centos7安装efk

1.安装elasticsearch
下载安装包
[els@localhost ~]$ curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.1-linux-x86_64.tar.gz
[els@localhost ~]$ tar zxvf elasticsearch-7.6.1-linux-x86_64.tar.gz -C /usr/local/
[els@localhost ~]$ mv /usr/local/elasticsearch-7.6.1 /usr/local/elasticsearch
[els@localhost ~]$ useradd els && echo "123" | passwd --stdin els && gpasswd -a els wheel
[els@localhost ~]$ su - els
[els@localhost ~]$ mkdir -p /data/els
[els@localhost ~]$ mkdir -p /var/log/els/
[els@localhost ~]$ sudo chown -R els: /data/els/
[els@localhost ~]$ sudo chown els: -R /var/log/els/
[els@localhost ~]$ sudo cat >> /etc/security/limits.conf << EOF
 *              soft    nofile          65536
 *              hard    nofile          65536
 EOF
 [els@localhost ~]$ sudo cat > /etc/security/limits.d/90-nproc.conf << EOF
 *          soft    nproc     4096
 EOF
[els@localhost ~]$ sudo cat >> /etc/sysctl.conf <<EOF
vm.max_map_count=262144
EOF
[els@localhost ~]$ sudo sysctl -p
[els@localhost config]$ grep -Ev "^$|#" elasticsearch.yml 
cluster.name: my-els
node.name: els-1
path.data: /data/els
path.logs: /var/log/els
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
cluster.initial_master_nodes: ["els-1" ]
根据需求更改
[els@localhost bin]$ ./elasticsearch -d
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[els@localhost bin]$ ps -elf |grep ela
0 S els       12785      1 99  80   0 - 934663 futex_ 04:20 pts/0   00:00:04 /usr/local/elasticsearch/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=COMPAT -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir=/tmp/elasticsearch-15251471173593569341 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -XX:MaxDirectMemorySize=536870912 -Des.path.home=/usr/local/elasticsearch -Des.path.conf=/usr/local/elasticsearch/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /usr/local/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -d
0 S els       12800  12785  0  80   0 - 15563 pipe_w 04:20 pts/0    00:00:00 /usr/local/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
0 R els       12807  11347  0  80   0 - 28178 -      04:20 pts/0    00:00:00 grep --color=auto ela
[els@localhost bin]$ curl localhost:9200
{
  "name" : "els-1",
  "cluster_name" : "my-els",
  "cluster_uuid" : "KHkhmGstTj6cir6kn9PAfA",
  "version" : {
    "number" : "7.6.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "aa751e09be0a5072e8570670309b1f12348f023b",
    "build_date" : "2020-02-29T00:15:25.529771Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

2.安装kibana
[els@localhost~]# curl -O https://artifacts.elastic.co/downloads/kibana/kibana-7.6.1-linux-x86_64.tar.gz
[els@localhost ~]# tar zxvf kibana-7.6.1-linux-x86_64.tar.gz -C /usr/local/
[els@localhost ~]# mv /usr/local/kibana-7.6.1-linux-x86_64/ /usr/local/kibana
[els@localhost config]# grep -Ev "^#|#" kibana.yml 

server.host: "0.0.0.0"





elasticsearch.hosts: ["http://localhost:9200"]


kibana.index: ".kibana"
i18n.locale: "zh-CN
[els@localhost bin]$ nohup ./kibana &
[1] 13337

3.安装filebeat
[els@localhost ~]$ sudo curl -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.1-linux-x86_64.tar.gz
[els@localhost ~]$ sudo tar zxvf  filebeat-7.6.1-linux-x86_64.tar.gz -C /usr/local/
[els@localhost ~]$ sudo mv /usr/local/filebeat-7.6.1-linux-x86_64/ /usr/local/filebeat
[els@localhost filebeat]$ sudo mkdir data
[els@localhost filebeat]$ sudo mkdir /usr/local/filebeat/logs
[els@localhost filebeat]$ grep -Ev "^$|#" filebeat.yml 
[els@localhost filebeat]$ grep -Ev "^$|#" filebeat.yml
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
output.elasticsearch:
  hosts: ["localhost:9200"]
[els@localhost filebeat]$ nohup  ./filebeat -c filebeat.yml &
nohup: ignoring input and appending output to ‘/home/els/nohup.out’