一、JDK环境(建议JDK11):
在/etc/profile末尾添加以下内容:
export JAVA_HOME=/usr/local/jdk11.0.6_91
export PATH=${JAVA_HOME}/bin:${PATH}
然后source /etc/profile
二、安装Elasticsearch
官方下载地址:https://www.elastic.co/downloads/past-releases/elasticsearch-7-6-0
#创建用户elasticsearch-7.6.0
useradd elasticsearch
tar -xf elasticsearch-7.6.0.tar.gz -C /home/elasticsearch/ #解压
chown -R elasticsearch. elasticsearch #授权
#修改所有节点的默认内核参数
echo "vm.swappiness=0" >> /etc/sysctl.conf
echo "vm.max_map_count=655350" >> /etc/sysctl.conf
sysctl -p
#修改所有节点的linux资源限制,永久生效
cat /etc/security/limits.conf|grep -v "^#"
* soft nofile 1024000
* hard nofile 1024000
* soft nproc unlimited
* hard nproc unlimited
* soft core unlimited
* hard core unlimited
* soft memlock unlimited
* hard memlock unlimited
ulimit -SHn 1024000
#修改配置文件,添加以下内容:
cluster.name: ES-cluster
node.name: f7ec9b80edc5
node.attr.hotwarm_type: hot
path.data: /home/elasticsearch/elasticsearch-7.6.0/data
path.logs: /home/elasticsearch/elasticsearch-7.6.0/data
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["127.0.0.1"]
cluster.initial_master_nodes: ["f7ec9b80edc5"]
http.cors.enabled: true
http.cors.allow-origin: "*"
#切换到elasticsearch用户启动服务
bin/elasticsearch -d
三、Kibana安装
官方下载地址:https://www.elastic.co/downloads/past-releases/kibana-7-6-0
#解压进入目录修改配置 vim config/kibana.yml
#将默认配置改成如下:
i18n.locale: "zh-CN" #kibana默认文字是英文,变更成中文
server.port: 5601 #浏览器访问端口
server.host: "0.0.0.0" #对外的服务地址
elasticsearch.hosts: ["http://127.0.0.1:9200"] #这里为你的elasticsearch集群的地址
kibana.index: ".kibana" #开启此选项
xpack.reporting.encryptionKey: "a_random_string" #随机密钥
xpack.security.encryptionKey: "something_at_least_32_characters" #最少32位随机字符
#启动 bin/kibana
四、安装Logstash
官方下载地址:https://www.elastic.co/downloads/past-releases/logstash-7-6-0
#解压 tar -zxf logstash-7.6.0.tar.gz
cd logstash-7.6.0
./bin/logstash -e 'input { stdin { } } output { stdout {} }'
#启动后随便输入内容测试看输出
#在config下的主配置文件logstash.yml末尾添加以下内容:
path.data: /home/elasticsearch/logstash-7.6.0/data #数据存储路径
path.config: /home/elasticsearch/logstash-7.6.0/conf.d/*.conf #配置文件目录
path.logs: /home/elasticsearch/logstash-7.6.0/logs #日志输出路径
#创建配置文件目录:
mkdir /home/elasticsearch/logstash-7.6.0/conf.d
#在conf.d下创建.conf结尾的配置文件,内容如下:
input {
# stdin {}
kafka {
bootstrap_servers => "192.168.8.100:9092"
topics => ["logstash"]
type => "test"
}
}
filter {
if [type] == "test" {
json {
source => "message"
target => "jsoncontent"
}
mutate {
split => ["jsoncontent",","]
update => {"message" => "%{[jsoncontent][message]}"}
remove_field => ["@timestamp","@version","jsoncontent"]
}
}
}
output {
if [type] == "test" {
# stdout {codec => rubydebug}
elasticsearch {
hosts => "http://172.17.0.2:9200"
manage_template => false
index => "test-%{+yyyy.MM}"
}
}
}
bin/logstash -f logstash.conf --config.test_and_exit #检查配置文件语法是否正确
bin/logstash -f conf.d/logstash.conf --config.reload.automatic
#--config.reload.automatic可以在Logstash不重启的情况下自动加载配置文件
五、filebeat安装
官方下载地址:https://www.elastic.co/downloads/past-releases/filebeat-7-6-0
#解压
tar -zxvf filebeat-7.6.0-linux-x86_64.tar.gz
#配置文件filebeat.yml里面的内容先全部注释掉,然后末尾添加以下内容:
filebeat.inputs:
- type: log
enabled: true
paths:
- /tmp/logs/*.log
output.kafka:
enabled: true
hosts: ["192.168.8.100:9092"]
topic: logstash
#启动(最好先启动logstash不然没有消费者会崩)
./filebeat -e -c filebeat.yml -d "publish"