ELK部署安装¶
官方文档地址:https://www.elastic.co/cn/what-is/elasticsearch
一个x-pack使用连接:https://www.azurew.com/elk/3750.html?tdsourcetag=s_pctim_aiomsg
关于¶
“ELK”是三个开 源项目的首字母缩写,这三个项目分别是:Elasticsearch、Logstash 和 Kibana。Elasticsearch 是一个搜索和分析引擎。Logstash 是服务器端数据处理管道,能够同时从多个来源采集数据,转换数据,然后将数据发送到诸如 Elasticsearch 等“存储库”中。Kibana 则可以让用户在 Elasticsearch 中使用图形和图表对数据进行可视化。
环境¶
虚拟机
操作系统:centos7.7
配置:
- CPU:4C
- MEM:8G
- DISK:40G
软件版本
elasticearch:7.7.1
logstasch:7.7.1
kibana:7.7.1
采集软件filebeat:7.7.1
安装¶
这里跳过了环境初始化的步骤,例如关闭防火墙、优化内核参数、升级软件包等等
注意这里需要1.8及以上版本的jdk环境,请提前安装
为了方便这里全部使用yum安装
配置yum源¶
vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
[logstash-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
导入PGP密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
安装¶
yum install elasticsearch-7.7.1 logstash-7.7.1 kibana-7.7.1 -y
如果安装较慢,可以将rpm包先下载下来然后安装
wegt https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.7.1-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.7.1.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.7.1-x86_64.rpm
yum localinstall -y elasticsearch-7.7.1-x86_64.rpm logstash-7.7.1.rpm kibana-7.7.1-x86_64.rpm
修改配置¶
修改elasticsearch配置¶
vim /etc/elasticsearch/elasticsearch.yml
cluster.name: myelk
node.name: elk
path.data: /data/elasticsearch
path.logs: /data/logs/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["elk"]
配置说明
cluster.name: myelk #集群名称
node.name: elk #节点名称,我这里是用的我的主机名
path.data: /data/elasticsearch #数据目录
path.logs: /data/logs/elasticsearch #日志目录
network.host: 0.0.0.0 #监听地址
http.port: 9200 #监听端口
discovery.seed_hosts: ["elk"] #启动节点默认节点,这里可以填写主机名称或者IP
cluster.initial_master_nodes: ["elk"] #初始化集群的节点,这里可以填写主机名称或者IP
修改logstash配置¶
vim /etc/logstash/logstash.yml
node.name: elk
path.data: /data/logstash
path.logs: /data/logs/logstash
vim /etc/logstash/conf.d/logstash.conf
input {
beats {
port => 5044
codec => plain {
charset => "UTF-8"
}
}
}
output {
elasticsearch {
hosts => "127.0.0.1:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
修改kinbana配置¶
vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.10.10.110"
elasticsearch.hosts: ["http://10.10.10.110:9200"]
创建相关目录¶
mkdir -p /data/{elasticsearch,logstash}
mkdir -p /data/logs/{elasticsearch,logstash}
chown -R elasticsearch.elasticsearch /data/elasticsearch
chown -R elasticsearch.elasticsearch /data/logs/elasticsearch
chown -R logstash.logstash /data/logstash
chown -R logstash.logstash /data/logs/logstash
启动相关程序¶
systemctl daemon-reload
systemctl start elasticsearch
systemctl start logstash
systemctl start kibana