ELK 源码详细安装步骤

一、安装准备环境

1，jdk 1.8及以上的版本；2，elasticsearch-7.7.0 ；3，logstash-7.7.0；4，kibana-7.7.0；5，CentOS Linux release 7.5.1804 (Core)

我用三台主机搭建，收集我之前docker搭建好的lamp的日志信息
192.168.116.128：logstash
192.168.116.129：elasticsearch
192.168.116.130：kibana

防火墙与selinux关掉，也可以自己添加规则

二，安装Elasticsearch

1，三台主机都要安装jdk环境，我这里有演示一台主机，且已经装好

[root@localhost src]# rpm -ivh jdk-8u131-linux-x64_.rpm 
准备中...                          ################################# [100%]
	软件包 jdk1.8.0_131-2000:1.8.0_131-fcs.x86_64 已经安装

2，下载Elasticsearch最新版本
下载软件或者是已经下载好了上传到服务器上，我是下载好了上传服务器

[root@localhost src]# ll elasticsearch-7.7.0-linux-x86_64.tar.gz 
-rw-r--r--. 1 root root 314430566 5月  19 21:33 elasticsearch-7.7.0-linux-x86_64.tar.gz

3，解压到指定目录并将其重命名

tar xf elasticsearch-6.4.2.tar.gz  -C /usr/local
[root@master-node local]# mv elasticsearch-6.4.2  elasticsearch

4，创建一个普通用户elk用来运行elasticsearch

[root@master-node /]#groupadd elk
[root@master-node /]#useradd -g elk elk -m
[root@master-node local]# chown -R elk.elk /usr/local/elasticsearch/
[root@master-node local]# ll /usr/local/elasticsearch/
total 436
drwxr-xr-x  3 elk elk   4096 Oct 11 22:21 bin
drwxr-xr-x  2 elk elk    148 Sep 26 21:38 config
drwxr-xr-x  3 elk elk   4096 Sep 26 21:38 lib
-rw-r--r--  1 elk elk  13675 Sep 26 21:30 LICENSE.txt
drwxr-xr-x  2 elk elk      6 Sep 26 21:38 logs
drwxr-xr-x 27 elk elk   4096 Sep 26 21:38 modules
-rw-r--r--  1 elk elk 401465 Sep 26 21:38 NOTICE.txt
drwxr-xr-x  2 elk elk      6 Sep 26 21:38 plugins
-rw-r--r--  1 elk elk   8511 Sep 26 21:30 README.textile

5，创建一个elasticsearch数据存储目录，并赋予elk用户拥有所属权限

[root@master-node ~]# mkdir -p /data/elasticsearch
[root@master-node ~]#chown -R elk.elk /data/elasticsearch

6，修改elasticsearch配置文件

[root@localhost src]# cd /usr/local/elasticsearch/config/
[root@localhost config]# cat elasticsearch.yml | grep ^[^#]
cluster.name: ELK-Cluster
node.name: node-1
path.data: /data/elasticsearch
path.logs: /usr/local/elasticsearch/logs
network.host: 192.168.116.129
http.port: 9200
cluster.initial_master_nodes: ["node-1"]

7，修改相关内核参数

此处vm.max_map_count= 视报错信息修改的大一点

[root@localhost config]# echo "vm.max_map_count=262144" >> /etc/sysctl.conf
[root@localhost config]# sysctl -p
[root@localhost config]#  vim /etc/security/limits.conf
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 65536

8，切换用户elk来运行elasticsearch

[root@master-node config]# su - elk
[elk@master-node ~]$ cd /usr/local/elasticsearch/
[elk@master-node elasticsearch]$ ./bin/elasticsearch -d

9，检查elasticsearch状态，如下则表示正常运行

[root@localhost config]# curl http://192.168.116.129:9200
{
  "name" : "node-1",
  "cluster_name" : "ELK-Cluster",
  "cluster_uuid" : "UWxJP8whTXuvr7Vdn1Hl0A",
  "version" : {
    "number" : "7.7.0",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "81a1e9eda8e6183f5237786246f6dced26a10eaf",
    "build_date" : "2020-05-12T02:01:37.602180Z",
    "build_snapshot" : false,
    "lucene_version" : "8.5.1",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

三，安装Logstash

注意：装在要收集日志的主机上

1，解压到/usr/local目录下,并重命名为logstash

[root@master-node ~]# tar xf logstash-6.4.2.tar.gz  -C /usr/local/
[root@master-node ~]# cd /usr/local/
[root@master-node local]# mv logstash-6.4.2 logstash

2，修改配置文件

[root@localhost ~]# cd /usr/local/logstash/config/
[root@localhost config]# cat apache.conf 
input {
    file {
        path => "/data/docker/httpd/logs/other_vhosts_access.log"
        type => "apache-log"
	start_position => "beginning"
    }
}

output {
    elasticsearch {
        hosts => "192.168.116.129:9200"
        index => "apache_log-%{+YYYY.MM.dd}"
    }
}

3，指定配置文件运行logstash

[root@localhost ~]# ./logstash -f /usr/local/logstash/config/apache.conf &
[root@localhost ~]# netstat -nlpt | grep 9600
tcp6       0      0 127.0.0.1:9600          :::*                    LISTEN      39739/java

四，安装kibana

1，解压到/usr/local并重命名为kibana

[root@master-node ~]# tar xf kibana-6.4.2-linux-x86_64.tar.gz  -C /usr/local
[root@master-node ~]# cd /usr/local/
[root@master-node local]# mv kibana-6.4.2-linux-x86_64 kibana

2，修改配置文件

[root@localhost ~]# cd /usr/local/kibana/config/
[root@localhost config]# cat kibana.yml | grep ^[^#]
server.port: 5601
server.host: "192.168.116.130"
elasticsearch.hosts: ["http://192.168.116.129:9200"]
logging.dest: /var/log/kibana.log

3，给/var/log/kibana.log文件加权限

[root@master-node config]#  touch /var/log/kibana.log
[root@master-node config]# chmod 777 /var/log/kibana.log

4，进入安装目录下/bin启动kibana

[root@master-node kibana]# cd bin/
[root@master-node bin]# ./kibana --allow-root &

启动时间有点长 等待一下