安装包都可以在华为云镜像站获取,下载速度快,官网的速度太慢了。
https://mirrors.huaweicloud.com/
这里下载安装的版本都是 7.1.0 版本的
下面链接是已经下载好的,可以在这里打包下载
打包下载
一、elasticsearch 安装配置
1、创建用户
无法使用 root 用户安装,先创建用户 myesuser
useradd myesuser
passwd myesuser
2、解压
将es下载的安装包解压到指定目录 /home/your-es-path/elasticsearch/
tar -zxvf /home/your-es-path/elasticsearch-7.1.0-linux-x86_64.tar.gz -C /home/your-es-path/elasticsearch/
3、修改文件权限
创建数据保存文件目录,并修改权限
mkdir -p /home/your-es-path/esdata
chown -R myesuser:myesuser /home/your-es-path/esdata
给目录分配权限
chown -R myesuser:myesuser /home/your-es-path/elasticsearch/elasticsearch-7.1.0/
chown -R myesuser:myesuser /home/your-es-path/elasticsearch/elasticsearch-7.1.0/config/
chown -R myesuser:myesuser /home/your-es-path/logs/es/
chmod -R +x /home/your-es-path/elasticsearch/elasticsearch-7.1.0/bin
4、修改安全限制配置
安全限制配置文件修改
不配置这个,就会报下面错误。 改了后,es 用户需要重新登录
#vim /etc/security/limits.conf
myesuser soft nofile 65536
myesuser hard nofile 65536
myesuser soft nproc 4096
myesuser hard nproc 4096
myesuser soft memlock unlimited
myesuser hard memlock unlimited
没有增加以上参数,将出现以下错误
[2020-03-24T16:42:34,176][INFO ][o.e.n.Node ] [yourname] initialized
[2020-03-24T16:42:34,176][INFO ][o.e.n.Node ] [yourname] starting ...
[2020-03-24T16:42:45,352][INFO ][o.e.t.TransportService ] [yourname] publish_address {yourhost:9400}, bound_addresses {yourhost:9300}
[2020-03-24T16:42:45,359][INFO ][o.e.b.BootstrapChecks ] [yourname] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2020-03-24T16:42:45,366][INFO ][o.e.n.Node ] [yourname] stopping ...
[2020-03-24T16:42:45,412][INFO ][o.e.n.Node ] [yourname] stopped
[2020-03-24T16:42:45,413][INFO ][o.e.n.Node ] [yourname] closing ...
[2020-03-24T16:42:45,422][INFO ][o.e.n.Node ] [yourname] closed
[2020-03-24T16:42:45,424][INFO ][o.e.x.m.p.NativeController] [yourname] Native controller process has stopped - no new native processes can be started
5、修改 elasticsearch.yml 配置文件
修改 es 的配置文件 elasticsearch.yml
# 去掉注释修改对应值,或者添加对应配置项
cluster.name: your-application-name
node.name: node-1
path.data: /home/your-es-path/esdata
path.logs: /home/your-es-path/logs/es/
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.zen.minimum_master_nodes: 1
transport.tcp.compress: true
cluster.initial_master_nodes: ["node-1"]
6、启动
如果要后台启动,就加 -d 参数,不需要就不用加。
./elasticsearch -d
启动成功后,浏览器输入地址访问:
http://yourip:9200/
二、kibana 安装配置
1、下载和解压
将下载的压缩包文件解压到目录 /home/your-es-path/kibana
tar -zxvf /home/your-es-path/kibana-7.1.0-linux-x86_64.tar.gz -C
/home/your-es-path/kibana
查看端口是否在使用
如果需要看端口是否被其他程序占用,可以使用命令测试
ss -antlup | grep 5601
2、修改 kibana 配置
只需要打开下面的注释就行了。
并加上汉化配置项
server.name: "your-kibana-name"
elasticsearch.hosts: ["http://localhost:9200"]
# 7 版本后,自带支持汉化
i18n.locale: "zh-CN"
3、启动
进入 bin 目录后,
./kibana
如果需要后台启动,可以用以下命令
nohup /home/your-es-path/kibana/kibana-7.1.0-linux-x86_64/bin/kibana &
查看日志
tail -f /home/your-es-path/kibana/kibana-7.1.0-linux-x86_64/nohup.out
三、filebeat 安装配置
使用 filebeat 来收集 nginx 的日志,需要在 nginx 的服务器安装 filebeat
1、下载解压
将下载的filebeat 压缩包解压到目录 /data/filebeat/
tar -zxvf /data/your-fb-path/filebeat-7.1.0-linux-x86_64.tar.gz -C /data/your-fb-path/
2、修改配置文件
chown root filebeat.yml
filebeat.inputs:
- type: log
# Change to true to enable this input configuration.
enabled: false
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /your-nginx-path/logs/access.log
#============================== Kibana =====================================
setup.kibana:
host: "yourip:5601"
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["yourip:9200"]
3、启用收集 nginx 模块
在 filebeat 下执行下面命令即可
./filebeat modules enable nginx
启动模块后,修改对应模块下配置文件的日志路径
/data/your-fb-path/filebeat-7.1.0-linux-x86_64/modules.d/nginx.yml
- module: nginx
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/your-nginx-path/logs/access.log"]
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
#var.convert_timezone: true
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/your-nginx-path/logs/error.log"]
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
#var.convert_timezone: true
4、启动
直接启动接口
./filebeat -e