# ELK(7.6.2)
## 1、搭建Elasticsearch
> 1.1、软件下载:
[windows 版本](https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-windows-x86_64.zip) [linux版本](https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-linux-x86_64.tar.gz)
> 1.2 修改es配置 master节点配置,其他节点要修改node.name、node.master、discovery.seed_hosts
```java
# ======================== Elasticsearch Configuration =========================
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
cluster.name: lcfc-elasticsearch
node.name: node-master
node.master: true
node.data: true
path.data: /data/es/data
path.logs: /data/es/logs
# discovery.seed_hosts 配置的是host:transport.port
discovery.seed_hosts: ["10.159.0.97:19300", "10.159.0.98:19300","10.159.41.0:19300"]
transport.port: 19300
cluster.initial_master_nodes: ["node-master"]
```
> <font color='red'>如果Linux,需要非root用户 useadd esuser; passwd esuser root@123</font>
> 1.3 linux下es常见错误解决
```java
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
编辑 /etc/security/limits.conf,追加以下内容;
* soft nofile 65536
* hard nofile 65536
文件修改后 客户端需要重新打开 配置才会生效
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
vi /etc/sysctl.conf
增加 vm.max_map_count=262144
sysctl -p 让配置生效
```
> 1.4 运行 bin/elasticsearch
```java
nohup ./elasticsearch > start.log 2>&1 &
```
## 2、kibana
> 2.1、软件下载 [windows](https://artifacts.elastic.co/downloads/kibana/kibana-7.6.2-windows-x86_64.zip) [linux](https://artifacts.elastic.co/downloads/kibana/kibana-7.6.2-linux-x86_64.tar.gz)
> 2.2 修改config/kibana.yml下elasticsearch.hosts
> 2.3 启动软件 bin/kibana.bat
## 3、Logstash
> 3.1 软件下载[windows](https://artifacts.elastic.co/downloads/logstash/logstash-7.6.2.zip) [linux](https://artifacts.elastic.co/downloads/logstash/logstash-7.6.2.tar.gz)
> 3.2 在config新增logstash.conf配置
```java
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
tcp {
host => "0.0.0.0"
# 监听端口
port => 9601
mode => "server"
tags => ["tags"]
##格式json
codec => json_lines
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200","http://localhost:10200","http://localhost:11200"]
# index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#index => "%{[appname]}-%{+YYYY.MM.dd}"
index => "lcfc_log-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
#如果不要console 请注释
stdout { codec => rubydebug}
}
```
> 3.3 运行
```java
windows .\bin\logstash.bat -f .\config\logstash.conf
```
## 4、spring boot项目配置
> 4.1 增加maven依赖
```java
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-elasticsearch</artifactId> <version>2.2.11.RELEASE</version> </dependency>
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>5.1</version>
</dependency>
```
> 4.2 logback.xml配置
```xml
<appender name="LOGSTASH"
class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>localhost:9601</destination>
<!-- encoder必须配置,有多种可选 -->
<encoder charset="UTF-8"
class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"appname":"lcfc-message-server"}</customFields>
</encoder>
</appender>
<!--系统操作日志-->
<root level="info">
<appender-ref ref="file_info" />
<appender-ref ref="file_error" />
<appender-ref ref="LOGSTASH"/>
</root>
```
> 4.3 spring boot 项目配置
spring.elasticsearch.rest.uris:
- 10.159.0.97:19200
- 10.159.0.98:19200
- 10.159.0.99:19200
> 4.4 mapper样例
```java
public interface WebsocketConnectLogMapper extends ElasticsearchRepository<WebsocketConnectLog,String> { }
```