版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/xuxile/article/details/79110048
1.ELK注意事项
1.1要求jdk1.8+
1.2Elsearch不允许使用root启动
1.3ELK三个包版本要一致
2.ELK下载地址
https://www.elastic.co/cn/downloads
elasticsearch-6.1.1.tar.gz
kibana-6.1.1-linux-x86_64.tar.gz
logstash-6.1.1.tar.gz
3.安装jdk8
cd /home
rpm -ivh jdk-8u151-linux-x64.rpm
默认安装路径/usr/java/jdk1.8.0_151
因为我之前系统用的都是1.7的环境,所以在此就不配置环境变量了。
4.创建专属用户
elasticsearch不能以root运行这是出于系统安全考虑设置的条件。由于ElasticSearch可以接收用户输入的脚本并且执行,为了系统安全考虑。
useradd -d /home/elasticsearch-6.1.1 -m elsearch
passwd elsearch
chown elsearch -R /home/elasticsearch-6.1.1
使用elsearch登陆后执行:
vim ~/.bash_profile
(不用管.bash_profile这个文件有几个,自己新建一个也是可以的)
在最后加上
export PS1='[\u@\h \W]\$'
然后执行
source ~/.bash_profile
5.elasticSearch安装配置
将elasticsearch-6.1.1.tar.gz上传至/home目录
cd /home
tar -zxvf elasticsearch-6.1.1.tar.gz
cd elasticsearch-6.1.1
vim bin/elasticsearch-env
vi config/elasticsearch.yml
修改以下配置项:
vi /etc/security/limits.conf添加:
sysctl -p
其他的选项保持默认,然后启动ES:
./bin/elasticsearch -d
测试验证,浏览器输入:
http://192.168.20.38:9200/
集群健康状态查询:
http://192.168.20.38:9200/_cluster/health?pretty
集群统计信息查询:
http://192.168.20.38:9200/_cluster/stats?pretty
删除索引
curl -XDELETE http://192.168.20.38:9200/logstash-*
6.logstash安装配置
cd /home
tar -zxvf logstash-6.1.1.tar.gz
cd logstash-6.1.1
vi bin/logstash首行添加:
vi config/lognginx.conf
./bin/logstash -f /home/logstash-6.1.1/config/lognginx.conf
补充:
如果有很多个配置文件,指定目录:
./bin/logstash -f /home/logstash-6.1.1/config/my/
如果监控nginx和多个tomcat配置(add_field是自定义属性):
vi /home/logstash-6.1.1/config/my.conf
然后启动:nohup ./bin/logstash -f /home/logstash-6.1.1/config/my.conf >/dev/null 2>&1 &
7.安装配置kibana
cd /home
tar -zxvf kibana-6.1.1-linux-x86_64.tar.gz
cd kibana-6.1.1-linux-x86_64
vi config/kibana.yml
nohup ./bin/kibana &
访问:
http://192.168.20.111:5601/
8.elasticSearch安装head插件
8.1下载解压
下载地址:https://github.com/mobz/elasticsearch-head,上传至home目录并解压。
8.2nodejs环境安装配置
下载地址:https://nodejs.org/dist/v8.9.4/node-v8.9.4-linux-x64.tar.gz,上传至home目录并解压:
cd /home
tar zxvf node-v8.9.4-linux-x64.tar.gz
设置环境变量
vim /etc/profile
source /etc/profile
验证是否安装成功
node -v
npm -v
安装head 插件:
cd /home
unzip elasticsearch-head-master.zip
cd elasticsearch-head-master
安装grunt:
cd /home/elasticsearch-head-master
npm install -g grunt-cli
grunt -version
vi Gruntfile.js添加hostname:
this.base_uri = this.config.base_uri;改为
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.20.38:9200";
npm install [email protected] --ignore-script
npm install(安装下载下来的包)
使用el专用用户重启el服务,然后启动:grunt server &
测试访问:http://192.168.20.111:9100/
1.1要求jdk1.8+
1.2Elsearch不允许使用root启动
1.3ELK三个包版本要一致
2.ELK下载地址
https://www.elastic.co/cn/downloads
elasticsearch-6.1.1.tar.gz
kibana-6.1.1-linux-x86_64.tar.gz
logstash-6.1.1.tar.gz
3.安装jdk8
cd /home
rpm -ivh jdk-8u151-linux-x64.rpm
默认安装路径/usr/java/jdk1.8.0_151
因为我之前系统用的都是1.7的环境,所以在此就不配置环境变量了。
4.创建专属用户
elasticsearch不能以root运行这是出于系统安全考虑设置的条件。由于ElasticSearch可以接收用户输入的脚本并且执行,为了系统安全考虑。
useradd -d /home/elasticsearch-6.1.1 -m elsearch
passwd elsearch
chown elsearch -R /home/elasticsearch-6.1.1
使用elsearch登陆后执行:
vim ~/.bash_profile
(不用管.bash_profile这个文件有几个,自己新建一个也是可以的)
在最后加上
export PS1='[\u@\h \W]\$'
然后执行
source ~/.bash_profile
5.elasticSearch安装配置
将elasticsearch-6.1.1.tar.gz上传至/home目录
cd /home
tar -zxvf elasticsearch-6.1.1.tar.gz
cd elasticsearch-6.1.1
vim bin/elasticsearch-env
# 添加以下代码
export JAVA_HOME=/usr/java/jdk1.8.0_151/
export PATH=$JAVA_HOME/bin:$PATH
