Java环境准备
JDK下载 https://www.oracle.com/technetwork/java/javase/overview/index.html
[root@manager ~]# # wget https://download.oracle.com/otn/java/jdk/11.0.5+10/e51269e04165492b90fa15af5b4eb1a5/jdk-11.0.5_linux-x64_bin.rpm
[root@manager ~]# tail /etc/bashrc
...
export JAVA_HOME=/usr/java/jdk-11.0.5
[root@manager ~]# source /etc/bashrc
elk下载
https://www.elastic.co/cn/downloads/
Elasticsearch
es配置文件修改
[root@manager ~]# vim /etc/elasticsearch/jvm.options
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms2g
-Xmx2g
[root@manager ~]# grep '^[^#]' /etc/elasticsearch/elasticsearch.yml
cluster.name: test-es
node.name: manager
node.attr.rack: r1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true #官方文档建议为true
network.host: 192.168.50.65
http.port: 9200
discovery.seed_hosts: ["127.0.0.1"]
action.destructive_requires_name: true
[root@manager ~]# systemctl edit elasticsearch
[Service]
LimitMEMLOCK=infinity
[root@manager ~]# systemctl daemon-reload
系统参数修改
[root@manager ~]# sysctl -p
vm.max_map_count=262144
[root@manager ~]# cat /etc/security/limits.d/20-nproc.conf
* soft nproc 4096
root soft nproc unlimited
[root@manager ~]# cat /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096
启动ES
[root@manager ~]# systemctl start elasticsearch.service
[root@manager ~]# jps # 专门查看Java程序的ps,比直接用ps去查PID要方便一点
3292 Jps
25756 Elasticsearch
浏览器访问 http://192.168.50.65:9200/
或者curl
[root@manager ~]# curl http://192.168.50.65:9200/
{
"name" : "manager",
"cluster_name" : "test-es",
"cluster_uuid" : "S8pmWc10SfKXZZxmxbN2Qg",
"version" : {
"number" : "7.4.2",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "2f90bbf7b93631e52bafb59b3b049cb44ec25e96",
"build_date" : "2019-10-28T20:40:44.881551Z",
"build_snapshot" : false,
"lucene_version" : "8.2.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Kibana
[root@manager ~]# grep ^[^#] /etc/kibana/kibana.yml
server.port: 5601
server.host: "192.168.50.65"
elasticsearch.hosts: ["http://192.168.50.65:9200"]
kibana.index: ".kibana"
i18n.locale: "zh-CN"
[root@manager ~]# systemctl restart elasticsearch
Logstash
[root@manager ~]# cat /etc/logstash/conf.d/xxx.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://192.168.50.65:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
FileBeat
[root@manager ~]# egrep -v '#|^$' /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
- /var/log/messages
- /var/log/secure
- /var/log/lastlog
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "192.168.50.65:5601"
output.logstash:
hosts: ["192.168.50.65:5044"]
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
官方文档
https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html