ELK部署——CentOS7.X

最新推荐文章于 2024-07-20 04:30:00 发布

Deschen

最新推荐文章于 2024-07-20 04:30:00 发布

阅读量230

点赞数

文章标签： elk

本文链接：https://blog.csdn.net/weixin_39147889/article/details/111928577

版权

ELK部署——CentOS7.X

文章目录

一、创建用户角色

创建用户组：groupadd es
创建用户加入用户组：useradd es -g es

二、下载和安装

下载：
    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.tar.gz
    wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.tar.gz
    wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-linux-x86_64.tar.gz
解压：
	tar -zxvf elasticsearch-6.2.3.tar.gz -C /usr/local
	tar -zxvf logstash-6.2.3.tar.gz -C /usr/local
	tar -zxvf kibana-6.2.3-linux-x86_64.tar.gz -C /usr/local
给es授权
	chown -R es.es /usr/local/elasticsearch-6.2.3
	chown -R es.es /usr/local/logstash-6.2.3

三、配置

elasticsearch配置：
	允许远程配置：
		cd /usr/local/elasticsearch-6.2.3
		vi config/elasticsearch.yml 
			network.host: 0.0.0.0  #改为0.0.0.0对外开放，如对特定ip开放则改为指定ip
			http.port: 9200      #可更改端口不为9200
	修改配置，否则报异常：max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]...
		vi /etc/security/limits.conf  # 在文末添加下面四个配置
			* soft nofile 65536
			* hard nofile 131072
			* soft nproc 2048
			* hard nproc 4096
         vi /etc/sysctl.conf
         	vm.max_map_count=655360
        
 logstash配置：
 	cd /usr/local/logstash-6.2.3
 	vi default.cong
 		# 监听5044端口作为输入
        input {
            beats {
                port => "5044"
            }
        }
        # 数据过滤
        filter {
            grok {
                match => { "message" => "%{COMBINEDAPACHELOG}" }
            }
            geoip {
                source => "clientip"
            }
        }
        # 输出配置为本机的9200端口，这是ElasticSerach服务的监听端口
        output {
            elasticsearch {
                hosts => ["127.0.0.1:9200"]
            }
        }
Kibana远程配置：
	cd /usr/local/kibana-6.2.3-linux-x86_64
	vi config/kibana.yml
		server.host: "0.0.0.0"

四、启动

切换账号：su es
elasticsearch
	启动：
		cd /usr/local/elasticsearch-6.2.3
		bin/elasticsearch -d  # -d后台启动
     查看日志：tail -f logs/elasticsearch.log
     测试：curl 127.0.0.1:9200
     	响应成功：
     		{
              "name" : "mNuYQ8h",
              "cluster_name" : "elasticsearch",
              "cluster_uuid" : "1JsAZO0sTnuBYCREW97RDw",
              "version" : {
                "number" : "6.2.3",
                "build_hash" : "c59ff00",
                "build_date" : "2018-03-13T10:06:29.741383Z",
                "build_snapshot" : false,
                "lucene_version" : "7.2.1",
                "minimum_wire_compatibility_version" : "5.6.0",
                "minimum_index_compatibility_version" : "5.0.0"
              },
              "tagline" : "You Know, for Search"
            }
logstash
	启动：
		cd /usr/local/logstash-6.2.3
		bin/logstash default.conf &
    查看日志：tail -f logs/logstash-plain.log
Kibana
	启动：
		cd /usr/local/kibana-6.2.3-linux-x86_64
		nohup bin/kibana &
	查看日志：tail -f nohup.out