elk-7.6.2部署方案

最新推荐文章于 2023-07-12 16:52:08 发布

ljj987123

最新推荐文章于 2023-07-12 16:52:08 发布

阅读量2.7k

点赞数 1

文章标签： elasticsearch es

本文链接：https://blog.csdn.net/ljj987123/article/details/105450552

版权

案例环境

系统类型	IP地址	主机名	所需软件	内存
Centos 7.5	192.168.100.106	master	java-13.0.2 elasticsearch-7.6.2 kibana-7.6.2	2G
Centos 7.5	192.168.100.105	node1	java-13.0.2 elasticsearch-7.6.2 Logstash-7.6.2	2G
Centos 7.5	192.168.100.103	node2	java-13.0.2 elasticsearch-7.6.2	2G

下载软件

https://artifacts.elastic.co/downloads/

https://www.oracle.com/technetwork/java/javase/downloads/

关闭防火墙

setenforce 0

systemctl stop firewalld

systemctl disable firewalld

sed -i 's/enforcing/disabled/g' /etc/selinux/config

修改limits.conf

打开/etc/security/limits.conf，添加如下内容。

* soft nofile 65536

* hard nofile 65536

* soft nproc 2048

* hard nproc 4096

修改sysctl.conf

打开/etc/sysctl.conf，添加如下内容。

vm.max_map_count=655360

fs.file-max=655360

并执行命令：

sysctl -p

配置基础环境域名解析（在此只展示master节点的配置）

[root@master ~]# cat <<END >>/etc/hosts

192.168.100.106 master

192.168.100.105 node1

192.168.100.103 node2

END

所有节点安装JDK1.8（在此只展示master节点的配置）
[root@master ~]# rpm -ivh jdk-13.0.2_linux-x64_bin.rpm

[root@master~]# java -version

java version "13.0.2" 2020-01-14

Java(TM) SE Runtime Environment (build 13.0.2+8)
Java HotSpot(TM) 64-Bit Server VM (build 13.0.2+8, mixed mode, sharing)
所有节点安装elasticsearch（在此只展示master节点的配置）；
[root@master ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

[root@master ~]# yum -y localinstall elasticsearch-7.6.2-x86_64.rpm

[root@master ~]# rpm -qc elasticsearch

/etc/elasticsearch/elasticsearch.yml

/etc/elasticsearch/jvm.options

/etc/elasticsearch/log4j2.properties

/etc/elasticsearch/role_mapping.yml

/etc/elasticsearch/roles.yml

/etc/elasticsearch/users

/etc/elasticsearch/users_roles

/etc/init.d/elasticsearch

/etc/sysconfig/elasticsearch

/usr/lib/sysctl.d/elasticsearch.conf

/usr/lib/systemd/system/elasticsearch.service

[root@master-node ~]# ll /etc/elasticsearch/

总用量 36

-rw-rw---- 1 root elasticsearch 207 9月 22 02:31 elasticsearch.keystore

-rw-rw---- 1 root elasticsearch 3089 9月 22 06:09 elasticsearch.yml

-rw-rw---- 1 root elasticsearch 3009 9月 14 06:22 jvm.options

-rw-rw---- 1 root elasticsearch 6380 9月 14 06:22 log4j2.properties

-rw-rw---- 1 root elasticsearch 473 9月 14 06:22 role_mapping.yml

-rw-rw---- 1 root elasticsearch 197 9月 14 06:22 roles.yml

-rw-rw---- 1 root elasticsearch 0 9月 14 06:22 users

-rw-rw---- 1 root elasticsearch 0 9月 14 06:22 users_roles
必须先启动和自启Elasticsearch7.6.2服务，否则会报错：

sudo systemctl enable elasticsearch.service

sudo systemctl start elasticsearch.service

Elasticsearch简单配置：

IP：192.168.100.106Elasticsearch配置

[root@master~]# vim /etc/elasticsearch/elasticsearch.yml

cluster.name: my-application ##集群名称
node.name: master ##该节点名称

node.master: true ##该节点为主节点
node.data: true ##表示这是数据节点
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.100.106 ##监听ip
http.port: 9200 ##es服务的端口号
discovery.seed_hosts: ["192.168.100.106:9300", "192.168.100.105:9300", "192.168.100.103:9300"]
cluster.initial_master_nodes: ["192.168.100.106", "192.168.100.105", "192.168.100.103"]
IP：192.168.100.105Elasticsearch配置

