Installation - ElasticSearch

install Elasticsearch #

  • 주의

service로 동작하므로 wsl에서 테스트 불가

$ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
$ sudo apt update
$ sudo apt install elasticsearch

$ sudo vi /etc/elasticsearch/elasticsearch.yml

/etc/elasticsearch/elasticsearch.yml

# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
$ sudo systemctl start elasticsearch
$ sudo systemctl enable elasticsearch
  • Request Test

    $ curl -X GET "localhost:9200"
    
     ![[Pasted image 20210527112333.png]]
    
    
  1. Install Kibana
$ sudo apt install nginx
$ sudo apt install kibana
$ sudo systemctl enable kibana
$ sudo systemctl start kibana

$ echo "kibanaadmin:`openssl passwd -apr1`" | sudo tee -a /etc/nginx/htpasswd.users
$ sudo vi /etc/nginx/sites-available/{SERVER_NAME}
  • localhost 이외에서 접근 허용

    /etc/kibana/kibana.yml

    server.host: "0.0.0.0"
    elasticsearch.hosts: \["http://localhost:9200"\]
    
    
    

/etc/nginx/sites-available/{SERVER_NAME}

server {
    listen 5601;

    server_name your_domain;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.users;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
$ sudo ln -s /etc/nginx/sites-available/{SERVER_NAME} /etc/nginx/sites-enabled/{SERVER_NAME}

$ sudo nginx -t
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ sudo systemctl reload nginx
  1. Install Logstash
$ sudo apt install logstash
$ sudo vi /etc/logstash/conf.d/logstash.conf

/etc/logstash/conf.d/logstash.conf

input {
  file { 
  	path => [
	  "/FADU-FTP/TESTLOGS/*.*"
	]
	start_position => "beginning" 
	sincedb_path => "/dev/null" 
  }
}

filter {
  grok {
    match => {"path" => "%{GREEDYDATA:lotid}_ST470_%{GREEDYDATA:tester}-%{GREEDYDATA:dut}_%{GREEDYDATA:testtime}.txt"}
  }
}

output { 
  elasticsearch {
    hosts => ["localhost:9200"]
  }
}
# configure test
$ sudo -u logstash /usr/share/logstash/bin/logstash --path.settings /etc/logstash -t