1、下载elk
下载elasticsearch-7.7.1-x86_64.rpm
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.1-x86_64.rpm
下载kibana-7.7.1-x86_64.rpm
https://artifacts.elastic.co/downloads/kibana/kibana-7.7.1-x86_64.rpm
下载filebeat-7.7.1-x86_64.rpm
https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.7.1-x86_64.rpm
改教程以filebeat为例,filebeat相比logstash更加轻量化
2、安装elasticsearch
rpm --install elasticsearch-7.7.1-x86_64.rpm
修改配置文件,修改IP地址,便于外部访问
vim /etc/elasticsearch/elasticsearch.yml 
启动、停止、查询状态
systemctl start elasticsearch.service
systemctl stop elasticsearch.service
systemctl status elasticsearch.service运行日志文件位置
/var/log/elasticsearch/网页访问是否启动成功
http://192.168.81.129:9200/ 
3、安装kibana
rpm --install kibana-7.7.1-x86_64.rpm修改配置文件,配置IP地址
vim /etc/kibana/kibana.yml
启动、停止、查询状态
systemctl start kibana
systemctl stop kibana
systemctl status kibana网页访问
http://192.168.81.129:5601/
4、安装filebeat
rpm --install filebeat-7.7.1-x86_64.rpm配置filebeat
vim /etc/filebeat/filebeat.yml 
启动、停止、查询状态
systemctl start filebeat.service
systemctl stop filebeat.service
systemctl status filebeat.service5、kibana中查询filebeat采集到的数据
添加索引
