安装ELK

1. 安装Elasticsearch

a. 下载 ： 

　　　　https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.1.1/elasticsearch-2.1.1.tar.gz 到 /opt/

b. 解压：

　　　　cd /opt/

　　　　tar xzf elasticsearch-2.1.1.tar.gz

c. 启动：

　　　　/opt/elasticsearch-2.1.1/bin/elasticsearch -d  #-d表示后台执行， 启动此elasticsearch需要非root用户。 这里使用aa用户，可能会出现权限错误， 解决办法： chown -R aa /opt/elasticsearch-2.1.1

注意事项：

• Don’t run Elasticsearch open to the public.
• Don’t run Elasticsearch as root.
• Disable dynamic scripting (disabled by default since 1.2.X).

 

2. 安装 Logstash

YUM

Download and install the public signing key:

rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

Add the following in your /etc/yum.repos.d/ directory in a file with a .repo suffix, for examplelogstash.repo

[logstash-2.1]
name=Logstash repository for 2.1.x packages
baseurl=http://packages.elastic.co/logstash/2.1/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

And your repository is ready for use. You can install it with:

yum install logstash

//详细安装ELK
https://www.elastic.co/guide/en/beats/libbeat/current/getting-started.html