1. 资源准备
1.1 官方下载
elasticsearch-8.13.4-linux-x86_64.tar.gz
elasticsearch-8.13.4-linux-x86_64.tar.gz.sha512
kibana-8.13.4-linux-x86_64.tar.gz
kibana-8.13.4-linux-x86_64.tar.gz.sha512
elasticsearch-analysis-ik-8.13.4.zip
1.2 压缩文件
将下面的五个文件打包压缩并命名:elasticsearch.zip。
1.3 网盘下载
如果你不具备访问国际互联网的能力,可以通过百度网盘资源下载。
2.资源上传
通过第三方的ssh工具将elasticsearch.zip上传到opt目录。
3.脚本配置
文件名:install_elasticsearch.sh
#!/bin/bash
# 设置默认密码和版本
ELASTIC_PASSWORD="SomeLiber2024!"
echo "正在安装 Elasticsearch..."
# 创建 Elasticsearch 用户并设置密码
sudo useradd -m elasticuser
echo "elasticuser:$ELASTIC_PASSWORD" | sudo chpasswd
cd /opt/elasticsearch
shasum -a 512 -c elasticsearch-8.13.4-linux-x86_64.tar.gz.sha512
rm /opt/elasticsearch/elasticsearch-8.13.4-linux-x86_64.tar.gz.sha512
tar -xzf elasticsearch-8.13.4-linux-x86_64.tar.gz -C /opt/elasticsearch/
chown -R elasticuser:elasticuser /opt/elasticsearch/elasticsearch-8.13.4
# 删除解压后的elasticsearch文件
rm /opt/elasticsearch/elasticsearch-8.13.4-linux-x86_64.tar.gz
# 创建 IK 插件目录并安装 IK 分词器插件
mkdir -p /opt/elasticsearch/elasticsearch-8.13.4/plugins/ik
unzip /opt/elasticsearch/elasticsearch-analysis-ik-8.13.4.zip -d /opt/elasticsearch/elasticsearch-8.13.4/plugins/ik
# 删除解压后的analysis-ik文件
rm /opt/elasticsearch/elasticsearch-analysis-ik-8.13.4.zip
chown -R elasticuser:elasticuser /opt/elasticsearch/elasticsearch-8.13.4/plugins/ik
# 创建 Elasticsearch 日志目录
mkdir -p /var/log/elasticsearch
chown -R elasticuser:elasticuser /var/log/elasticsearch
chmod 750 /var/log/elasticsearch
# 配置 Elasticsearch
sudo -u elasticuser bash -c 'echo "network.host: 0.0.0.0" >> /opt/elasticsearch/elasticsearch-8.13.4/config/elasticsearch.yml'
sudo -u elasticuser bash -c 'echo "http.port: 9200" >> /opt/elasticsearch/elasticsearch-8.13.4/config/elasticsearch.yml'
sudo -u elasticuser bash -c 'echo "path.logs: /var/log/elasticsearch" >> /opt/elasticsearch/elasticsearch-8.13.4/config/elasticsearch.yml'
# 创建 Elasticsearch systemd 服务单元文件
echo "正在创建 Elasticsearch systemd 服务单元文件..."
bash -c 'cat > /etc/systemd/system/elasticsearch.service <<EOL
[Unit]
Description=Elasticsearch
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=elasticuser
Group=elasticuser
ExecStart=/opt/elasticsearch/elasticsearch-8.13.4/bin/elasticsearch
Restart=on-failure
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
EOL'
# 重新加载 systemd 管理器配置
echo "正在重新加载 systemd 配置..."
systemctl daemon-reload
# 启动 Elasticsearch 服务
echo "正在启动 Elasticsearch 服务..."
systemctl start elasticsearch
echo "Elasticsearch 安装和配置完成。"
文件名:install_kibana.sh
#!/bin/bash
# 设置默认密码和版本
KIBANA_PASSWORD="SomeLiber2024!"
echo "正在安装 Kibana..."
