efk安装

efk 安装

elasticsearch 安装
三台elasticsearch
10.16.1.243
10.16.1.244
10.16.1.245
cat /etc/security/limits.conf | grep -v '#' | grep -v "^$"
* hard nofile 102400
* soft nofile 102400
mkdir -p /opt/software && cd /opt/software
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.3.2-linux-x86_64.tar.gz
tar -zxvf elasticsearch-7.3.2-linux-x86_64.tar.gz
mv elasticsearch-7.3.2 /opt/elasticsearch
useradd elasticsearch -d /opt/elasticsearch -s /sbin/nologin
mkdir -p /opt/logs/elasticsearch
chown elasticsearch.elasticsearch /opt -R
echo "vm.max_map_count = 655350" >> /etc/sysctl.conf
sysctl -p
cat /opt/elasticsearch/config/elasticsearch.yml | grep -v '#' | grep -v '^$'
cluster.name: my-application
node.name: 10.16.1.243
path.logs: /opt/logs/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["10.16.1.243", "10.16.1.244","10.16.1.245"]
gateway.recover_after_nodes: 2
cluster.initial_master_nodes: ["10.16.1.243", "10.16.1.244","10.16.1.245"]

sudo -u elasticsearch /opt/elasticsearch/bin/elasticsearch -d &

kibana 安装
kibana 节点为 10.16.1.241
mkdir -p /opt/software && cd /opt/software
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.3.2-linux-x86_64.tar.gz
tar -zxvf kibana-7.3.2-linux-x86_64.tar.gz
mv kibana-7.3.2-linux-x86_64 /opt/kibana
useradd kibana -d /opt/kibana -s /sbin/nologin
chown kibana.kibana /opt/kibana -R
cat /opt/kibana/config/kibana.yml | grep -v '#' | grep -v '^$'
server.port: 5601
server.host: "0.0.0.0"
server.name: "10.16.1.241"
elasticsearch.hosts: ["http://10.16.1.245:9200",
"http://10.16.1.244:9200",
"http://10.16.1.243:9200"]
kibana.index: ".kibana"
elasticsearch.requestTimeout: 10000000
i18n.locale: "zh-CN"
/opt/kibana/bin/kibana -c /opt/kibana/config/kibana.yml --allow-root &

安装 filebeat
mkdir -p /opt/software && cd /opt/software
cd /opt/software
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.2-linux-x86_64.tar.gz
mkdir -p /opt/logs/filebeat/
tar -zxvf filebeat-7.3.2-linux-x86_64.tar.gz
mv filebeat-7.3.2-linux-x86_64 /opt/filebeat
[root@dev-app1 filebeat]# cat filebeat.yml | grep -v '#' | grep -v '^$'
filebeat.inputs:
- type: log
enabled: true
paths:
- /opt/logs/siheng_supplier-portal-service/*.log
tags: ["siheng_supplier-portal-service"]
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "10.16.1.242:5601"
output.elasticsearch:
hosts: ["10.16.1.245:9200",
"10.16.1.244:9200",
"10.16.1.243:9200"]
indices:
- index: "siheng_supplier-portal-service-%{[agent.version]}-%{+yyyy.MM}"
when.contains:
tags: "catalina"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
/opt/filebeat/filebeat -e -c /opt/filebeat/filebeat.yml -d "publish" &