if [ -x "$JAVA_HOME/bin/java" ]; then
JAVA="/usr/java/jdk1.8.0_151/bin/java"
else
JAVA=`which java`
fivi config/elasticsearch.yml
修改以下配置项:
cluster.name: es_cluster
node.name: node0
path.data: /home/elasticsearch-6.1.1/data
path.logs: /home/elasticsearch-6.1.1/logs
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.20.38","192.168.20.52","192.168.20.111"]
discovery.zen.minimum_master_nodes: 2
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
http.cors.enabled: true
http.cors.allow-origin: "*"vi /etc/security/limits.conf添加:
* hard nofile 65536
* soft nofile 65536* soft nproc 4096添加下面配置:
vm.max_map_count=655360sysctl -p
其他的选项保持默认,然后启动ES:
./bin/elasticsearch -d
测试验证,浏览器输入:
http://192.168.20.38:9200/
集群健康状态查询:
http://192.168.20.38:9200/_cluster/health?pretty
集群统计信息查询:
http://192.168.20.38:9200/_cluster/stats?pretty
删除索引
curl -XDELETE http://192.168.20.38:9200/logstash-*
6.logstash安装配置
cd /home
tar -zxvf logstash-6.1.1.tar.gz
cd logstash-6.1.1
vi bin/logstash首行添加:
export JAVA_CMD="/usr/java/jdk1.8.0_151/bin"
export JAVA_HOME="/usr/java/jdk1.8.0_151/"vi config/lognginx.conf
input {
file {
path => "/home/nginx/logs/*access*.log"
start_position => beginning
}
}
filter {
}
output {
elasticsearch {
hosts => "192.168.20.38:9200"
index => "nginx-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}./bin/logstash -f /home/logstash-6.1.1/config/lognginx.conf
补充:
如果有很多个配置文件,指定目录:
./bin/logstash -f /home/logstash-6.1.1/config/my/
如果监控nginx和多个tomcat配置(add_field是自定义属性):
vi /home/logstash-6.1.1/config/my.conf
input {
file {
path => "/home/nginx/logs/*.log"
start_position => beginning
type => mynginx
add_field => {
"cliendIp"=>"192.168.20.38"
"logNum"=>"1001"
}
}
file {
path => "/home/tomcat/tomcat7-*/logs/*.log"
start_position => beginning
type => mytomcat
add_field => {
"cliendIp"=>"192.168.20.38"
"logNum"=>"1001"
}
}
}
filter {
}
output {
if [type] == "mynginx"{
elasticsearch {
hosts => "192.168.20.52:9200"
index => "mynginx-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
if [type] == "mytomcat"{
elasticsearch {
hosts => "192.168.20.52:9200"
index => "mytomcat-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
}然后启动:nohup ./bin/logstash -f /home/logstash-6.1.1/config/my.conf >/dev/null 2>&1 &
7.安装配置kibana
cd /home
tar -zxvf kibana-6.1.1-linux-x86_64.tar.gz
cd kibana-6.1.1-linux-x86_64
vi config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: http://192.168.20.38:9200
kibana.index: .kibananohup ./bin/kibana &
访问:
http://192.168.20.111:5601/
8.elasticSearch安装head插件
8.1下载解压
下载地址:https://github.com/mobz/elasticsearch-head,上传至home目录并解压。
8.2nodejs环境安装配置
下载地址:https://nodejs.org/dist/v8.9.4/node-v8.9.4-linux-x64.tar.gz,上传至home目录并解压:
cd /home
tar zxvf node-v8.9.4-linux-x64.tar.gz
设置环境变量
vim /etc/profile
export NODE_HOME=/home/node-v8.9.4-linux-x64
export PATH=$NODE_HOME/bin:$PATHsource /etc/profile
验证是否安装成功
node -v
npm -v
安装head 插件:
cd /home
unzip elasticsearch-head-master.zip
cd elasticsearch-head-master
安装grunt:
cd /home/elasticsearch-head-master
npm install -g grunt-cli
grunt -version
vi Gruntfile.js添加hostname:
connect: {
server: {
options: {
hostname:'0.0.0.0',
port: 9100,
base: '.',
keepalive: true
}
}
}this.base_uri = this.config.base_uri;改为
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.20.38:9200";
npm install [email protected] --ignore-script
npm install(安装下载下来的包)
使用el专用用户重启el服务,然后启动:grunt server &
测试访问:http://192.168.20.111:9100/