# 创建 Kibana 用户并设置密码
sudo useradd -m kibanauser
echo "kibanauser:$KIBANA_PASSWORD" | sudo chpasswd
# 进入解压目录并校验文件
cd /opt/elasticsearch
shasum -a 512 -c kibana-8.13.4-linux-x86_64.tar.gz.sha512
rm /opt/elasticsearch/kibana-8.13.4-linux-x86_64.tar.gz.sha512
# 解压 Kibana 安装包
tar -xzf /opt/elasticsearch/kibana-8.13.4-linux-x86_64.tar.gz -C /opt/elasticsearch
# 删除解压后的 Kibana tar.gz 文件
rm /opt/elasticsearch/kibana-8.13.4-linux-x86_64.tar.gz
# 更改 Kibana 目录权限
sudo chown -R kibanauser:kibanauser /opt/elasticsearch/kibana-8.13.4/
# 配置 Kibana
sudo -u kibanauser bash -c 'echo "server.port: 5601" >> /opt/elasticsearch/kibana-8.13.4/config/kibana.yml'
sudo -u kibanauser bash -c 'echo "server.host: \"0.0.0.0\"" >> /opt/elasticsearch/kibana-8.13.4/config/kibana.yml'
sudo -u kibanauser bash -c 'echo "elasticsearch.hosts: [\"http://localhost:9200\"]" >> /opt/elasticsearch/kibana-8.13.4/config/kibana.yml'
sudo -u kibanauser bash -c 'echo "i18n.locale: \"zh-CN\"" >> /opt/elasticsearch/kibana-8.13.4/config/kibana.yml'
# 创建 Kibana systemd 服务单元文件
echo "正在创建 Kibana systemd 服务单元文件..."
sudo bash -c 'cat > /etc/systemd/system/kibana.service <<EOL
[Unit]
Description=Kibana
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=kibanauser
Group=kibanauser
ExecStart=/opt/elasticsearch/kibana-8.13.4/bin/kibana
Restart=on-failure
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
EOL'
# 重新加载 systemd 管理器配置
echo "正在重新加载 systemd 配置..."
sudo systemctl daemon-reload
# 启动并启用 Kibana 服务
echo "正在启动并启用 Kibana 服务..."
systemctl start kibana
systemctl enable kibana
echo "Kibana 安装和配置完成。"
文件名:manage_services.sh
#!/bin/bash
function print_menu() {
echo "1) 安装 Elasticsearch"
echo "2) 安装 Kibana"
echo "3) 启动 Elasticsearch"
echo "4) 启动 Kibana"
echo "5) 停止 Elasticsearch"
echo "6) 停止 Kibana"
echo "7) 卸载 Elasticsearch"
echo "8) 卸载 Kibana"
echo "9) 重置 Elasticsearch 用户密码"
echo "10) 查看 Elasticsearch 注册令牌"
echo "11) 解压 Elasticsearch"
echo "12) 查看 Kibana 验证码"
echo "13) 退出"
}
function install_elasticsearch() {
./install_elasticsearch.sh
}
function install_kibana() {
./install_kibana.sh
}
function start_service() {
local service=$1
if [[ "$service" == "elasticsearch" ]]; then
echo "启动 Elasticsearch..."
sudo systemctl start elasticsearch
elif [[ "$service" == "kibana" ]]; then
echo "启动 Kibana..."
sudo systemctl start kibana
fi
}
function stop_service() {
local service=$1
if [[ "$service" == "elasticsearch" ]]; then
echo "停止 Elasticsearch..."
systemctl stop elasticsearch
elif [[ "$service" == "kibana" ]]; then
echo "停止 Kibana..."
systemctl stop kibana
fi
}
function uninstall_service() {
local service_name=$1
local service_user=$2
local install_dir=$3
echo "卸载 $service_name..."
systemctl stop $service_name
systemctl disable $service_name
rm /etc/systemd/system/$service_name.service
systemctl daemon-reload
userdel -r $service_user
rm -rf $install_dir
echo "$service_name, $service_user 以及安装目录 $install_dir 已被删除。"
}
function reset_elastic_password() {
echo "正在重置 elastic 用户的密码..."
sudo -u elasticuser /opt/elasticsearch/elasticsearch-8.13.4/bin/elasticsearch-reset-password -u elastic --batch
echo "elastic 用户的密码已重置。"
}
function view_kibana_enrollment_token() {
echo "查看 Elasticsearch 注册令牌..."
sudo -u elasticuser /opt/elasticsearch/elasticsearch-8.13.4/bin/elasticsearch-create-enrollment-token --scope kibana
}
function extract_elasticsearch() {
echo "解压 Elasticsearch 文件..."
unzip elasticsearch.zip -d /opt
echo "Elasticsearch 文件解压完成。"
}
function view_kibana_verification_code() {
echo "查看 Kibana 验证码..."
sudo -u kibanauser /opt/elasticsearch/kibana-8.13.4/bin/kibana-verification-code
}
while true; do
print_menu
read -p "请输入你的选择: " choice
case $choice in
1) install_elasticsearch ;;
2) install_kibana ;;
3) start_service "elasticsearch" ;;
4) start_service "kibana" ;;
5) stop_service "elasticsearch" ;;
6) stop_service "kibana" ;;
7) uninstall_service "elasticsearch" "elasticuser" "/opt/elasticsearch/elasticsearch-8.13.4" ;;
8) uninstall_service "kibana" "kibanauser" "/opt/elasticsearch/kibana-8.13.4" ;;
9) reset_elastic_password ;;
10) view_kibana_enrollment_token ;;
11) extract_elasticsearch ;;
12) view_kibana_verification_code ;;
13) exit 0 ;;
*) echo "无效的选项。请选择 1 到 11 之间的数字。" ;;
esac
done
注解:可自行搜索其他版本进行全文版本替换,应该也是可以执行的。
进行授权可执行
chmod +x install_elasticsearch.sh
chmod +x install_kibana.sh
chmod +x manage_services.sh
4.运行结果
root@liber-VMware-Virtual-Platform:/opt# ./manage_services.sh
1) 安装 Elasticsearch
2) 安装 Kibana
3) 启动 Elasticsearch
4) 启动 Kibana
5) 停止 Elasticsearch
6) 停止 Kibana
7) 卸载 Elasticsearch
8) 卸载 Kibana
9) 重置 Elasticsearch 用户密码
10) 查看 Elasticsearch 注册令牌
11) 解压 Elasticsearch
12) 查看 Kibana 验证码
13) 退出
请输入你的选择:
操作:
- 选择(11)解压
- 选择 (1) 安装,需要耐心等待3-5分钟访问:https://ip:9200
-
能访问之后选择(9)重新生成elastic的密码。
-
进行登录,用户名固定elastic,密码重置的密码。
- 登录通过的结果
-
选择(2)安装,需要耐心等待3-5分钟访问:http://ip:5601 (注意是http协议)
-
能访问之后选择(10)查看注册令牌。
-
查看验证码选择(12)
- 进行验证
- 验证后需要进行登录,用户名和密码同elasticsearch一致。
5. IK分词测试
测试代码
PUT /my_index
{
"mappings": {
"properties": {
"text": {
"type": "text",
"analyzer": "ik_max_word",
"search_analyzer": "ik_smart"
}
}
}
}
POST /my_index/_doc/1
{
"text": "这是一个使用 IK 分词器的示例文本。"
}
POST /my_index/_analyze
{
"analyzer": "ik_max_word",
"text": "这是一个使用 IK 分词器的示例文本。"
}
测试结果:
{
"tokens": [
{
"token": "这是",
"start_offset": 0,
"end_offset": 2,
"type": "CN_WORD",
"position": 0
},
{
"token": "一个",
"start_offset": 2,
"end_offset": 4,
"type": "CN_WORD",
"position": 1
},
{
"token": "一",
"start_offset": 2,
"end_offset": 3,
"type": "TYPE_CNUM",
"position": 2
},
{
"token": "个",
"start_offset": 3,
"end_offset": 4,
"type": "COUNT",
"position": 3
},
{
"token": "使用",
"start_offset": 4,
"end_offset": 6,
"type": "CN_WORD",
"position": 4
},
{
"token": "ik",
"start_offset": 7,
"end_offset": 9,
"type": "ENGLISH",
"position": 5
},
{
"token": "分词器",
"start_offset": 10,
"end_offset": 13,
"type": "CN_WORD",
"position": 6
},
{
"token": "分词",
"start_offset": 10,
"end_offset": 12,
"type": "CN_WORD",
"position": 7
},
{
"token": "器",
"start_offset": 12,
"end_offset": 13,
"type": "CN_CHAR",
"position": 8
},
{
"token": "的",
"start_offset": 13,
"end_offset": 14,
"type": "CN_CHAR",
"position": 9
},
{
"token": "示例",
"start_offset": 14,
"end_offset": 16,
"type": "CN_WORD",
"position": 10
},
{
"token": "例文",
"start_offset": 15,
"end_offset": 17,
"type": "CN_WORD",
"position": 11
},
{
"token": "文本",
"start_offset": 16,
"end_offset": 18,
"type": "CN_WORD",
"position": 12
}
]
}
2. 集群版
准备3个不同的IP,比如192.168.163.128,192.168.163.129,192.168.163.130。
2.1 资源准备
将以下三个资源文件打包压缩并命名为:cluster.zip
文件名:setup_elasticsearch.sh
#!/bin/bash
# 设置默认密码和版本
ELASTIC_PASSWORD="SomeLiber2024!"
ELASTIC_VERSION="8.13.4"
NODES=("192.168.163.128" "192.168.163.129" "192.168.163.130")
# 获取服务器 IP 地址
SERVER_IP=$(hostname -I | awk '{print $1}')
# 确定节点名称和端口
if [ "$SERVER_IP" == "192.168.163.128" ]; then
NODE_NAME="node-1"
HTTP_PORT=9201
TRANSPORT_PORT=9300
elif [ "$SERVER_IP" == "192.168.163.129" ]; then
NODE_NAME="node-2"
HTTP_PORT=9202
TRANSPORT_PORT=9301
elif [ "$SERVER_IP" == "192.168.163.130" ]; then
NODE_NAME="node-3"
HTTP_PORT=9203
TRANSPORT_PORT=9302
else
echo "未知的服务器 IP 地址"
exit 1
fi
# 创建 Elasticsearch 用户并设置密码
useradd -m elasticuser
echo "elasticuser:$ELASTIC_PASSWORD" | sudo chpasswd
# 解压 ZIP 文件
cd /opt
unzip cluster.zip -d /opt
cd /opt/cluster
shasum -a 512 -c elasticsearch-8.13.4-linux-x86_64.tar.gz.sha512
rm /opt/cluster/elasticsearch-8.13.4-linux-x86_64.tar.gz.sha512
cd ..
tar -xzf /opt/cluster/elasticsearch-8.13.4-linux-x86_64.tar.gz -C /opt/cluster
rm /opt/cluster/elasticsearch-8.13.4-linux-x86_64.tar.gz
chown -R elasticuser:elasticuser /opt/cluster/elasticsearch-$ELASTIC_VERSION
# 创建 IK 插件目录并安装 IK 分词器插件
mkdir -p /opt/cluster/elasticsearch-$ELASTIC_VERSION/plugins/ik
unzip /opt/cluster/elasticsearch-analysis-ik-8.13.4.zip -d /opt/cluster/elasticsearch-$ELASTIC_VERSION/plugins/ik
rm /opt/cluster/elasticsearch-analysis-ik-8.13.4.zip
chown -R elasticuser:elasticuser /opt/cluster/elasticsearch-$ELASTIC_VERSION/plugins/ik
# 创建日志和数据目录
mkdir -p /var/log/cluster/$NODE_NAME
mkdir -p /var/lib/cluster/$NODE_NAME
chown -R elasticuser:elasticuser /var/log/cluster /var/lib/cluster
chmod 750 /var/log/cluster /var/lib/cluster
# 配置 Elasticsearch
sudo -u elasticuser bash -c "cat > /opt/cluster/elasticsearch-$ELASTIC_VERSION/config/elasticsearch.yml <<EOL
cluster.name: cluster
node.name: $NODE_NAME
network.host: 0.0.0.0
http.port: $HTTP_PORT
transport.port: $TRANSPORT_PORT
discovery.seed_hosts: [\"192.168.163.128:9300\", \"192.168.163.129:9301\", \"192.168.163.130:9302\"]
cluster.initial_master_nodes: [\"node-1\", \"node-2\", \"node-3\"]
path.logs: /var/log/cluster/$NODE_NAME
path.data: /var/lib/cluster/$NODE_NAME
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
EOL"
# 创建 systemd 服务单元文件
sudo bash -c "cat > /etc/systemd/system/elasticsearch-$NODE_NAME.service <<EOL
[Unit]
Description=Elasticsearch $NODE_NAME
Documentation=https://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=elasticuser
Group=elasticuser
ExecStart=/opt/cluster/elasticsearch-$ELASTIC_VERSION/bin/elasticsearch -Epath.conf=/opt/cluster/elasticsearch-$ELASTIC_VERSION/config/elasticsearch.yml
Restart=on-failure
LimitNOFILE=65536
LimitNPROC=4096
[Install]
WantedBy=multi-user.target
EOL"
# 重新加载 systemd 管理器配置
systemctl daemon-reload
# 启动并启用 Elasticsearch 服务
systemctl enable elasticsearch-$NODE_NAME
echo "Elasticsearch $NODE_NAME 安装和配置完成。"
将cluster.zip和setup_elasticsearch.sh 上传到opt目录下。
2.2 资源复制与授权
通过scp指令将cluster.zip和setup_elasticsearch.sh 复制到192.168.163.129,192.168.163.130。
scp /opt/cluster.zip root@192.168.163.129:/opt
scp /opt/cluster.zip root@192.168.163.130:/opt
scp /opt/setup_elasticsearch.sh root@192.168.163.129:/opt
scp /opt/setup_elasticsearch.sh root@192.168.163.130:/opt
给setup_elasticsearch.sh 进行每个主机进行授权可执行。
chmod +x setup_elasticsearch.sh
脚本运行执行过程。
分别在三个不同的主机启动节点:
sudo -u elasticuser /opt/cluster/elasticsearch-8.13.4/bin/elasticsearch
手动修改Kibana配置信息
nano /opt/elasticsearch/kibana-8.13.4/config/kibana.yml
elasticsearch.hosts: [
"http://192.168.163.128:9200",
"http://192.168.163.128:9201",
"http://192.168.163.129:9202",
"http://192.168.163.130:9203"
]
检验节点是否健康:
在Kibana监听到节点的个数。
3 Metricbeat配置
3.1 准备资源
# 进入opt目录
cd /opt
# 下载资源
curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-8.13.4-linux-x86_64.tar.gz
#解压资源
tar xzvf metricbeat-8.13.4-linux-x86_64.tar.gz
3.2配置资源
由于我使用是不安全配置,没有开启xpack.security等,所以无需用户名和密码,只进行一台主机演示。
编辑配置文件
nano /opt/metricbeat-8.13.4-linux-x86_64/metricbeat.yml
修改配置信息
setup.kibana:
host: "http://192.168.163.128:5601"
output.elasticsearch:
hosts: ["http://192.168.163.130:9203"]
先切换路径,再查看模板,最后启用模板,本案例使用elasticsearch模板。
#切换路径
cd /opt/metricbeat-8.13.4-linux-x86_64/
#查看模板列表
./metricbeat modules list
#启用模板
./metricbeat modules enable elasticsearch
指定的用户metricbeat.yml
有权。
chown root metricbeat.yml
# 将modules.d目录下的elasticsearch.yml.disabled文件重命名为elasticsearch.yml
./metricbeat modules enable elasticsearch
chown root modules.d/elasticsearch.yml
#编辑elasticsearch配置
nano /opt/metricbeat-8.13.4-linux-x86_64/modules.d/elasticsearch.yml
修改内容为:
- module: elasticsearch
metricsets:
- node # 收集节点信息
- node_stats # 收集节点统计信息
- cluster_stats # 收集集群统计信息
- index # 收集索引信息
- index_recovery # 收集索引恢复信息
- index_summary # 收集索引摘要信息
- shard # 收集分片信息
period: 10s # 每10秒收集一次数据
hosts: ["http://192.168.163.130:9203"] # Elasticsearch 主机地址
启动程序
sudo ./metricbeat -e
在Kibana的发现搜索metricbeat-* ,显示结果如下:
参考文献: