|
ELK详细安装配置
一、安装准备环境
1,jdk 1.8及以上的版本;2,Elasticsearch6.4.2 ;3,Logstash6.4.2;4,Kibana;5,CentOS Linux release 7.5.1804 (Core)
6,本次采用的一台主机,将所有的软件安装一台上进行测试工作。
二、正式安装ELK
1,安装jdk 1.8及以上的版本
创建一个目录 /usr/local/java
[root@master-node ~]#mkdir -pv /usr/local/java
上传文件
[root@master-node ~]# rz
[root@master-node ~]# ls
anaconda-ks.cfg jdk-8u181-linux-x64.tar.gz
[root@master-node ~]# tar xf jdk-8u181-linux-x64.tar.gz -C /usr/local/java
[root@master-node ~]# vim /etc/profile
最后添加如下:
JAVA_HOME=/usr/local/java/jdk1.8.0_181
export PATH=$PATH:$JAVA_HOME/bin
[root@master-node ~]# source /etc/profile
[root@master-node bin]# ln -s /usr/local/java/jdk1.8.0_181/bin/java java
测试运行Java
[root@master-node ~]# java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode) 2,下载Elasticsearch最新版本
下载软件或者是已经下载好了上传到服务器上,我是下载好了上传服务器
[root@master-node /]# mkdir elk &&cd /elk
[root@master-node elk]# rz
[root@master-node elk]# ls
elasticsearch-6.4.2.tar.gz logstash-6.4.2.tar.gz
kibana-6.4.2-linux-x86_64.tar.gz
3,解压到指定目录并将其重命名
[root@master-node elk]# tar xf elasticsearch-6.4.2.tar.gz -C /usr/local
[root@master-node local]# mv elasticsearch-6.4.2 elasticsearch 4,创建一个普通用户elk用来运行elasticsearch
[root@master-node /]#groupadd elk
[root@master-node /]#useradd -g elk elk -m
[root@master-node local]# chown -R elk.elk /usr/local/elasticsearch/
[root@master-node local]# ll /usr/local/elasticsearch/
total 436
drwxr-xr-x 3 elk elk 4096 Oct 11 22:21 bin
drwxr-xr-x 2 elk elk 148 Sep 26 21:38 config
drwxr-xr-x 3 elk elk 4096 Sep 26 21:38 lib
-rw-r--r-- 1 elk elk 13675 Sep 26 21:30 LICENSE.txt
drwxr-xr-x 2 elk elk 6 Sep 26 21:38 logs
drwxr-xr-x 27 elk elk 4096 Sep 26 21:38 modules
-rw-r--r-- 1 elk elk 401465 Sep 26 21:38 NOTICE.txt
drwxr-xr-x 2 elk elk 6 Sep 26 21:38 plugins
-rw-r--r-- 1 elk elk 8511 Sep 26 21:30 README.textile 5,创建一个elasticsearch数据存储目录,并赋予elk用户拥有所属权限
[root@master-node ~]# mkdir -p /data/elasticsearch
[root@master-node ~]#chown -R elk.elk /data/elasticsearch 6,修改elasticsearch配置文件,记得先备份一下配置文件再修改
[root@master-node ~]#cd /usr/local/elasticsearch/config
[root@master-node config]# cp elasticsearch.yml elasticsearch.yml.bak
[root@master-node config]# vim elasticsearch.yml
cluster.name: ELK-Cluster
node.name: master-node
path.data: /data/elasticsearch
path.logs: /usr/local/elasticsearch/logs
network.host: 10.93.58.41
http.port: 9200 7,修改相关内核参数
[root@master-node config]# echo "vm.max_map_count=262144" >> /etc/sysctl.conf
[root@master-node ~]# sysctl -p
[root@master-node ~]# vim /etc/security/limits.conf
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536 8,切换用户elk来运行elasticsearch
[root@master-node config]# su - elk
[elk@master-node ~]$ cd /usr/local/elasticsearch/
[elk@master-node elasticsearch]$ ./bin/elasticsearch -d 9,检查elasticsearch状态,如下则表示正常运行
[elk@master-node elasticsearch]$ curl http://10.93.58.41:9200
{
"name" : "master-node",
"cluster_name" : "ELK-Cluster",
"cluster_uuid" : "nOMA1m-TQr65tXWpi5H8Dw",
"version" : {
"number" : "6.4.2",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "04711c2",
"build_date" : "2018-09-26T13:34:09.098244Z",
"build_snapshot" : false,
"lucene_version" : "7.4.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
} 三、安装Logstash
1,解压到/usr/local目录下,并重命名为logstash
[root@master-node ~]# tar xf logstash-6.4.2.tar.gz -C /usr/local/
[root@master-node ~]# cd /usr/local/
[root@master-node local]# mv logstash-6.4.2 logstash 2,修改配置文件
[root@master-node local]# cd logstash/
[root@master-node logstash]# cd config/
[root@master-node config]#vim logstash.conf
input {
file {
path => ["/var/log/messages"]
type => "syslog"
}
}
filter {
grok {
match => [ "message", "%{SYSLOGBASE} %{GREEDYDATA:conte
nt}" ]
}
}
output {
elasticsearch {
hosts => ["10.93.58.41:9200"]
index => "syslog-%{+YYY.MM.dd}"
}
} 3,指定配置文件运行logstash
[root@master-node bin]# ./logstash -f /usr/local/logstash/config/logstash.conf &
[root@master-node bin]# netstat -lntup |grep 9600
tcp6 0 0 127.0.0.1:9600 :::* LISTEN 5129/java 四,安装Kibana
1,解压到/usr/local并重命名为kibana
[root@master-node ~]# tar xf kibana-6.4.2-linux-x86_64.tar.gz -C /usr/local
[root@master-node ~]# cd /usr/local/
[root@master-node local]# mv kibana-6.4.2-linux-x86_64 kibana 2,修改配置文件
[root@master-node local]# cd kibana/config/
[root@master-node config]# cp kibana.yml kibana.yml.bak
[root@master-node config]# vim kibana.yml
server.port: 5601
server.host: 10.93.58.41
elasticsearch.url: "http://10.93.58.41:9200"
logging.dest: /var/log/kibana.log 3,给/var/log/kibana.log文件加权限
[root@master-node config]# touch /var/log/kibana.log
[root@master-node config]# chmod 777 /var/log/kibana.log 4,进入安装目录下/bin启动kibana
[root@master-node kibana]# cd bin/
[root@master-node bin]# ./kibana & 五、浏览器上访问elasticsearch和kibana
http://10.93.58.41:9200/ 和http://10.93.58.41:5601/app/kibana#/home?_g=()
|
|
|