安装ELK
一、安装前环境配置
1、卸载centos8自带jdk1.8
yum -y remove java-1.8.0*
2、安装openjdk11
sudo dnf install java-11-openjdk-devel
3、提示:请使用root用户安装
二、安装Elasticsearch(在线安装)
https://www.elastic.co/guide/en/elasticsearch/reference/7.10/rpm.html#rpm-repo
1、使用rpm命令导入源的 GPG:
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
2、vim修改vim /etc/yum.repos.d/elasticsearch.repo
粘贴下面的内容到文件中:
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
:wq!
3、安装 Elasticsearch 软件包,输入:
sudo dnf install elasticsearch
4、启动服务并验证状态:
sudo systemctl enable elasticsearch.service --now
sudo systemctl start elasticsearch.service
sudo systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2021-01-01 06:05:41 PST; 13s ago
Docs: https://www.elastic.co
Main PID: 32122 (java)
Tasks: 68 (limit: 48694)
Memory: 1.2G
CGroup: /system.slice/elasticsearch.service
├─32122 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -
└─32310 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Jan 01 06:04:50 dahouzi-elk systemd[1]: Starting Elasticsearch...
Jan 01 06:05:41 dahouzi-elk systemd[1]: Started Elasticsearch.
5、验证 Elasticsearch 是否运行
[root@dahouzi-elk jvm]# curl -X GET "localhost:9200/"
{
"name" : "dahouzi-elk",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "IyK8r1PQRM2MCk5z00BbLQ",
"version" : {
"number" : "7.10.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "1c34507e66d7db1211f66f3513706fdf548736aa",
"build_date" : "2020-12-05T01:00:33.671820Z",
"build_snapshot" : false,
"lucene_version" : "8.7.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
三、安装Logstash(基于RPM包)
1、下载RPM包,点击RPM X86_64
https://www.elastic.co/cn/downloads/logstash
2、文件下载到/usr/elk
目录
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1-x86_64.rpm
3、安装Logstash
[root@dahouzi-elk elk]# ll
total 899900
-rw-r--r--. 1 root root 318860379 Dec 31 22:08 elasticsearch-7.10.1-x86_64.rpm
-rw-r--r--. 1 root root 250278931 Dec 31 21:00 kibana-7.10.1-x86_64.rpm
-rw-r--r--. 1 root root 352352275 Dec 31 22:44 logstash-7.10.1-x86_64.rpm
[root@dahouzi-elk elk]# rpm -ivh logstash-7.10.1-x86_64.rpm
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:logstash-1:7.10.1-1 ################################# [100%]
Using bundled JDK: /usr/share/logstash/jdk
Using provided startup.options file: /etc/logstash/startup.options
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.31/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated
Successfully created system startup script for Logstash
四、安装Kibana(基于RPM包)
https://www.elastic.co/cn/downloads/kibana
1、文件下载到/usr/elk
目录
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.10.1-x86_64.rpm
2、安装Kibana
[root@dahouzi-elk elk]# rpm -ivh kibana-7.10.1-x86_64.rpm
Verifying... ################################# [100%]
Preparing... ################################# [100%]
Updating / installing...
1:kibana-7.10.1-1 ################################# [100%]
[/usr/lib/tmpfiles.d/elasticsearch.conf:1] Line references path below legacy directory /var/run/, updating /var/run/elasticsearch → /run/elasticsearch; please update the tmpfiles.d/ drop-in file accordingly.
[/usr/lib/tmpfiles.d/kibana.conf:1] Line references path below legacy directory /var/run/, updating /var/run/kibana → /run/kibana; please update the tmpfiles.d/ drop-in file accordingly.
配置ELK
五、配置Elasticsearch
配置路径:
/etc/elasticsearch/elasticsearch.yml
重启sudo systemctl restart elasticsearch
# ======================== Elasticsearch Configuration =========================
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
cluster.name: dahouzi
#
# ------------------------------------ Node ------------------------------------
# Use a descriptive name for the node:
node.name: dahouzi-elk
# Add custom attributes to the node:
#node.attr.rack: r1
# ----------------------------------- Paths ------------------------------------
# Path to directory where to store the data (separate multiple locations by comma):
path.data: /var/lib/elasticsearch
# Path to log files:
#
path.logs: /var/log/elasticsearch
# ---------------------------------- Memory -----------------------------------
# Lock the memory on startup:
#bootstrap.memory_lock: true
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
# Elasticsearch performs poorly when the system is swapping the memory.
# ---------------------------------- Network -----------------------------------
# Set the bind address to a specific IP (IPv4 or IPv6):
network.host: 0.0.0.0
# Set a custom port for HTTP:
http.port: 9200
# For more information, consult the network module documentation.
# --------------------------------- Discovery ----------------------------------
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
discovery.seed_hosts: ["dahouzi-elk", ""]
# Bootstrap the cluster using an initial set of master-eligible nodes:
cluster.initial_master_nodes: ["dahouzi-elk"]
# For more information, consult the discovery and cluster formation module documentation.
# ---------------------------------- Gateway -----------------------------------
# Block initial recovery after a full cluster restart until N nodes are started:
#gateway.recover_after_nodes: 3
# For more information, consult the gateway module documentation.
# ---------------------------------- Various -----------------------------------
# Require explicit names when deleting indices:
#action.destructive_requires_name: true
六、配置Logstash
七、配置Kibana
配置路径:
/etc/kibana/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# The Kibana server's name. This is used for display purposes.
server.name: dahouzi-elk
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: "http://0.0.0.0.0:9200"
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
kibana.index: ".kibana"
打开页面:http://127.0.0.1:5601