elk7.93安装与设置

                                                           ElasticSearch

 

下载:curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.3-linux-x86_64.tar.gz

tar -zxvf elasticsearch-7.9.3-linux-x86_64.tar.gz

cd elasticsearch-7.9.3

//配置修改

config/elasticsearch.yml

//尾部添加

node.name: node-1 #配置当前es节点名称(默认是被注释的,并且默认有一个节点名)
cluster.name: entity #默认是被注释的,并且默认有一个集群名
path.data: /elk/elasticsearch-7.9.3/data # 数据目录位置
path.logs: /elk/elasticsearch-7.9.3/logs # 日志目录位置
network.host: 0.0.0.0   #绑定的ip:默认只允许本机访问,修改为0.0.0.0后则可以远程访问
cluster.initial_master_nodes: "node-1"
xpack.security.enabled: true
## 加密方式
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

 

注意

在Linux机器上,运行elasticsearch需要一个新的用户组

chgrp -R xxx ./es

chown -R xxx ./es

chmod 777 es

xxx是用户linux的用户的名称。es默认不支持root账号进行启动

 

如果想用root账号添加解决方案:

Des.insecure.allow.root=true
修改 /bin/elasticsearch,添加ES_JAVA_OPTS="-Des.insecure.allow.root=true"
或执行时添加:sh /bin/elasticsearch -d -Des.insecure.allow.root=true

 

修改/etc/security/limits.conf文件 增加配置

vi /etc/security/limits.conf
在文件最后,增加如下配置:

* soft nofile 65536

* hard nofile 65536

在/etc/sysctl.conf文件最后添加一行 vm.max_map_count=655360 添加完毕之后,执行命令: sysctl -p

 

su xxx

./bin/elasticsearch -d

 

                

                Logstash

curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-7.9.3.tar.gz

tar -zxvf logstash-7.9.3.tar.gz

   修改config/logstash.yml

http.host: "0.0.0.0"

修改config/logstash-sample.conf

input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4560
    codec => json_lines
  
  }
}

output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    index => "logs-%{+YYYY.MM.dd}"
    user => "账号"
    password => "密码"
  }
}

启动: ./bin/logstash -f logstash.conf &

或  nohup ./bin/logstash -f config/logstash.conf &

              

 

                    Kibana

curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.9.3-linux-x86_64.tar.gz

tar -zxvf kibana-7.9.3-linux-x86_64.tar.gz

修改配置

http.host: "0.0.0.0"

 i18n.locale: "zh-CN"

 elasticsearch.hosts: ["http://127.0.0.1:9200"]

elasticsearch.username: "账号"
elasticsearch.password: "密码"

启动:./bin/kibana &


        

            SpringBoot+Logstash

<dependency>
    <groupId>net.logstash.logback</groupId>
    <artifactId>logstash-logback-encoder</artifactId>
    <version>7.1.1</version>
</dependency>

 

<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
    <!-- 和logstash 的input 配置的端口保持一致 -->
    <destination>127.0.0.1:4560</destination>


    <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder">
        <timeZone>UTC</timeZone>
    </encoder>
    
</appender>

<root level="INFO">
    <appender-ref ref="LOGSTASH" />
</root>

 

 





posted on 2022-04-28 17:39  南山以南丶  阅读(108)  评论(0编辑  收藏  举报

导航