参考:https://www.cnblogs.com/yancool/p/16518032.html
参考:https://www.cnblogs.com/xiaonuanxin/p/17667944.html
1、修改内核参数
vim /etc/security/limits.conf * soft nofile 65535 * hard nofile 65535 * soft nproc 65535 * hard nproc 65535
2、修改系统参数
vim /etc/sysctl.conf fs.file-max = 65535 net.ipv4.ip_local_port_range = 1024 65535 vm.max_map_count=262144
运行
sysctl -p
3、创建elk用户
useradd -d /home/elk -m elk
passwd elk
4、从官网下载elasticsearch 7.9.2,官网地址:https://www.elastic.co/cn/downloads/past-releases#elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.2-linux-x86_64.tar.gz
5、解压
tar zxvf elasticsearch-7.9.2-linux-x86_64.tar.gz -C /data/project/
6、修改elasticsearch配置,配置文件/data/project/elasticsearch-7.9.2/config/elasticsearch.yml
cluster.name: my-application node.name: node-1 path.data: /data/project/elasticsearch-7.9.2/data path.logs: /data/project/elasticsearch-7.9.2/logs network.host: 0.0.0.0 http.port: 9200 discovery.seed_hosts: ["node-1"] cluster.initial_master_nodes: ["node-1"]
修改/etc/hosts文件
192.168.1.63 node-1
7、默认的启动堆栈是4g,如果系统配置不高可以适当减少。配置文件/data/project/elasticsearch-7.9.2/config/jvm.options。-Xms和-Xmx要相同不然启动会报错
-Xms500M
-Xmx500M
8、授权目录,切换elk用户启动elasticsearch
chown -R elk:elk /data/project/elasticsearch-7.9.2/
su elk /data/project/elasticsearch-7.9.2/bin/elasticsearch -d
9、验证elasticsearch有没有部署成功,浏览器输入:http://ip:9200/,如果显示json包含版本等信息即部署成功
10、部署logstash,在官网下载logstash 7.9.2,官网地址:https://www.elastic.co/cn/downloads/past-releases#logstash
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.9.2.tar.gz
11、解压
tar zxvf logstash-7.9.2.tar.gz -C /data/project/
12、修改logstash的配置,配置文件/data/project/logstash-7.9.2/config/logstash-sample.conf
# Sample Logstash configuration for creating a simple # Beats -> Logstash -> Elasticsearch pipeline. #input { # beats { # port => 5044 # } #} input { file { path => ['/var/log/*.log'] } } output { elasticsearch { hosts => ["http://localhost:9200"] index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" #user => "elastic" #password => "changeme" } }
13、logstash默认的启动堆栈是4g,如果系统配置不高可以适当减少,配置文件/data/project/logstash-7.9.2/config/jvm.options
-Xms400M
-Xmx400M
14、授权目录,切换elk用户启动logstash。配置文件有beats则会监听5044端口
chown -R elk:elk /data/project/logstash-7.9.2/
su elk nohup /data/project/logstash-7.9.2/bin/logstash -f /data/project/logstash-7.9.2/config/logstash-sample.conf &
15、部署kibana,在官网下载kibana 7.9.2,官网地址:https://www.elastic.co/cn/downloads/past-releases#kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.9.2-linux-x86_64.tar.gz
16、解压
tar -zxvf kibana-7.9.2-linux-x86_64.tar.gz -C /data/project/
17、修改kibana的配置,配置文件/data/project/kibana-7.9.2-linux-x86_64/config/kibana.yml
# 修改内容 i18n.locale: "zh-CN" server.port: 5601 server.host: "192.168.1.63" #kibana本机的地址 elasticsearch.hosts: "http://192.168.1.63:9200" #ES主节点地址+端口 kibana.index: ".kibana
18、授权目录,切换elk用户启动kibana
chown -R elk:elk /data/project/kibana-7.9.2-linux-x86_64/
su elk nohup /data/project/kibana-7.9.2-linux-x86_64/bin/kibana &
19、验证kibana有没有部署成功,浏览器输入:http://ip:9200/
下面是扩展内容
一、注:官方还推荐使用filebeat,其占用资源少,只负责收集日志,没有其他性能开销,官网地址:https://www.elastic.co/cn/downloads/past-releases#filebeat
可配置filebeat收集日志后直接输出到elasticsearch,也可以配置输出到logstash
安装步骤如下:
1、先解压缩包,然后修改配置文件
vim filebeat.yml
#输入日志 filebeat.inputs: # Each - is an input. Most options can be set at the input level, so # you can use different inputs for various configurations. # Below are the input specific configurations. - type: log # Change to true to enable this input configuration. enabled: true # Paths that should be crawled and fetched. Glob based paths. paths: - /data/project/jar/logs/service-progress/error.log - /data/project/jar/logs/service-system/error.log
#直接输出到elasticsearch output.elasticsearch: # Array of hosts to connect to. hosts: ["localhost:9200"]
或
#输出到logstash output.logstash: # The Logstash hosts hosts: ["localhost:5044"]
如果是配置输出到logstash,还需要相应的修改logstash的配置文件
vim config/logstash-sample.conf
input {
beats {
path => 5044
}
}
然后启动filebeat,logstash
nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &
nohup ./bin/logstash -f /home/elk/logstash/config/logstash-sample.conf &