2018-07-02 21:32:33
ELK 单实例搭建
环境搭建
1.1我的系统版本
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
1.2需要的软件:(elk的下载路径:https://www.elastic.co/downloads/)
ElasticSearch:2.2.1
Logstash:2.2.2
Kibana:4.4.2
JRE:1.8.2
1.3 创建用户
[root@db ~]# useradd elk password
[root@db ~]# passwd elk
1.4 创建elk 需要的目录
[root@db ~]# mkdir -p /data/elk/
赋予所有和所属
[root@db ~]# chown -R elk:elk /data/elk/
一下操作都在用户 elk 下执行,不然服务搭建不成功,会各种报错
安装 jdk 1.8
[elk@db elk]$ pwd
/data/elk
[elk@db elk]$ mkdir java
[elk@db elk]$ tar -zxvf jdk-8u171-linux-x64.tar.gz
配置环境变量(此时切换到root用户下配置)
[root@db ~]# vim /etc/profile
export JAVA_HOME=/data/elk/java
export JRE_HOME=/data/elk/java/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
配置文件限制
(Elk为启动用户,也可以指定为*)
[root@db ~]# vim /etc/security/limits.conf
elk soft nofile 65536
elk hard nofile 131072
elk soft nproc 65536
elk hard nproc 131072
[root@db ~]# vim /etc/security/limits.d/90-nproc.conf
* soft nproc 2048 (原来是1024 改成2048即可)
切换到elk用户下在操作
安装 elasticsearch
[elk@db elk]$ tar -zxvf elasticsearch-2.2.1.tar.gz
对elasticsearch 进行配置
[elk@db config]$ pwd
/data/elk/elasticsearch-2.2.1/config
[elk@db config]$ vim elasticsearch.yml
启动进行验证 通浏览器访问
[elk@db elasticsearch-2.2.1]$ ./bin/elasticsearch
(nohup bin/elasticsearch & 这种启动调用到后台了,不然会一直在前台挂着, Ctrl + C 会杀掉进程,后续的都一样)
验证
下载插件 elasticsearch-head
新建目录
[elk@db mobz]$ pwd
/data/elk/elasticsearch-2.2.1/bin/mobz
[elk@db mobz]$ mkdir mobz
下载elasticsearch-head的路径:https://github.com/mobz/elasticsearch-head
(这个时候下载需要到github上才能下载到,在Windows 安装git客户端进行下载:下载命令:
git clone https://github.com/mobz/elasticsearch-head
新建目录
[elk@db bin]$ pwd
/data/elk/elasticsearch-2.2.1/bin
[elk@db bin]$ mkdir mobz
把elasticsearch-head 放到目录下
加载 elasticsearch-head 插件
[elk@db bin]$ pwd
/data/elk/elasticsearch-2.2.1/bin
[elk@db bin]$ ./plugin install mobz/elasticsearch-head/
(特别声明:最好在bin 目录下加载,不要在上一级加载,容易出错,加载不出来)
加载完成后再次启动服务
[elk@db elasticsearch-2.2.1]$ ./bin/elasticsearch
验证访问
安装logstash
[elk@db elk]$ tar -zxvf logstash-2.2.2.tar.gz
[elk@db logstash-2.2.2]$ pwd
/data/elk/logstash-2.2.2
[elk@db logstash-2.2.2]$ vim logstash-simple.conf
input {stdin { } }
output {
elasticsearch {hosts => "192.168.25.50" }
stdout { codec=> rubydebug }
}
启动
[elk@db logstash-2.2.2]$ pwd
/data/elk/logstash-2.2.2
[elk@db logstash-2.2.2]$ ./bin/logstash -f logstash-simple.conf
安装kibana
[elk@db elk]$ tar -zxvf kibana-4.4.2-linux-x64
进行配置
[elk@db config]$ pwd
/data/elk/kibana-4.4.2-linux-x64/config
[elk@db config]$ vim kibana.yml
只需要修改(去掉注释):server.port: 5601 、
server.host: "192.168.25.50"
elasticsearch.url: http://192.168.25.50:9200
kibana.index: ".kibana"
特别声明:配置的内容要和左面一定要顶齐,不能留有空格,不然启动失败
启动:
[elk@db kibana-4.4.2-linux-x64]$ ./bin/kibana
log [15:23:07.861] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
log [15:23:07.902] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [15:23:07.919] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
log [15:23:07.931] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
log [15:23:07.939] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
log [15:23:07.965] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
log [15:23:07.972] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
log [15:23:07.977] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
log [15:23:07.983] [info][listening] Server running at http://192.168.25.505601
log [15:23:12.980] [info][status][plugin:elasticsearch] Status changed from yellow to yellow - No existing Kibana index found
log [15:23:16.749] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready
验证
