ElasticSearch
下载:curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.3-linux-x86_64.tar.gz
tar -zxvf elasticsearch-7.9.3-linux-x86_64.tar.gz
cd elasticsearch-7.9.3
//配置修改
config/elasticsearch.yml
//尾部添加
node.name: node-1 #配置当前es节点名称(默认是被注释的,并且默认有一个节点名) cluster.name: entity #默认是被注释的,并且默认有一个集群名 path.data: /elk/elasticsearch-7.9.3/data # 数据目录位置 path.logs: /elk/elasticsearch-7.9.3/logs # 日志目录位置 network.host: 0.0.0.0 #绑定的ip:默认只允许本机访问,修改为0.0.0.0后则可以远程访问 cluster.initial_master_nodes: "node-1" xpack.security.enabled: true ## 加密方式 xpack.license.self_generated.type: basic xpack.security.transport.ssl.enabled: true
注意
在Linux机器上,运行elasticsearch需要一个新的用户组
chgrp -R xxx ./es
chown -R xxx ./es
chmod 777 es
xxx是用户linux的用户的名称。es默认不支持root账号进行启动
如果想用root账号添加解决方案:
Des.insecure.allow.root=true
修改 /bin/elasticsearch,添加ES_JAVA_OPTS="-Des.insecure.allow.root=true"
或执行时添加:sh /bin/elasticsearch -d -Des.insecure.allow.root=true
修改/etc/security/limits.conf文件 增加配置
vi /etc/security/limits.conf
在文件最后,增加如下配置:
* soft nofile 65536
* hard nofile 65536
在/etc/sysctl.conf文件最后添加一行 vm.max_map_count=655360 添加完毕之后,执行命令: sysctl -p
su xxx
./bin/elasticsearch -d
Logstash
curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-7.9.3.tar.gz
tar -zxvf logstash-7.9.3.tar.gz
修改config/logstash.yml
http.host: "0.0.0.0" 修改config/logstash-sample.conf
input { tcp { mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines } } output { elasticsearch { hosts => ["http://127.0.0.1:9200"] index => "logs-%{+YYYY.MM.dd}" user => "账号" password => "密码" } }
启动: ./bin/logstash -f logstash.conf &
或 nohup ./bin/logstash -f config/logstash.conf &
Kibana
curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.9.3-linux-x86_64.tar.gz
tar -zxvf kibana-7.9.3-linux-x86_64.tar.gz
修改配置
http.host: "0.0.0.0"
i18n.locale: "zh-CN"
elasticsearch.hosts: ["http://127.0.0.1:9200"]
elasticsearch.username: "账号" elasticsearch.password: "密码" 启动:./bin/kibana &
SpringBoot+Logstash
<dependency> <groupId>net.logstash.logback</groupId> <artifactId>logstash-logback-encoder</artifactId> <version>7.1.1</version> </dependency>
<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender"> <!-- 和logstash 的input 配置的端口保持一致 --> <destination>127.0.0.1:4560</destination> <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"> <timeZone>UTC</timeZone> </encoder> </appender>
<root level="INFO"> <appender-ref ref="LOGSTASH" /> </root>