1.1 修改线程信息 vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
1.2 修改线程开启限制
* soft noroc 4096
root soft nproc unlimited
1.3修改系统控制权限
centos6.6 vim /etc/sysctl.conf
centos8 vim /etc/sysctl.d/99-sysctl.conf
vm.max_map_count=655360
sysctl -p 生效
#es
docker pull elasticsearch:7.17.3
docker run --name=es -d -p 9200:9200 --restart=always -e "discovery.type=single-node" elasticsearch:7.17.3
docker run --name=es -d -p 9200:9200 --restart=always -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms512m -Xmx512m" elasticsearch:8.3.3
systemctl restart docker
#kibana
docker pull kibana:7.17.3
docker run -it -d --name kibana --restart=always --link es:es -p 5601:5601 kibana:7.17.3
docker exec -it kibana /bin/bash
cd config
vi kibana.yml #没有vi命令用 docker exec -u 0 -it kibana /bin/bash 进去后 apt-get update apt-get install vim
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://192.168.249.129:9200" ]
monitoring.ui.container.elasticsearch.enabled: true
server.publicBaseUrl: "http://192.168.249.129:5601"
docker restart kibana
#IK分词器
docker exec -it es /bin/bash
./bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.17.3/elasticsearch-analysis-ik-7.17.3.zip
docker restart es
#logstash
docker pull logstash:7.17.3
docker run -it -p 4560:4560 --name logstash -d logstash:7.17.3
docker exec -it logstash /bin/bash
vi /usr/share/logstash/config/logstash.yml
vi /usr/share/logstash/pipeline/logstash.conf
input {
tcp {
mode => "server"
port => 4560
}
}
filter {
}
output {
elasticsearch {
action => "index"
hosts => "192.168.249.129:9200"
index => "test_log"
}
}
docker restart logstash
#filebeat
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.17.3-linux-x86_64.tar.gz
PUT _settings
{
"index" : {
"number_of_replicas" : 0
}
}7
#网卡启动
vim /etc/sysconfig/network-scripts/ifcfg-ens33
systemctl restart network