elk搭建

版本:7.3.2

环境:JDK11

下载安装包:https://www.elastic.co/cn/downloads/

安装:

一、elasticsearch

mkdir /opt/elk

cd  /opt/elk

拷贝压缩包到  .

tar zxvf  elasticsearch-7.3.2-linux-x86_64.tar.gz
mv elasticsearch-7.3.2-linux-x86_64.tar.gz  elasticsearch-1
cp -r elasticsearch-1/* elasticsearch-2
cp -r elasticsearch-1/* elasticsearch-3

修改 elasticsearch.yml

# es-7.3.2-node-1
cluster.name: my-els
node.name: node-1
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9301","127.0.0.1:9302"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true

# es-7.3.2-node-2
cluster.name: my-els
node.name: node-2
network.host: 0.0.0.0
http.port: 9201
transport.tcp.port: 9301
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9301","127.0.0.1:9302"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true

# es-7.3.2-node-3
cluster.name: my-els
node.name: node-3
network.host: 0.0.0.0
http.port: 9202
transport.tcp.port: 9302
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9301","127.0.0.1:9302"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true
新增用户启动es
useradd elk
chown -R elsearch:elsearch /opt/es/

vim /etc/sysctl.conf
vm.max_map_count=262144 #单个进程中的最大线程数

vim /etc/security/limits.conf
elk soft nofile 65536
elk hard nofile 65536
elk hard nproc 4096
elk soft nproc 4096

cd /opt/elk

./elasticsearch-1/bin/elasticsearch -d

./elasticsearch-2/bin/elasticsearch -d
./elasticsearch-3/bin/elasticsearch -d




二、logstash




tar zxvf  logstash-7.3.2.tar.gz

cd logstash-7.3.2/config
vim logstash.conf




logstash.conf 配置




input {
  tcp {
      mode => "server"
      host => "localhost"
    port => 4560
  }
}

output {
  elasticsearch {
    hosts => ["http://elsearch所在服务器地址:9200"] index => "自定义项目名称-%{+YYYY.MM.dd}" } }




启动logstash




nohup ./bin/logstash -f config/logstash.conf &




注意按照 conf 中的配置,此时需要有一个logstash客户端的项目在该服务器。(建议使用时,logstash安装在和业务项目相同的服务器上)


至此日志已经进到elsearch了。可以通过 elsearch-head 看到


 


三、kibana


tar zxvf  kibana-7.3.2-linux-x86_64.tar.gz


修改 kibana.yml




server.port: 5601
server.host: "0.0.0.0"
server.name: "your-hostname"
elasticsearch.hosts: ["http://localhost:9200","http://localhost:9201","http://localhost:9202"]
i18n.locale: "zh-CN"




启动 




nohup ./kibana --allow-root &




访问kibana所在服务器5601-》进入kibana-》管理-》索引模式-》创建索引模式(按提示创建)-》discovery-》查到数据


 






		

		
posted @ 
2021-11-04 18:07 
cuiqq 
阅读(42) 
评论(0编辑 
收藏 
举报