💡 ElasticStack系统框架:
- Beat:采集资料
- Logstash:接收及预处理
- Elasticsearch:存储及分析
- Kibana:可视化页面
💡 流程
- 搭建 ElasticSearch
- 搭建 Logstash
- 搭建 Kibana
官方下载&安装教程:https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html
1. 搭建ElasticSearch
下载并解压包,打开 config/elasticsearch.yml 添加配置:
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
在 elasticsearch 安装目录下运行:
./bin/elasticsearch
第一次启动 elasticsearch 会显示 elastic 的 password 和 Kibana 的 enrollment token,需要复制保存,后面配置Kibana会用到:(注:token 30min有效)
The generated password for the elastic built-in superuser is:
<password>
The enrollment token for Kibana instances, valid for the next 30 minutes:
<enrollment-token>
The hex-encoded SHA-256 fingerprint of the generated HTTPS CA DER-encoded certificate:
<fingerprint>
You can complete the following actions at any time:
Reset the password of the elastic built-in superuser with
'bin/elasticsearch-reset-password -u elastic'.
Generate an enrollment token for Kibana instances with
'bin/elasticsearch-create-enrollment-token -s kibana'.
Generate an enrollment token for Elasticsearch nodes with
'bin/elasticsearch-create-enrollment-token -s node'.
可以使用以下命令验证 Elasticsearc 是否启动成功:
curl --cacert $ES_HOME/config/certs/http_ca.crt -u elastic https://localhost:9200
若服务正常,则出现以下响应:
{
"name" : "Cp8oag6",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "AT69_T_DTp-1qgIJlatQqA",
"version" : {
"number" : "8.4.3",
"build_type" : "tar",
"build_hash" : "f27399d",
"build_flavor" : "default",
"build_date" : "2016-03-30T09:51:41.449Z",
"build_snapshot" : false,
"lucene_version" : "9.3.0",
"minimum_wire_compatibility_version" : "1.2.3",
"minimum_index_compatibility_version" : "1.2.3"
},
"tagline" : "You Know, for Search"
}
2. 搭建 Kibana
下载并解压包。在 kibana 安装目录下运行:
./bin/kibana
然后出现一个URL,点击URL进行 Kinaba 和 Elasticsearch 的安全连接:
输入之前 Elasticsearch 运行输出的 enrollment token ,点击 Configure Elastic,通过 TLS 连接到 Elasticsearch:
如果出现token无法使用/过期的错误,可以重新获取token:
bin/elasticsearch-create-enrollment-token -s kibana --url https://localhost:9200
如果无法通过 enrollment token 获取连接,可以通过 Configure Manually 进行连接。因此需要设置 kibana_system 的 password 并在 kibana.yml 进行配置:(注:前面配置 Elasticsearch 获得的password 是系统用户 elastic,不是kibana_system)
server.port: 5601
server.host: 'localhost'
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: kibana_system
elasticsearch.password: your_kibana_password elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]
其中,kibana_system 的 password 可以通过以下设置获得:
bin/elasticsearch-reset-password -i -u elastic --url https://localhost:9200
连接成功后出现以下界面,可以开始新的探索: