一、系统环境配置
1、JDK检查
java -version
2、yum源配置
cat >> /etc/yum.repos.d/ELK.repo << "EOF"
[ELK]
name=ELK-Elasticstack
baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/
gpgcheck=0
enabled=1
EOF二、elasticsearch部署
1、ES1:
yum -y install elasticsearch
# 修改系统配置文件属性
cat >> /etc/security/limits.conf << "EOF"
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
elasticsearch soft nofile 65535
elasticsearch hard nofile 65535
EOF
#修改配置文件
sed -i 's/^path.data/#path.data/' /etc/elasticsearch/elasticsearch.yml
sed -i 's/^path.logs/#path.logs/' /etc/elasticsearch/elasticsearch.yml
cat >> /etc/elasticsearch/elasticsearch.yml << "EOF"
#添加集群名称
cluster.name: els
#添加节点名称
node.name: els-1
#修改数据存放路径
path.data: /data/els_data
#修改日志存放路径
path.logs: /data/log/els
#锁定jvm.options指定的内存,不交换swap内存
#bootstrap.memory_lock: true
#添加绑定IP地址
network.host: 172.25.190.48
#添加端口号
http.port: 9200
#配置集群配置,填写集群节点,会自动发现节点
discovery.zen.ping.unicast.hosts: ["172.25.190.48", "172.25.190.50"]
# 集群配置 只需要修改节点名,和绑定ip地址即可
EOF
# vim /etc/elasticsearch/jvm.options
#-Xms1g #指定占用内存大小,两个数字要一致 都是1g
#-Xmx1g
#创建数据目录
mkdir -p /data/els_data
mkdir -p /data/log/els
chown -R elasticsearch.elasticsearch /data/els_data
chown -R elasticsearch.elasticsearch /data/log/elsPS:如提示找不到JAVA_HOME
在/etc/sysconfig/elasticsearch中添加JAVA_HOME=/usr/local/install/jdk-11.0.7
2、部署其他ES节点
yum -y install elasticsearch
# 修改系统配置文件属性
cat >> /etc/security/limits.conf << "EOF"
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
elasticsearch soft nofile 65535
elasticsearch hard nofile 65535
EOF
#??
#elasticsearch soft nproc 4096
#elasticsearch hard nproc 4096
#修改配置文件
sed -i 's/^path.data/#path.data/' /etc/elasticsearch/elasticsearch.yml
sed -i 's/^path.logs/#path.logs/' /etc/elasticsearch/elasticsearch.yml
cat >> /etc/elasticsearch/elasticsearch.yml << "EOF"
#添加集群名称
cluster.name: els
#添加节点名称
node.name: els-2
#修改数据存放路径
path.data: false
#修改日志存放路径
path.logs: /data/log/els
#锁定jvm.options指定的内存,不交换swap内存
#bootstrap.memory_lock: true
#添加绑定IP地址
network.host: 172.25.190.49
#添加端口号
http.port: 9200
#配置集群配置,填写集群节点,会自动发现节点
discovery.zen.ping.unicast.hosts: ["172.25.190.48", "172.25.190.50","172.25.190.49"]
# 集群配置 只需要修改节点名,和绑定ip地址即可
EOF
# vim /etc/elasticsearch/jvm.options
-Xms1g #指定占用内存大小,两个数字要一致 都是1g
-Xmx1g
#创建数据目录
mkdir -p /data/els_data
mkdir -p /data/log/els
chown -R elasticsearch.elasticsearch /data/els_data
chown -R elasticsearch.elasticsearch /data/log/els三、kibana部署
yum -y install kibana
#配置Kibana
cat >> /etc/kibana/kibana.yml << "EOF"
server.port: 5610
server.host: "0.0.0.0"
elasticsearch.url: "http://172.25.190.48:9200"
kibana.index: ".kibana"
# 配置kibana日志输出到哪里
logging.dest: /data/log/kibana/kibana.log
i18n.locale: "zh-CN"
EOF
# 创建日志目录文件
mkdir -p /data/log/kibana/
touch /data/log/kibana/kibana.log
chmod o+rw /data/log/kibana/kibana.log四、logstash部署
1、JDK检查
2、yum源配置
cat >> /etc/yum.repos.d/ELK.repo << "EOF"
[ELK]
name=ELK-Elasticstack
baseurl=https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-6.x/
gpgcheck=0
enabled=1
EOF3、安装
yum -y install logstash4、修改配置文件
cat >> /etc/logstash/logstash.yml << "EOF"
http.host: "127.0.0.1"
http.port: 9600-9700
EOF
cat >> /etc/logstash/conf.d/message.conf << "EOF"
input {
file {
type =>"message-info-log"
path => ["/mnt/qx/message/logs/info/*.log"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
file {
type =>"message-error-log"
path => ["/mnt/qx/message/logs/error/*.log"]
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
output {
if [type] == "message-info-log" {
elasticsearch {
hosts => ["172.25.190.48:9200"]
index => "message-info-log-%{+YYYY.MM}"
}
}
else if [type] == "message-error-log"{
elasticsearch {
hosts => ["172.25.190.48:9200"]
index => "message-error-log-%{+YYYY.MM}"
}
}
}
EOFPS:日志收集及索引建立请另行参考logstash配置
220
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
