elk单机安装部署
es 下载地址:wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.1.0-linux-x86_64.tar.gz
kibana下载地址:wget https://artifacts.elastic.co/downloads/kibana/kibana-7.1.0-linux-x86_64.tar.gz
logstash下载地址: wget https://artifacts.elastic.co/downloads/logstash/logstash-7.1.0.tar.gz
解压
tar xf elasticsearch-7.1.0-linux-x86_64.tar.gz -C /data/
配置
[root@es ~]# vim /etc/security/limits.conf * soft nofile 65536 * hard nofile 65536 [root@es ~]# vim /etc/sysctl.conf vm.max_map_count=655360 [root@es ~]# vim /etc/security/limits.d/20-nproc.conf * soft nproc 4096 root soft nproc unlimited
添加环境变量
[root@es ~]# vim /etc/profile.d/es.sh PATH=/data/elasticsearch-7.1.0/bin/:$PATH
创建普通用户授权并启动
useradd es chown es:es /data -R sysctl -p su es elasticsearch -d 后台启动
查看es已安装的插件
[es@zk ~]$ elasticsearch-plugin list
es安装插件操作;国际分词插件
[es@zk ~]$ elasticsearch-plugin install analysis-icu -> Downloading analysis-icu from elastic [=================================================] 100% WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/data/elasticsearch-7.1.0/lib/tools/plugin-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun() WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release -> Installed analysis-icu [es@zk ~]$ elasticsearch-plugin list analysis-icu
kibana的解压
tar xf kibana-7.1.0-linux-x86_64.tar.gz -C /usr/local/ 解压 cd /usr/local/kibana-7.1.0-linux-x86_64/config/ [root@es config]# vim kibana.yml # Kibana is served by a back end server. This setting specifies the port to use. #server.port: 5601 # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. # The default is 'localhost', which usually means remote machines will not be able to connect. # To allow connections from remote users, set this parameter to a non-loopback address. server.host: "192.168.183.8"# 修改监听的地址默认locathost [root@es config]# vim /etc/profile.d/kibana.sh export PATH=/usr/local/kibana-7.1.0-linux-x86_64/bin/:$PATH #添加环境变量 [root@es config]# exec bash #使其在当前shll生效 [root@es config]# kibana # 前台启动
测试数据下载地址:https://grouplens.org/datasets/movielens/
logstash 的安装与导入数据
tar xf logstash-7.1.0.tar.gz -C /usr/local/
cp movies.csv /usr/local/logstash-7.1.0/bin/
cp logstash.conf /usr/local/logstash-7.1.0/config/
# cat logstash.conf
input {
file {
path => "/Users/yiruan/dev/elk7/logstash-7.0.1/bin/movies.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => ["id","content","genre"]
}
mutate {
split => { "genre" => "|" }
remove_field => ["path", "host","@timestamp","message"]
}
mutate {
split => ["content", "("]
add_field => { "title" => "%{[content][0]}"}
add_field => { "year" => "%{[content][1]}"}
}
# mutate {
# gsub => [
#
# "year", "\\)", ""
# ]
# }
mutate {
convert => {
"year" => "integer"
}
strip => ["title"]
remove_field => ["path", "host","@timestamp","message","content"]
}
}
output {
elasticsearch {
hosts => "http://localhost:9200"
index => "movies"
document_id => "%{id}"
}
stdout {}
}
[root@es ~]# vim /etc/profile.d/logstash.sh
export PATH=/usr/local/logstash-7.1.0/bin:$PATH 添加环境变量
[root@es ~]# exec bash
[root@es config]# ../bin/logstash -f logstash.conf 启动
浏览器查看节点 IP:9200/_cat/nodes
草都可以从石头缝隙中长出来更可况你呢
