ELK 5.6.8 安装部署

操作系统版本：

?

1 2 3 4 5

LSB Version:    :core-4.1-amd64:core-4.1-noarch:cxx-4.1-amd64:cxx-4.1-noarch:desktop-4.1-amd64:desktop-4.1-noarch:languages-4.1-amd64:languages-4.1-noarch:printing-4.1-amd64:printing-4.1-noarch Distributor ID: CentOS Description:    CentOS Linux release 7.5.1804 (Core) Release:    7.5.1804 Codename:   Core

下载软件：

下载文件保存在/usr/local/src/5.6.8/

?

1 2 3 4 5 6 7 8 9

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.8.tar.gz wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.8.tar.gz wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.8-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.6.8-linux-x86_64.tar.gz wget https://github.com/medcl/elasticsearch-analysis-mmseg/releases/download/v5.5.2/elasticsearch-analysis-mmseg-5.5.2.zip 没有5.6.8版本 wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v5.6.8/elasticsearch-analysis-ik-5.6.8.zip wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-geoip/ingest-geoip-5.6.8.zip wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-user-agent/ingest-user-agent-5.6.8.zip wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/discovery-file/discovery-file-5.6.8.zip

增加elasticsearch用户

?

1 2	groupadd -g 3048 elasticsearch useradd -s /bin/bash -u 3048 -g elasticsearch elasticsearch

安装elasticsearch

?

1 2 3 4 5

tar -zxf elasticsearch-5.6.8.tar.gz cp -a elasticsearch-5.6.8 /usr/local ln -s /usr/local/elasticsearch-5.6.8 /usr/local/elasticsearch chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-5.6.8 chown -R elasticsearch:elasticsearch /usr/local/elasticsearch

安装插件：

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

# install mmseg unzip elasticsearch-analysis-mmseg-5.5.2.zip -d elasticsearch-analysis-mmseg-5.5.2 mkdir -p /usr/local/elasticsearch/plugins/elasticsearch-analysis-mmseg-5.6.8 cp -a elasticsearch-analysis-mmseg-5.5.2/elasticsearch/* /usr/local/elasticsearch/plugins/elasticsearch-analysis-mmseg-5.6.8/ chown -R elasticsearch:elasticsearch /usr/local/elasticsearch/plugins/elasticsearch-analysis-mmseg-5.6.8/ sed -i "s/elasticsearch\.version\=5\.5\.2/elasticsearch\.version\=5\.6\.8/g"  /usr/local/elasticsearch/plugins/elasticsearch-analysis-mmseg-5.6.8/plugin-descriptor.properties 手动修改为5.6.8   # install ik unzip elasticsearch-analysis-ik-5.6.8.zip -d elasticsearch-analysis-ik-5.6.8 mkdir -p /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik-5.6.8 cp -a elasticsearch-analysis-ik-5.6.8/elasticsearch/* /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik-5.6.8/ chown -R elasticsearch:elasticsearch /usr/local/elasticsearch/plugins/elasticsearch-analysis-ik-5.6.8/   # OR plugins install su elasticsearch && cd /usr/local/elasticsearch bin/elasticsearch-plugin install ingest-geoip bin/elasticsearch-plugin install ingest-user-agent bin/elasticsearch-plugin install discovery-file

系统配置

?

1 2 3 4 5 6 7 8 9 10

vim /etc/sysctl.conf vm.swappiness=1 vm.max_map_count=262144   vim /etc/security/limits.conf elasticsearch soft memlock unlimited elasticsearch hard memlock unlimited   # 执行命令生效sysctl.conf配置 sysctl -p

配置elasticsearch

?

1 2 3 4 5 6 7 8 9 10 11 12

vim /usr/local/elasticsearch/bin/elasticsearch # 修改查找jvm配置文件顺序，加入"$AUTO_ES_HOME"/config/jvm.options，让虚拟机参数优先使用实例自己的配置 if [ -z "$ES_JVM_OPTIONS" ]; then     for jvm_options in "$AUTO_ES_HOME"/config/jvm.options \                        "$ES_HOME"/config/jvm.options \                       /etc/elasticsearch/jvm.options; do         if [ -r "$jvm_options" ]; then             ES_JVM_OPTIONS=$jvm_options             break         fi     done fi

 配置elasticsearch 相关配置文件，脚本启动即可。