启动错误:

参考网站:https://blog.csdn.net/feinifi/article/details/73633235?utm_source=itdadao&utm_medium=referral

修改/etc/security/limits.conf,修改完成一定要退出，再次登录参数才能生效。

下载head插件

https://github.com/mobz/elasticsearch-head

下载java jdk

http://www.oracle.com/technetwork/java/javase/downloads/jdk10-downloads-4416644.html

安装报错:

1、安装npm需要修改/etc/sudoers  增加管理员权限 ，然后运行sudo npm install

==================================================================================================

1、创建ELK的用户

创建运行ELK的用户和组

#groupadd elk

#useradd -g elk elk

#passwd elk

创建ELK存放目录

#mkdir /elk && chown -R elk:elk /elk

创建数据和日志存放目录

chown -R elk:elk /tmp/data/elasticesearch

mkdir /tmp/logs &&

2、安装6.2.4

https://www.cnblogs.com/frankdeng/p/9139035.html#top

3、安装6.2.2

https://blog.csdn.net/magerguo/article/details/79637646

4、head插件的安装

https://blog.csdn.net/kimichen123/article/details/79389259

https://blog.csdn.net/zhengchaooo/article/details/80222349

===============================================================

把logstash输出内容到elasticsearch     参考:https://blog.csdn.net/napoay/article/details/53276758

建立配置文件：

vim logstash.conf
内容如下：

input{

    stdin{}

}

output{

    elasticsearch{

        hosts => "192.168.1.119"

     }

   stdout{codec => rubydebug}

}
然后执行：

[elk@linux-node1 elk]$ ./logstash-6.2.4/bin/logstash -f logstash-6.2.4/conf/logstash.conf

再打开http://192.168.1.119:9100进行查看

=======================================================================

收集系统日志:

[root@linux-node1 elk]# cat logstash-6.2.4/conf/file.conf
input {
file{
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}

}
output {

elasticsearch {
hosts => ["192.168.1.119:9200"]
index => "system-%{type}-%{+YYYY.MM.dd}"

}

}

然后:    [elk@linux-node1 elk]$ ./logstash-6.2.4/bin/logstash -f logstash-6.2.4/conf/file.conf