-x64 ~cloudera/kibanaStart Kibana
$ ~cloudera/kibana/bin/kibanaOpen in the browser http://quickstart:5601
Set up Flume agent
Create a directory from a user directory and change the current directory
$ mkdir ~cloudera/monitoring-with-big-data-technologies-part-three$ cd ~cloudera/monitoring-with-big-data-technologies-part-threeCopy previous flume agent files
cp ../monitoring-with-big-data-technologies-part-two/step-3/* ./Replace in flume.properties and log4j.properties with the new flume agent
$ sed -i 's/syslogAgentStep3/syslogAgentPartThree/g' flume.properties$ sed -i 's/flume-step3.log/flume-part-three.log/g' log4j.properties$ sed -i 's/monitoring-with-big-data-technologies-part-two\/step-3/monitoring-with-big-data-technologies-part-three/g' *.*$ sed -i 's/monitoring-with-big-data-technologies-part-two/monitoring-with-big-data-technologies-part-three/g' log4j.propertiesAdd elasticsearch sink to flume agent by Replace line 74-76 with the following lines in flume.properties file:
# Define ElasticSearch (es) as a new flume sinksyslogAgentPartThree.sinks = essyslogAgentPartThree.sinks.es.type = elasticsearch# Comma separated list of hostname:portsyslogAgentPartThree.sinks.es.hostNames = localhost:9200,localhost:9300# The name of the index which the date will be appended tosyslogAgentPartThree.sinks.es.indexName = monitoring# The type to index the document tosyslogAgentPartThree.sinks.es.indexType = syslog# Default elastic search clustersyslogAgentPartThree.sinks.es.clusterName = elasticsearch# Number of events to be written per txnsyslogAgentPartThree.sinks.es.batchSize = 10# TTL in dayssyslogAgentPartThree.sinks.es.ttl = 10dsyslogAgentPartThree.sinks.es.serializer = org.apache.flume.sink.elasticsearch.ElasticSearchDynamicSerializer# Binding source/channel/sinksyslogAgentPartThree.sources.r1.channels = c1syslogAgentPartThree.sinks.s1.channel = c1syslogAgentPartThree.sinks.es.channel = c1Start elasticsearch
$ ~cloudera/elasticsearch/bin/elasticsearchAdd in flume-env.sh in order to include in flume classpath elastichsearch library
export FLUME_CLASSPATH=$FLUME_CLASSPATH:`find ~cloudera/elasticsearch/lib/ -type f -name *.jar | tr "\n" ":"`Start Flume agent with the following command
$ flume-ng agent --conf "./" --conf-file "./flume.properties" -n syslogAgentPartThree -Dlog4j.configuration=file:./log4j.propertiesMonitoring Flume agent log with the following command from another tab
$ tail -F ~cloudera/monitoring-with-big-data-technologies-part-three/log/flume-part-three.logSend from another tab a test message using the logger command to test it
$ logger -t test 'Testing Flume with rsyslog!'Retrieve via curl syslog message from elastichsearch
$ curl 'http://localhost:9200/_search?pretty=true'
Create a simple dashboard
I just prepared a video in oder to show how to create a dashboard.
Please visit elasticsearch for more informations.
GOTO
Previous post: Retrieve and query the remote linux machine message logging
Next step ... ;)
Github repository
Comments
No comments yet.Add Comment