elk由三个模块构成,分别为elasticsearch,logstash和kibana。
下面简单说明下搭建步骤:
1、安装elasticsearch-7.2.0
修改配置文件:vim config/elasticsearch.yml
cluster.name: xuxk-es
node.name: node-1
path.data: /data/server/elk/elasticsearch/es-data
path.logs: /data/server/elk/elasticsearch/es-logs
network.host: 0.0.0.0
http.port: 9111
cluster.initial_master_nodes: ["node-1"]
http.cors.enabled: true
http.cors.allow-origin: "*"
添加hosts:vim /etc/hosts
127.0.0.1 node-1
修改系统文件:vim /etc/sysctl.conf
vm.max_map_count=262144
fs.file-max = 65535
net.core.netdev_max_backlog = 8096
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 2097152
net.core.rmem_max = 2097152
使修改生效:
sysctl -p
修改系统文件: vim /etc/security/limits.conf
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535
启动elasticsearch:
su root
bin/elasticsearch -d
2、安装logstash-7.2.0
配置文件:vim logstash.conf(举例)
input {
file {
path => "/data/server/xuxk-alliance-business/logstash/business.json"
type => "business"
start_position => beginning
codec => "json"
}
file {
path => "/data/server/xuxk-cloud-oauth/logstash/oauth.json"
type => "oauth"
start_position => beginning
codec => "json"
}
}
filter {
#json {
# source => "message"
# target => "doc"
# remove_field =>["message"]
#}
}
output {
if[type] == "business"{
elasticsearch {
hosts => ["xxx.xxx.xxx.xxx:9200"] #连接到elasticsearch
action => "index"
index => "wofang-alliance-business-%{+YYYY.MM.dd}"
#document_type => "business"
}
}
if[type] == "oauth"{
elasticsearch {
hosts => ["xxx.xxx.xxx.xxx:9200"]
action => "index"
index => "xuxk-cloud-oauth-%{+YYYY.MM.dd}"
#document_type => "oauth"
#user => "hms"
#password => "Handmobile"
}
}
}
启动logstash
nohup /data/server/logstash/bin/logstash -f /data/server/logstash/config/logstash.conf >/dev/null &
3、安装kibana-7.2.0
配置文件: vim kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"] #连接到elasticsearch
kibana.index: ".kibana"
启动kibana :
nohup ./kibana &
访问kibana
http://xuxk.kibana.com:5601