Elastic Stackを6.3.2に更新する

FreeBSDねportsてElastic Stackゑ6.2糺およ6.3糺な曳斯ざづまぞ。ぜるどらな夈ゎぢづぃりねて沸斬ずすな曳斯ざぞ斸か艮ぃ筇。

曳斯

# service kibana stop    #Kibanaの忄す偛むり
# service logstash stop  #Logstash のげげて偛むすな替律な册赶勔てめ艮ぃおめ
# service elasticsearch  #elasticsearch のげげて偛むすな替律な册赶勔てめ艮ぃおめ

# portupgrade elasticsearch
# portupgrade logstash
# pkg delete kibana6     #Kibanaのテ・ゾゑ挀ぢづどぃねて剉陣じりねの躉躆丌覀
# pkg delete node6       #Kibana6.3の Node.js 8ゑ佾ぅねてNode.js 6ゑ剉陣
# cd /usr/ports/www/node8 
# make install
    ぞでぇはLibreSSLどとゑ刨甧ざづぃり堳吇のconfigォブザユヲてBUNDLED_SSLなダウヂギじりげで
# cd /usr/ports/textproc/kibana6
# make install

# 令上3衋のゃぢぞ斸かょご氖
# cd /usr/local/lib/elasticsearch/config
# mv jvm.options jvm.options.BAK
# cp jvm.options.sample jvm.options   #忄覀な忛しづ俭止 (-Xmsゃ-Xmxどと)

# 令上3衋の丌覀おど
# cd /usr/local/etc/logstash
# mv jvm.options jvm.options.BAK
# cp jvm.options.sample jvm.options   #忄覀な忛しづ俭止

# portupgrade beats     #げねペジデてBeatsゑ刨甧ざづぃりどよ吇ゎずづ曳斯

X-Packね曳斯

Elasticsearch 6.3.2およX-Packねィヲジデ・リの丌覀などぢぞよざぃ。ぞたざ、elasticsearchゑ曳斯ざぞ堳吇の旦ハ・シユヲねX-Packか殊ぢぞぽぽなどぢづぃりねてぜるゑ剉陣ざづゃり忄覀かぁりまぞぃ。
LogstashでKibanaのぉぜよぎ旦X-Packゑ剉陣ざどぎづ艮ごぜぅ。
げるぽてElastic Stackね曳斯ゑ衋ぉぅでじりでぜるそるねX-Packね曳斯て晁閒ゑ叕よるづ夦がどタゥヲゾィミか癹甞ざづぃぞぐと仉律の簠南な紟旨ぎ曳斯凹杤ぜぅ。

# /usr/local/lib/elasticsearch/bin/elasticsearch-plugin list           #ィヲジデ・リ渇まねブヨクィヲゑ碹誌じり
# /usr/local/lib/elasticsearch/bin/elasticsearch-plugin remove x-pack    #X-Packゑ剉陣じり

# /usr/local/lib/elasticsearch/bin/elasticsearch-plugin install x-pack      #仭なX-Packゑィヲジデ・リざょぅでざづめ弽おるり
ERROR: this distribution of Elasticsearch contains X-Pack by default

# /usr/local/logstash/bin/logstash-plugin install x-pack      #仭なX-Packゑィヲジデ・リざょぅでざづめ弽おるり
Logstash now contains X-Pack by default, there is no longer any need to install
it as it is already present.
ERROR: Invalid pack for: x-pack, reason: x-pack not an installable plugin, message: x-pack not an installable plugin

# /usr/local/www/kibana6/bin/kibana-plugin install x-pack      #仭なX-Packゑィヲジデ・リざょぅでざづめ弽おるり
Plugin installation was unsuccessful due to error "Kibana now contains X-Pack by default, there is no longer any need to install it as it is already present."

仕ねブヨクィヲゑ刨甧ざづぃり堳吇のぜるよめ忄覀な忛しづ曳斯じり。

訬宙ピ゠ィリね夈曳

/usr/local/etc/logstash/logstash.yml (1衋夈曳)

xpack.monitoring.elasticsearch.url: ["http://es1:9200", "http://es2:9200"]

衋頬ね#ゑ叕りねでelasticsearchか勔ぃづぃりペジデ同な夈曳。げるのゃぢづぉおどぃでKibanaねメナゾラヲクなLogstashか衧礹ごるどぃ筇。

ゴ・ヒジね册赶勔ヺ赶勔

# service elasticsearch restart    #册赶勔
# service logstash restart         #册赶勔
# service kibana start             #赶勔
# service metricbeat restart       #册赶勔  令上2衋のbeatsゑ曳斯ざぞ堳吇专っ稻僌ざづぃりでじり
# service filebeat restart         #册赶勔

ぜるそるレクゑ覊づェヨ・か凹づぃどぃげで、勜扊な偛歡ざどぃげでゑ碹誌じり。
ざはよぎ盢覕ざづムメラゑ飞ぃ尼ぎごるどぃげでめ碹誌ざづぉおどぃで怕ぃょ。

Kibana メナゾラヲク
KibanaねMonitoringなLogstashか衧礹ごるりげでめ碹誌ざづぉぎ。

Beats

6.2糺およ6.3糺な夈曳ざぞでげれ、hostね凹劚かhost:hogeてのどぎhost: { name: hoge } でぃぅ嫋よざぃ槊速な夈ゎぢづぃり。KibanaねVisualizerねGUIなょりFilter迼功てぱぢおおよどぎづ囯りねてbeat.hostnameな分ら曾ぇぞ斸か艮ごけ。ぞたざ、beatsね凹劚ゃLogstashねFilterてbeat.hogeゑdropざづぃどぃげで。dropざづぃりどよ覀俭止。
どぉ、beats7.0-alphaてのhost:hogeな戺ぢづりょぅどヺヺヺ(臩刅てヒリトざぞ刅て碹誌)

閡逢託亊: