一、去https://www.elastic.co/downloads/ 下载
ElasticSearch: 6.0.1
Logstash: 6.0.1
Kibana: 6.0.1
Java: openjdk version "1.8.0_65"
1.ElasticSearch
配置ElasticSearch:
tar -zxvf elasticsearch-6.0.1.tar.gz
cd elasticsearch-6.0.1
安装Head插件(Optional):
./bin/plugin install mobz/elasticsearch-head
然后编辑ES的配置文件:
cluster.name=es_cluster
node.name=node0
path.data=/tmp/elasticsearch/data
path.logs=/tmp/elasticsearch/logs
#当前hostname或IP,我这里是centos2
network.host=centos2
network.port=9200
启动ElasticSearch:
./bin/elasticsearch -Des.insecure.allow.root=true &
报 failed; error='Cannot allocate memory' (errno=12)
./bin/elasticsearch -d -Xms512m -Xmx512m
关闭防火墙:
systemctl stop firewalld.service
客户端访问elasticsearch:
192.168.240.15:9200
head插件远程访问ip需要开启:
vim /etc/elasticsearch/elasticsearch.yml
http.cors.enabled: true # elasticsearch中启用CORS
http.cors.allow-origin: "*" # 允许访问的IP地址段,* 为所有IP都可以访问
取消ES只读控制:curl -XPUT -H "Content-Type: application/json" http://192.168.240.15:9200/_all/_settings -d '{"index.blocks.read_only_allow_delete": null}'
查看集群状态是否健康:curl http://192.168.240.15:9200/_cluster/health?pretty
查看集群个索引状态:curl http://192.168.240.15:9200/_cat/indices
2.Logstash
配置logstash-6.0.1.tar.gz
创建config/logstash.conf
配置老logstash.conf
启动logstash:./bin/logstash -f ./config/monitor/nginx.conf &
nginx.conf 已经可以启动多个索引
解决权限启动问题:chmod -R 775 xxx(改为需要权限的脚本)
3.Kibana
解压kibana-6.0.1-linux-x64.tar.gz
修改config/kibana.yml
server.port: 5601
server.host: “监听的IP”
elasticsearch.url: http://监听的IP:9200
kibana.index: “.kibana”
启动Kibana:./bin/kibana &
关闭Kibana: fuser -n tcp 5601 -> kill -9 端口
NODE_HOME=/root/elasticsearch/node-v6.9.2
PATH=$PATH:$NODE_HOME/bin
NODE_PATH=$NODE_HOME/lib/node_modules
export NODE_HOME PATH NODE_PATH