1、安装配置java
[root@elk ~]# yum install java-1.8.0-openjdk.x86_64 -y
[root@elk ~]# java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)
2、更新时间
yum install ntpdate -y
ntpdate time1.aliyun.com
3、安装配置elasticsearch
[root@elk ~]# mkdir elk_package
[root@elk ~]# cd elk_package
[root@elk elk_package]# ll
-rw-r--r--. 1 root root 114059630 Dec 21 10:26 elasticsearch-6.6.0.rpm
-rw-r--r--. 1 root root 185123116 Dec 21 10:26 kibana-6.6.0-x86_64.rpm
[root@elk elk_package]# rpm -ivh elasticsearch-6.6.0.rpm
warning: elasticsearch-6.6.0.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing... ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Updating / installing...
1:elasticsearch-0:6.6.0-1 ################################# [100%]
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
Created elasticsearch keystore in /etc/elasticsearch
4、相关配置目录及配置文件
[root@elk elk_package]# rpm -qc elasticsearch
/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/jvm.options
/etc/elasticsearch/log4j2.properties
/etc/elasticsearch/role_mapping.yml
/etc/elasticsearch/roles.yml
/etc/elasticsearch/users
/etc/elasticsearch/users_roles
/etc/init.d/elasticsearch
/etc/sysconfig/elasticsearch
/usr/lib/sysctl.d/elasticsearch.conf
/usr/lib/systemd/system/elasticsearch.service
5、ES配置文件(home目录下空间较大,把data和log文件配置在home目录下)
mkdir -p /home/elasticsearch/{data,log}
chown -R elasticsearch.elasticsearch elasticsearch
root@elk elk_package]# vim /etc/elasticsearch/elasticsearch.yml
root@elk elk_package]# grep ^[a-z] /etc/elasticsearch/elasticsearch.yml
node.name: node-1
path.data: /home/elasticsearch/data/elasticsearch
path.logs: /home/elasticsearch/log/elasticsearch
bootstrap.memory_lock: true
network.host: 192.168.67.8,127.0.0.1
http.port: 9200
[root@elk-175 soft]# systemctl daemon-reload
[root@elk-175 soft]# systemctl enable elasticsearch.service
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
6、修改启动配置文件(注意解决锁定内存失败)
vim /usr/lib/systemd/system/elasticsearch.service
#增加如下参数
[Service]
LimitMEMLOCK=infinity
#重新启动
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl start elasticsearch
systemctl status elasticsearch
7、检查启动是否成功
9200作为Http协议,主要用于外部通讯
9300作为Tcp协议,jar之间就是通过tcp协议通讯
ES集群之间是通过9300进行通讯
[root@elk-175 ~]# netstat -lntup|grep 9200
tcp6 0 0 192.168.67.8:9200 :::* LISTEN 15824/java
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 15824/java
[root@elk-175 ~]# curl localhost:9200
{
"name" : "node-1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "As5ZlEQ2Syq0ktLL0hg5XA",
"version" : {
"number" : "6.6.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "a9861f4",
"build_date" : "2019-01-24T11:27:09.439740Z",
"build_snapshot" : false,
"lucene_version" : "7.6.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
8、安装配置es-head插件
官方下载地址https://github.com/mobz/elasticsearch-head
9、安装配置kibana
[root@elk elk_package]# rpm -ivh kibana-6.6.0-x86_64.rpm
[root@elk elk_package]# grep "^[a-z]" /etc/kibana/kibana.yml
server.port: 5601
server.host: "192.168.67.8"
elasticsearch.hosts: ["http://192.168.67.8:9200"]
kibana.index: ".kibana"
[root@elk elk_package]# systemctl daemon-reload
[root@elk elk_package]# systemctl enable kibana.service
[root@elk elk_package]# systemctl start kibana
[root@elk elk_package]# systemctl status kibana
[root@elk elk_package] netstat -lntup|grep 5601
tcp 0 0 192.168.67.8:5601 0.0.0.0:* LISTEN 16442/node
10、客户机安装filebeat
rpm -ivh filebeat-6.6.0-x86_64.rpm
11、配置filebeat
cp /etc/filebeat/filebeat.yml /etc/filebeat/filebeat.yml.ori
> /etc/filebeat/filebeat.yml
vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /home/qiutanlogs/apiinfo/apiinfo.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["access"]
- type: log
enabled: true
paths:
- /home/qiutanlogs/apierror/apierror.log
tags: ["error"]
setup.kibana:
host: "192.168.67.8:5601"
output.elasticsearch:
hosts: ["192.168.67.8:9200"]
indices:
- index: "apiinfo-access-%{[beat.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "access"
- index: "apierror-error-%{[beat.version]}-%{+yyyy.MM.dd}"
when.contains:
tags: "error"
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
11 启动
systemctl daemon-reload
systemctl enable filebeat.service
systemctl start filebeat
12 故障
Kibana did not load properly. Check the server output for more information.
Kibana server is not ready yet
来源:CSDN
作者:tangbin0505
链接:https://blog.csdn.net/tangbin0505/article/details/103646176