1. 文件下载
Download Elasticsearch | Elastic
2.安装
# 解压
tar -xzf elasticsearch-8.6.2-linux-x86_64.tar.gz
# 移动
mv elasticsearch-8.6.2 /usr/local/elasticsearch-8.6.2/
3.配置
vi config/elasticsearch.yml
network.host: 访问IP
http.host: 访问IP
ingest.geoip.downloader.enabled: false
4.启动
# 创建用户
adduser elasti
# 设置密码
passwd elasti
# 修改目录归属
chown -R elasti:elasti /usr/local/elasticsearch-8.6.2/
# 读写权限修改
chmod 770 /usr/local/elasticsearch-8.6.2/
# 指定用户启动
su elasti ./bin/elasticsearch
启动脚本:
#!/bin/bash
# nohup su elastic ./bin/elasticsearch > logs/out.log 2>&1 &
export ES_HOME=/usr/local/elasticsearch-8.6.2
case $1 in
start)
cd $ES_HOME
sudo -u elastic bin/elasticsearch -d -p pid
exit
pid=`cat $ES_HOME/pid`
echo "启动成功 $pid"
;;
stop)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "停止成功 $pid"
;;
restart)
cd $ES_HOME
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "停止成功 $pid"
sudo -u elastic bin/elasticsearch -d -p pid
pid=`cat $ES_HOME/pid`
echo "启动成功 $pid"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
5.其他命令
# 重置密码
bin/elasticsearch-reset-password -u elastic
6.访问
# 开放端口
firewall-cmd --zone=public --add-port=9200/tcp --permanent
# 生效
firewall-cmd --reload
地址:https://外网IP:9200/访问https://外网IP:9200/ 置超级用户`elastic` , 密码在初次运行时控制台有输出。 也可以重置
备注
问题:
bootstrap check failure [1] of [2]: max number of threads [2824] for user [elasti] is too low, increase to at least [4096]
bootstrap check failure [2] of [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]处理:
vi /etc/security/limits.conf # 追加或修改下面内容 elastic 用户名 elasti soft nproc 4096 elasti hard nproc 4096
vi /etc/sysctl.conf # 追加或修改 ... vm.max_map_count=655360 # 执行下 sysctl -p
Kibana安装
1.下载
Download Kibana Free | Get Started Now | Elastic
2.安装
# 解压
tar -zxvf kibana-8.6.2-linux-x86_64.tar.gz
# 移动
mv kibana-8.6.2 /usr/local/kibana-8.6.2
# 修改目录归属
chown -R elasti:elasti /usr/local/kibana-8.6.2
3.配置
vi config/kibana.yml
# 开放端口
firewall-cmd --zone=public --add-port=5601/tcp --permanent
# 重新加载
firewall-cmd --reload
server.port: 5601
server.host: "外网IP"
i18n.locale: "zh-CN"
4.启动
sudo -u elastic bin/kibana
启动脚本
#!/bin/bash
# 初始化PID
pid=0
### 启动方法 ####
start() {
nohup sudo -u elastic bin/kibana > logs/out.log 2>&1 &
pid=`ps -ef | grep 'bin/kibana' | awk 'NR==1{print $2}'`
echo "启动完成.pid=$pid"
}
### 停止方法 ###
stop() {
# pid=`ps -ef | grep 'bin/kibana' | awk 'NR==1{print $2}'`
# 根据端口号停止
pid=`netstat -lntp | grep ':5601' | awk -F '[ /]+' '{print $7}'`
if [ "$pid" = "" ]; then
pid=0
fi
if [ $pid -ne 0 ]; then
kill -9 $pid
echo -n "停止应用 PID $pid "
else
echo '程序未启动'
fi
}
case "$1" in
'start')
start
;;
'stop')
stop
;;
'restart')
stop
start
;;
*)
echo "使用 $0 {start|stop|restart}"
;;
esac
exit 1
5.访问
http://外网IP:5601/访问http://外网IP:5601/
首次登录需要token
进入elasticsearch目录,创建token
bin/elasticsearch-create-enrollment-token -s kibana
filebeat 安装
1.下载
Download Filebeat • Lightweight Log Analysis | Elastic
2.安装
# 解压
tar -zxvf filebeat-8.6.2-linux-x86_64.tar.gz
# 移动
mv filebeat-8.6.2-linux-x86_64 /usr/local/filebeat-8.6.2
# 修改目录归属
chown -R elasti:elasti /usr/local/filebeat-8.6.2
3.配置
vi filebeat.yml
setup.kibana:
host: "访问IP:5601"
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["访问IP:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "elastic"
password: "e=wWMl5GlBURM"
ssl.ca_trusted_fingerprint: "EB4F04D9EAAFB4BF00014875F526E9A77AC57D521E1DFA173B3409D8A1E8C816"
# ssl.ca_trusted_fingerprint: 获取
openssl x509 -fingerprint -sha256 -in /usr/local/elasticsearch-8.6.2/config/certs/http_ca.crt
# 输出内容去掉冒号 :
启用模块
# 启用和配置 nginx模块
sudo -u elastic ./filebeat modules enable nginx
# 在 modules.d/nginx.yml 文件中修改设置。必须至少启用一个文件集。
4.启动
# 启动
nohup sudo -u elastic ./filebeat setup >logs/out.log 2>&1 &
sudo -u elastic ./filebeat -e
其他
1.Unable to create actions client because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
# 使用下面命令生成 key值,配置到conf/kibana.yml
bin/kibana-encryption-keys generate
# 生成内容如下,可以直接添加到kibana.yml末尾
...
xpack.encryptedSavedObjects.encryptionKey: 135861b8f920315201f0c272f490d32d
xpack.reporting.encryptionKey: 7642ed3b6a362430f61fffbba0905c31
xpack.security.encryptionKey: c93a6a330b9749670d96f597c1431c7b