ELK部署——CentOS7.X
一、创建用户角色
创建用户组:groupadd es
创建用户加入用户组:useradd es -g es
二、下载和安装
下载:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.tar.gz
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.3-linux-x86_64.tar.gz
解压:
tar -zxvf elasticsearch-6.2.3.tar.gz -C /usr/local
tar -zxvf logstash-6.2.3.tar.gz -C /usr/local
tar -zxvf kibana-6.2.3-linux-x86_64.tar.gz -C /usr/local
给es授权
chown -R es.es /usr/local/elasticsearch-6.2.3
chown -R es.es /usr/local/logstash-6.2.3
三、配置
elasticsearch配置:
允许远程配置:
cd /usr/local/elasticsearch-6.2.3
vi config/elasticsearch.yml
network.host: 0.0.0.0 #改为0.0.0.0对外开放,如对特定ip开放则改为指定ip
http.port: 9200 #可更改端口不为9200
修改配置,否则报异常:max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]...
vi /etc/security/limits.conf # 在文末添加下面四个配置
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
vi /etc/sysctl.conf
vm.max_map_count=655360
logstash配置:
cd /usr/local/logstash-6.2.3
vi default.cong
# 监听5044端口作为输入
input {
beats {
port => "5044"
}
}
# 数据过滤
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
geoip {
source => "clientip"
}
}
# 输出配置为本机的9200端口,这是ElasticSerach服务的监听端口
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
}
}
Kibana远程配置:
cd /usr/local/kibana-6.2.3-linux-x86_64
vi config/kibana.yml
server.host: "0.0.0.0"
四、启动
切换账号:su es
elasticsearch
启动:
cd /usr/local/elasticsearch-6.2.3
bin/elasticsearch -d # -d后台启动
查看日志:tail -f logs/elasticsearch.log
测试:curl 127.0.0.1:9200
响应成功:
{
"name" : "mNuYQ8h",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "1JsAZO0sTnuBYCREW97RDw",
"version" : {
"number" : "6.2.3",
"build_hash" : "c59ff00",
"build_date" : "2018-03-13T10:06:29.741383Z",
"build_snapshot" : false,
"lucene_version" : "7.2.1",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
logstash
启动:
cd /usr/local/logstash-6.2.3
bin/logstash default.conf &
查看日志:tail -f logs/logstash-plain.log
Kibana
启动:
cd /usr/local/kibana-6.2.3-linux-x86_64
nohup bin/kibana &
查看日志:tail -f nohup.out