JavaEE：CentOS7安装Elasticsearch+Kibana+Logstash

1.CentOS 7安装elasticsearch：

(1)下载elasticsearch-8.3.2-x86_64.rpm：

https://www.elastic.co/cn/downloads/past-releases/elasticsearch-8-3-2

(2)用XFtp将安装包上传到/root目录，使用rpm命令安装(安装目录为/usr/share/elasticsearch)：

[root@localhost ~]# rpm -ivh elasticsearch-8.3.2-x86_64.rpm

(3)(可选步骤)创建ca证书+p12秘钥(生成后见/etc/elasticsearch/certs目录)：

<1>生成ca证书(cd /usr/share/elasticsearch/bin)：

[root@localhost bin]# ./elasticsearch-certutil ca -out /etc/elasticsearch/certs/my-ca.p12
Enter password for my-ca.p12 :    #创建ca证书的密码，此处输入123456

<2>根据ca证书生成p12秘钥(cd /usr/share/elasticsearch/bin)：

[root@localhost bin]# ./elasticsearch-certutil cert --ca /etc/elasticsearch/certs/my-ca.p12 -out /etc/elasticsearch/certs/my-certificates.p12
Enter password for CA (/etc/elasticsearch/certs/my-ca.p12) :    #验证ca证书的密码，此处输入123456
Enter password for my-certificates.p12 :     #创建p12秘钥的密码，此处输入123456

<3>将ca证书密码加入ES密码库：

[root@localhost bin]# ./elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
Setting xpack.security.transport.ssl.keystore.secure_password already exists. Overwrite? [y/N]y
Enter value for xpack.security.transport.ssl.keystore.secure_password:      #此处输入ca证书密码

<4>将p12秘钥密码加入ES密码库：

[root@localhost bin]# ./elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
Setting xpack.security.transport.ssl.truststore.secure_password already exists. Overwrite? [y/N]y
Enter value for xpack.security.transport.ssl.truststore.secure_password:   #此处输入p12秘钥密码

(4)修改配置：

[root@localhost ~]# vi /etc/elasticsearch/elasticsearch.yml

内容如下：

path.data: /var/lib/elasticsearch   #数据路径
path.logs: /var/log/elasticsearch   #日志路径
network.host: 0.0.0.0               #绑定的IP,0.0.0.0支持外网所有主机访问
http.port: 9200                     #外的http端口，默认为9200
bootstrap.memory_lock: true         #锁定物理内存地址，避免es频繁swap交换分区(导致IOPS变高)
#新增允许跨域访问
http.cors.enabled: true
http.cors.allow-origin: "*"
#以下为集群相关配置
#cluster.name: es-cluster            #集群名称
#node.name: node-1                   #当前es节点名称
#discovery.seed_hosts: ["192.168.83.128", "192.168.83.129"]
 #集群发现主机IP列表
#cluster.initial_master_nodes: ["node-1", "node-2"]         #参加master选举的节点列表

#开启elastic https传输，启用后访问路径为https://ip:port，未启用访问路径为http://ip:port
xpack.security.enabled: false                 #true启用安全特性,false不启用
xpack.security.enrollment.enabled: false      #true为启用
#对HTTP API客户端连接(如Kibana、Logstash、Agents)启用加密
xpack.security.http.ssl:
  enabled: false                              #true为启用
  keystore.path: certs/my-ca.p12   #配置为自已的证书文件名
#启用集群节点之间的加密和相互认证
xpack.security.transport.ssl:
  enabled: false                              #true为启用
  verification_mode: certificate
  keystore.path: certs/my-certificates.p12    #配置为自已的p12秘钥文件名
  truststore.path: certs/my-certificates.p12  #配置为自已的p12秘钥文件名

(5)设置开机启动：

[root@localhost ~]# systemctl enable elasticsearch

(6)启动/查看/停止elasticsearch：

[root@localhost ~]# systemctl start elasticsearch
[root@localhost ~]# systemctl status elasticsearch
[root@localhost ~]# systemctl stop elasticsearch

(7)系统调优：

<1>修改/etc/security/limits.conf：

[root@localhost ~]# vi /etc/security/limits.conf

内容如下：

#nofile表示单进程允许打开文件最大个数
* soft nofile 65536   #软限制
* hard nofile 65536   #硬限制
* soft nproc 2048 
* hard nproc 4096

<2>修改/etc/sysctl.conf：

[root@localhost ~]# vi /etc/sysctl.conf

内容如下：

vm.max_map_count=655360      #限制一个进程占用的虚拟内存的数量

<3>输入命令让参数生效：

[root@localhost ~]# sysctl -p

(8)安装IK分词器(暂时没找到8.3.2版本的分词器)：

[root@localhost ~]# /usr/share/elasticsearch/bin/elasticsearch-plugin install https://.../elasticsearch-analysis-ik-x.x.x.zip

2.CentOS 7中安装kibana：

(1)下载kibana-8.3.2-x86_64.rpm：

https://www.elastic.co/cn/downloads/kibana

(2)用XFtp将安装包上传到/root目录，使用rpm命令安装：

[root@localhost ~]# rpm -ivh kibana-8.3.2-x86_64.rpm

(3)修改配置：

[root@localhost ~]# vi /etc/kibana/kibana.yml

内容如下：

server.port: 5601                                    #对外端口
server.host: "0.0.0.0"                               #绑定的IP,0.0.0.0支持外网所有主机访问
elasticsearch.hosts: ["http://192.168.83.128:9200"] #配置elasticsearch服务器地址，开启Xpack时用https
i18n.locale: "zh-CN"                                 #使用中文展示

(4)设置开机启动：

[root@localhost ~]# systemctl enable kibana

(5)启动/查看/停止kibana：

[root@localhost ~]# systemctl start kibana
[root@localhost ~]# systemctl status kibana
[root@localhost ~]# systemctl stop kibana

3.CentOS 7中安装logstash：

(1)下载logstash-8.3.2-x86_64.rpm：

https://www.elastic.co/cn/downloads/logstash

(2)用XFtp将安装包上传到/root目录，使用rpm命令安装：

[root@localhost ~]# rpm -ivh logstash-8.3.2-x86_64.rpm

(3)将logstash-sample.conf拷贝到conf.d目录(cd /etc/logstash)：

[root@localhost logstash]# cp logstash-sample.conf conf.d/logstash-sample.conf

(4)修改logstash-sample.conf配置(/etc/logstash/conf.d)：

[root@localhost ~]# vi logstash-sample.conf

内容如下：

input {
  beats {
    port => 5044
  }
}
output {
  elasticsearch {
    hosts => ["http://192.168.83.128:9200"]     #elasticsearch连接地址与端口，开启Xpack时用https
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    #user => "elastic"           #elasticsearch登录用户
    #password => "changeme"      #elasticsearch登录密码
  }
}

(5)测试配置是否正确(cd /usr/share/logstash/bin)：

[root@localhost bin]# ./logstash -e "input{stdin{}} output{stdout{}}"
...
[INFO ] 2022-07-14 08:06:35.826 [main] runner - Starting Logstash {"logstash.version"=>"8.3.2", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.15+10 on 11.0.15+10 +indy +jit [linux-x86_64]"}
...
[INFO ] 2022-07-14 08:06:42.036 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
...
测试输入         #此为命令行输入文本
{
         "event" => {
        "original" => "测试输入"
    },
          "host" => {
        "hostname" => "localhost.localdomain"
    },
      "@version" => "1",
       "message" => "测试输入",
    "@timestamp" => 2022-07-14T12:08:52.522767Z
}

(6)设置开机启动：

[root@localhost ~]# systemctl enable logstash

(7)启动/查看/停止logstash：

[root@localhost ~]# systemctl start logstash
[root@localhost ~]# systemctl status logstash
[root@localhost ~]# systemctl stop logstash