环境:
centOS7
JDK8
Elasticsearch-6.6.1
Logstash-6.6.1
Kibana-6.6.1
准备:
jdk下载地址:https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
elk下载地址:https://www.elastic.co/downloads
安装:
jdk安装:
1.删除自带的jdk
java -version
rpm -qa | grep java
yum -y remove ***
2.安装
mkdir /usr/jdk
tar -xvf jdk-8u112-linux-x64.tar.gz /usr/jdk
3.配置环境变量
vim /etc/profile
添加如下内容
export JAVA_HOME=/usr/jdk/jdk1.8.0_112
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
保存退出,是配置生效
source /etc/profile
4.查看是否安装成功
java -version
elasticsearch安装
1.解压并拷贝
tar -zxvf elasticsearch-6.6..tar.gz
mv elasticsearch-6.6.1 /usr/local/src/elasticsearch
2.创建用户和用户组
groupadd elasticsearch
useradd elasticsearch -g elasticsearch
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch
3.创建数据文件和日志文件
mkdir /data/es/{data,logs,work} -p
chown -R /data/es
4.修改elasticsearch配置文件
cluster.name: es-cluster
#节点名称,每个节点不一样
node.name: node-
network.host: 192.168.227.130
http.port:
transport.tcp.port:
node.master: true
node.data: true
#path.conf: /usr/local/src/elasticsearch/conf
path.data: /data/es/data
#path.work: /data/es/work
path.logs: /data/es/logs
#集群
discovery.zen.ping.unicast.hosts: ["192.168.227.130:9300", "192.168.227.131:9300", "192.168.227.132:9300"]
discovery.zen.minimum_master_nodes:
http.cors.enabled: true
http.cors.allow-origin: "*"
5.启动
cd /usr/local/src/elasticsearch/bin
./elasticsearch -d
6.查看是否启动成功
[root@bogon bin]# curl http://192.168.227.130:9200
{
"name" : "node-1",
"cluster_name" : "es-cluster",
"cluster_uuid" : "IFLcuRW-SE-U9-njSb9A_g",
"version" : {
"number" : "6.6.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "1fd8f69",
"build_date" : "2019-02-13T17:10:04.160291Z",
"build_snapshot" : false,
"lucene_version" : "7.6.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
7.如启动失败,查看启动日志
日志报错内容如下
[] bootstrap checks failed
[]: max virtual memory areas vm.max_map_count [] is too low, increase to at least []
解决办法:
切换到root用户修改配置sysctl.conf
vi /etc/sysctl.conf
添加下面配置:
vm.max_map_count=
并执行命令:
sysctl -p
然后,重新启动elasticsearch
elasticsearch-head插件安装
logstash安装
1.解压并拷贝
tar -zxvf logstash-6.6.1.tar.gz
mv logstash-6.6.1 /usr/local/logstash
2.修改配置文件
cd /usr/local/logstash/config
cp logstash-sample.conf logstash.conf
vim logstash.conf
input {
# stdin{}
tcp {
# host:port就是上面appender中的 destination,
# 这里其实把logstash作为服务,开启9250端口接收logback发出的消息
host => "192.168.227.130" port => mode => "server" tags => ["tags"] codec => json_lines
}
}
filter {
# mutate{
# add_field => {
# "@msg" => "%{msg}"
# }
# }
json{
source => "msg"
skip_on_invalid_json => true
# remove_field => ["msg"]
}
}
output {
elasticsearch {
hosts => ["http://192.168.227.130:9200"]
}
stdout { codec => rubydebug }
}
保存退出
3.启动logstash
[root@bogon logstash]# /usr/local/logstash/bin/logstash -f /usr/local/logstash/config/logstash.conf
后台启动logstash
[root@bogon logstash]# nohup /usr/local/ELk/logstash-5.1.1/bin/logstash -f /usr/local/ELk/logstash-5.1.1/config/conf.d/webnginx.conf >/dev/null &;
kibana安装
1.解压并拷贝
[root@bogon opt]# tar -zxvf kibana-6.6.-linux-x86_64.tar.gz
[root@bogon opt]# mv kibana-6.6.1-linux-x86_64 /usr/local/kibana
2.修改配置
[root@bogon config]# vi /usr/local/kibana/config/kibana.yml
server.port:
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.227.130:9200"
kibana.index: ".kibana"
保存退出
3.启动
[root@bogon bin]# /usr/local/kibana/bin/kibana
因没有权限限制,部署在外网,谁都可以访问,可以使用nginx做代理,设置访问权限