[root@node1~]# vim /etc/elasticsearch/elasticsearch.yml

cluster.name: my-application
node.name: node1

node.master: false
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.100.105
http.port: 9200
discovery.seed_hosts: ["192.168.100.106:9300", "192.168.100.105:9300", "192.168.100.103:9300"]
cluster.initial_master_nodes: ["192.168.100.106", "192.168.100.105", "192.168.100.103"]
IP：192.168.100.103Elasticsearch配置

[root@node2~]# vim /etc/elasticsearch/elasticsearch.yml

cluster.name: my-application
node.name: node2

node.master: false
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.100.103
http.port: 9200
discovery.seed_hosts: ["192.168.100.106:9300", "192.168.100.105:9300", "192.168.100.103:9300"]
cluster.initial_master_nodes: ["192.168.100.106", "192.168.100.105", "192.168.100.103"]

重新启动：

[root@master ~]# sudo systemctl restart elasticsearch.service

[root@master ~]# netstat -utpln|grep java

tcp6 0 0 192.168.100.106:9200 :::* LISTEN 6279/java

tcp6 0 0 192.168.100.106:9300 :::* LISTEN 6279/java

[root@master ~]# curl -X GET http://192.168.100.106:9200/

{

"name" : "master",

"cluster_name" : "my-application",

"cluster_uuid" : "hhRpqqigTweLEdKdiynICA",

"version" : {

"number" : "7.6.2",

"build_flavor" : "default",

"build_type" : "rpm",

"build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",

"build_date" : "2020-03-26T06:34:37.794943Z",

"build_snapshot" : false,

"lucene_version" : "8.4.0",

"minimum_wire_compatibility_version" : "6.8.0",

"minimum_index_compatibility_version" : "6.0.0-beta1"

"tagline" : "You Know, for Search"

}

在es集群的master主节点安装并配置启动kibana：

[root@master ~]# ls

anaconda-ks.cfg jdk-13.0.2_linux-x64_bin.rpm 模板文档桌面

elasticsearch-7.6.2-x86_64.rpm kibana-7.6.2-x86_64.rpm 视频下载

initial-setup-ks.cfg 公共图片音乐

[root@master ~]# rpm -ivh kibana-7.6.2-x86_64.rpm

[root@master ~]# sudo systemctl enable kibana.service

Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service.

[root@master ~]# sudo systemctl start kibana.service

[root@master ~]# vim /etc/kibana/kibana.yml

server.port: 5601

server.host: 192.168.100.108

elasticsearch.url: "http://192.168.100.108:9200"

logging.dest: /var/log/kibana.log

i18n.locale: "zh-CN"

:wq

[root@master ~]# touch /var/log/kibana.log

[root@master ~]# chmod 777 /var/log/kibana.log

[root@master ~]# sudo systemctl restart kibana.service

[root@master ~]# netstat -utpln |grep node

tcp 0 0 192.168.100.106:5601 0.0.0.0:* LISTEN 2300/node

使用web浏览器访问kibana的web页面进行验证：

在浏览器里进行访问http://192.168.100.106:5601 ，由于我们并没有安装x-pack，所以此时是没有用户名和密码的，可以直接访问的：

在es集群的node1从节点安装并测试配置启动logstash；

[root@node1 ~]# ls

anaconda-ks.cfg jdk-13.0.2_linux-x64_bin.rpm 模板文档桌面

elasticsearch-7.6.2-x86_64.rpm logstash-7.6.2.rpm 视频下载

initial-setup-ks.cfg 公共图片音乐

[root@node1 ~]# rpm -ivh logstash-7.6.2.rpm

[root@node1 ~]# systemctl enable logstash.service

Created symlink from /etc/systemd/system/multi-user.target.wants/logstash.service to /etc/systemd/system/logstash.service.

[root@node1 ~]# sudo systemctl start logstash.service

[root@node1 ~]# vim /etc/logstash/conf.d/logstash.conf

input { ##定义日志源

syslog {

type => "system-syslog" ##定义类型

port => 5044 ##定义监听端口

}

output { ##定义日志输出

elasticsearch {

hosts => ["192.168.100.105:9200"]

index => "system-syslog-%{+YYYY.MM}"

}

:wq

[root@node1 ~]# vim /etc/logstash/logstash.yml

http.host: "192.168.100.105"

:wq

[root@node1 ~]# vim /etc/rsyslog.conf ##追加

*.* @@192.168.100.105:5044

:wq

[root@node1 ~]# systemctl restart rsyslog

[root@node1 ~]# sudo systemctl restart logstash.service

[root@node1 ~]# netstat -nulpt |grep 5044

tcp6 0 0 :::5044 :::* LISTEN 2621/java

udp 0 0 0.0.0.0:5044 0.0.0.0:* 2621/java