ELK详细安装配置
ELK详细安装配置一、安装准备环境
1,jdk 1.8及以上的版本;2,Elasticsearch6.4.2 ;3,Logstash6.4.2;4,Kibana;5,CentOS Linux release 7.5.1804 (Core)
6,本次采用的一台主机,将所有的软件安装一台上进行测试工作。
二、正式安装ELK
1,安装jdk 1.8及以上的版本
创建一个目录 /usr/local/java
#mkdir -pv /usr/local/java
上传文件
# rz
# ls
anaconda-ks.cfgjdk-8u181-linux-x64.tar.gz
# tar xf jdk-8u181-linux-x64.tar.gz-C /usr/local/java
# vim /etc/profile
最后添加如下:
JAVA_HOME=/usr/local/java/jdk1.8.0_181
export PATH=$PATH:$JAVA_HOME/bin
# source /etc/profile
# ln -s /usr/local/java/jdk1.8.0_181/bin/java java
测试运行Java
# java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) 2,下载Elasticsearch最新版本
下载软件或者是已经下载好了上传到服务器上,我是下载好了上传服务器
# mkdir elk &&cd /elk
# rz
# ls
elasticsearch-6.4.2.tar.gz logstash-6.4.2.tar.gz
kibana-6.4.2-linux-x86_64.tar.gz
3,解压到指定目录并将其重命名
# tar xf elasticsearch-6.4.2.tar.gz-C /usr/local
# mv elasticsearch-6.4.2elasticsearch 4,创建一个普通用户elk用来运行elasticsearch
#groupadd elk
#useradd -g elk elk -m
# chown -R elk.elk /usr/local/elasticsearch/
# ll /usr/local/elasticsearch/
total 436
drwxr-xr-x3 elk elk 4096 Oct 11 22:21 bin
drwxr-xr-x2 elk elk 148 Sep 26 21:38 config
drwxr-xr-x3 elk elk 4096 Sep 26 21:38 lib
-rw-r--r--1 elk elk13675 Sep 26 21:30 LICENSE.txt
drwxr-xr-x2 elk elk 6 Sep 26 21:38 logs
drwxr-xr-x 27 elk elk 4096 Sep 26 21:38 modules
-rw-r--r--1 elk elk 401465 Sep 26 21:38 NOTICE.txt
drwxr-xr-x2 elk elk 6 Sep 26 21:38 plugins
-rw-r--r--1 elk elk 8511 Sep 26 21:30 README.textile 5,创建一个elasticsearch数据存储目录,并赋予elk用户拥有所属权限
# mkdir -p /data/elasticsearch
#chown -R elk.elk /data/elasticsearch 6,修改elasticsearch配置文件,记得先备份一下配置文件再修改
#cd /usr/local/elasticsearch/config
# cp elasticsearch.yml elasticsearch.yml.bak
# vim elasticsearch.yml
cluster.name: ELK-Cluster
node.name: master-node
path.data: /data/elasticsearch
path.logs: /usr/local/elasticsearch/logs
network.host: 10.93.58.41
http.port: 9200 7,修改相关内核参数
# echo "vm.max_map_count=262144" >> /etc/sysctl.conf
# sysctl -p
# vim /etc/security/limits.conf
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536 8,切换用户elk来运行elasticsearch
# su - elk
$ cd /usr/local/elasticsearch/
$ ./bin/elasticsearch -d 9,检查elasticsearch状态,如下则表示正常运行
$curl http://10.93.58.41:9200
{
"name" : "master-node",
"cluster_name" : "ELK-Cluster",
"cluster_uuid" : "nOMA1m-TQr65tXWpi5H8Dw",
"version" : {
"number" : "6.4.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "04711c2",
"build_date" : "2018-09-26T13:34:09.098244Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
} 三、安装Logstash
1,解压到/usr/local目录下,并重命名为logstash
# tar xf logstash-6.4.2.tar.gz-C /usr/local/
# cd /usr/local/
# mv logstash-6.4.2 logstash 2,修改配置文件
# cd logstash/
# cd config/
#vimlogstash.conf
input {
file {
path => ["/var/log/messages"]
type => "syslog"
}
}
filter {
grok {
match => [ "message", "%{SYSLOGBASE} %{GREEDYDATA:conte
nt}" ]
}
}
output {
elasticsearch {
hosts => ["10.93.58.41:9200"]
index => "syslog-%{+YYY.MM.dd}"
}
} 3,指定配置文件运行logstash
# ./logstash -f /usr/local/logstash/config/logstash.conf &
# netstat -lntup |grep 9600
tcp6 0 0 127.0.0.1:9600 :::* LISTEN 5129/java 四,安装Kibana
1,解压到/usr/local并重命名为kibana
# tar xf kibana-6.4.2-linux-x86_64.tar.gz-C /usr/local
# cd /usr/local/
# mv kibana-6.4.2-linux-x86_64 kibana 2,修改配置文件
# cd kibana/config/
# cp kibana.yml kibana.yml.bak
# vim kibana.yml
server.port: 5601
server.host: 10.93.58.41
elasticsearch.url: "http://10.93.58.41:9200"
logging.dest: /var/log/kibana.log 3,给/var/log/kibana.log文件加权限
#touch /var/log/kibana.log
# chmod 777 /var/log/kibana.log 4,进入安装目录下/bin启动kibana
# cd bin/
# ./kibana & 五、浏览器上访问elasticsearch和kibana
http://10.93.58.41:9200/和http://10.93.58.41:5601/app/kibana#/home?_g=()
页:
[1]