写在前面:强烈推荐多看下es的官网文档,很细致也很使用,然后看一些文章的配置,借鉴下别人配置的经验。(本文很多都是基于官方文档进行配置,部分配置也进行了省略,如elk+heartbeat启动省略,尤其是heartbeat)
1、下载安装及配x置
1.1、elk+heartbeat的下载安装
https://www.elastic.co/ ,这是elastic stack的官网,可自行下载安装ELK+heartbeat
注:需要保持版本的一致,因为我自己使用的时候是7.7的,仍尚处于开发及完善中
1.2、es单节点或多节点配置
1.2.1、es单节点配置:
A:修改config/elasticsearch.yml
- #跨域
- http.cors.enabled: true
- http.cors.allow-origin: "*"
- #设置节点名称
- node.name: master
- #设置往外暴露ip,因为此时在windows下,所以直接暴露本地
- network.host: 127.0.0.1
- http.port: 9200
- #配置数据存储地址,我这里没有配置使用默认地址
- #path.data=""
- #配置日志存储地址
- #path.log=""
- #xpack是个收费插件,功能强大.可自行百度
- xpack.ml.enabled: false
- xpack.security.enabled: false
- #配置email(网易163邮箱,对于发件箱来说同样可以选择QQ和阿里云等邮箱,区别是)
- xpack.notification.email.account:
- 163_account: # 发件箱配置名称,可以随意指定,配置多个发件箱地址时会根据这个进行区分
- profile: standard # 采用默认的邮件模板
- email_defaults: # 设置默认发件箱
- from: xxxxxx@163.com # 发件箱
- smtp:
- auth: true # 开启账号验证
- starttls.enable: false # 关闭ssl
- starttls.required: false # 不要ssl
- host: smtp.163.com # 阿里云企业邮箱smtp地址
- port: 25 # 端口
- user: xxxxxxxx@163.com # 发件箱
1.2.2、es集群配置:
指定主节点名和从节点名
- Master:
- #设置集群名称
- cluster.name: elastic
- Node:
- #集群名称,只要是一个集群就要一样的名称
- cluster.name: elastic
- #节点名称
- node.name: slave0(从节点名建议改动易辨识)
- #对外暴露端口号
- http.port: 8201/8202(不同节点port不同即可)
- #对外暴露ip
- network.host: 127.0.0.1
- #发现集群节点,默认端口号是9200
- discovery.zen.ping.unicast.hosts: ["127.0.0.1"]
1.3:kibana设置
- # 本机的端口
- server.port: 5601
- # 本机IP地址
- server.host: "127.0.0.1"
- # ES的服务IP+端口
- elasticsearch.hosts: ["http://localhost:9200"]
- #在es中设置过在此处仍需要重新设置,默认是true可能会出现索引异常
- xpack.ml.enabled: false
- xpack.security.enabled: false
- #开启uptime里的alert
- xpack.reporting.encryptionKey: "guyuan"
- xpack.security.encryptionKey: "122333444455555666666777777788888888"
- xpack.encryptedSavedObjects.encryptionKey: "122333444455555666666777777788888888"
1.4、heartbeat设置
-
# heartbeat.yml heartbeat.monitors: - type: icmp id: ping-myhost name: My Host Ping hosts: ["myhost"] schedule: '*/5 * * * * * *' - type: tcp id: myhost-tcp-echo name: My Host TCP Echo hosts: ["myhost:777"] # default TCP Echo Protocol check.send: "Check" check.receive: "Check" schedule: '@every 5s' - type: http id: service-status name: Service Status hosts: ["http://localhost:80/service/status"] check.response.status: [200] schedule: '@every 5s' heartbeat.scheduler: limit: 10
heartbeat/heartbeat.yml里设置你需要监控的数据源
ps:附带一份7.xELK的kibana破解至白金版的说明
1、elasticsearch-7.x.x\modules\x-pack-core\
目录下的x-pack-core-7.x.x.jar
文件赋值一份,
2、手动创建XPackBuild.java
和LicenseVerifier.java
两个文件
注:此处改动的主要依据是LicenseVerifier中的return true,将读取到的许可证默认全部赋予可以使用的权限,所以在license.json文件中可以改动版本和使用限制时间。
package org.elasticsearch.xpack.core;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.jar.JarInputStream;
import java.util.jar.Manifest;
public class XPackBuild {
public static final XPackBuild CURRENT;
static {
CURRENT = new XPackBuild("Unknown", "Unknown");
}
/**
* Returns path to xpack codebase path
*/
@SuppressForbidden(reason = "looks up path of xpack.jar directly")
static Path getElasticsearchCodebase() {
URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
try {
return PathUtils.get(url.toURI());
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
private String shortHash;
private String date;
XPackBuild(String shortHash, String date) {
this.shortHash = shortHash;
this.date = date;
}
public String shortHash() {
return shortHash;
}
public String date() {
return date;
}
}
package org.elasticsearch.license;
/**
* Responsible for verifying signed licenses
*/
public class LicenseVerifier {
/**
* verifies the license content with the signature using the packaged
* public key
* @param license to verify
* @return true if valid, false otherwise
*/
public static boolean verifyLicense(final License license, byte[] publicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}
使用javac 编译这两个文件
javac -cp "D:\develop\elasticsearch-7.5.0\modules\x-pack-core\x-pack-core-7.5.0.jar;D:\develop\elasticsearch-7.5.0\lib\lucene-core-8.3.0.jar;D:\develop\elasticsearch-7.5.0\lib\elasticsearch-7.5.0.jar;D:\develop\elasticsearch-7.5.0\lib\elasticsearch-core-7.5.0.jar" C:\Users\test\Desktop\XPackBuild.java
"module/lib"为你的ES中module/lib的路径,需要根据安装者的实际情况来,"C:\Users\test\Desktop\XPackBuild.java"为生成的两个.class文件目录。生成后直接替换。
替换许可证
官方申请地址: https://register.elastic.co/marvel_register
公司地址什么课以随便填写,邮箱要填好,然后收到邮件,进行文件下载。 下载下来,修改里面的内容,主要是把 "basic" 改为 "platinum" 即白金版,"expiry_date_in_millis" 这个时间戳改大点,就够用了。
附带一份(可直接使用,建议保存文件名为license.json):
{"license":{"uid":"4000d1b5-a06b-4d18-8501-ca3754b2c6c7","type":"platinum","issue_date_in_millis":1571875200000,"expiry_date_in_millis":253402271999000,"max_nodes":100,"issued_to":"bob mike (mikebob)","issuer":"Web Form","signature":"AAAAAwAAAA3CvX09J7V8T5tT0i55AAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCQmJJzPPt4L/B3VQzRKxSp3Krg6sDfnsnoxSW4Tp2YeH19wfa8fpKaEifYlLTT8PvpExGLyR+STnYv1qI5D9Uhi9jT4THDR5mKasfYvqk/Mz5MLedNCw+Yt/r4u7EC5bFMA0uZis4B+3VqTDrWEvcc1fRyOvjzh2tE29vYDhfUaqTJGXp9VXMooXGx7ZaNy9mIxP4J2ywgtfvj4qFFZeg8ZYUsvAki3Mk4QTiTcSZc3OT9+ZVtO1/3OXpHANmy69ENqpayoJOm3UvRaWkR0ksIzgZkGF5m0S/2iNeFs5OfoBvbjpNcsGRxo/uqIi4fW3J2b/gfaP3DFh1IINK+5Md4","start_date_in_millis":1571875200000}}
进入kibana-management-license Management 导入上面的保存的文件即可。
此时就可以进入uptime里面设置alert了。
(多看下es官方的文档)