CentOS7安装elk
一、安装Elasticsearch
1.1 安装Java
# 系统版本
cat /etc/redhat-release
CentOS Linux release 7.5. (Core) uname -r
3.10.-.el7.x86_64 yum -y install java
java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK -Bit Server VM (build 25.212-b04, mixed mode)
1.2 安装Elasticsearch
- 关闭防火墙
systemctl disable firewalld
- 关闭selinux
vim /etc/sysconfig/selinux
SELINUX= Enforcing # <== 修改为 disabled, 重启系统生效
- 官方文档
https://www.elastic.co/guide/en/elasticsearch/reference/6.5/rpm.html#install-rpm
下载并安装公共签名秘钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
从RPM存储库安装
在/etc/yum.repos.d/创建一个elasticsearch.repo文件,文件内容如下:
vim /etc/yum.repos.d/elasticsearch.repo [elasticsearch-.x]
name=Elasticsearch repository for .x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=
autorefresh=
type=rpm-md
yum安装ElasticSearch
yum install elasticsearch -y
- 启动Elasticsearch
systemctl daemon-reload
systemctl enable elasticsearch.service
- 启动/停止Elasticsearch
systemctl start elasticsearch.service
systemctl stop elasticsearch.service
- Elasticsearch服务运行状态
systemctl status elasticsearch.service
Elasticsearch日志存储在/var/log/elasticsearch/目录下
检查Elasticsearch是否正在运行
[root@localhost ~]# curl http://localhost:9200
{
"name" : "O2pObfg",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "uXvFw1fgR1iTduPf1d-MAw",
"version" : {
"number" : "6.7.1",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "2f32220",
"build_date" : "2019-04-02T15:59:27.961366Z",
"build_snapshot" : false,
"lucene_version" : "7.7.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
1.3 配置Elasticsearch
Elasticsearch默认使用/etc/elasticsearch运行时配置
默认Elasticsearch从文件/etc/elasticsearch/elastisearch.yml加载配置。
[root@localhost ~]# ll -lrht /etc/elasticsearch/
total 36K
-rw-rw----. root elasticsearch Apr : users_roles
-rw-rw----. root elasticsearch Apr : users
-rw-rw----. root elasticsearch Apr : roles.yml
-rw-rw----. root elasticsearch Apr : role_mapping.yml
-rw-rw----. root elasticsearch 13K Apr : log4j2.properties
-rw-rw----. root elasticsearch .6K Apr : jvm.options
-rw-rw----. root elasticsearch .9K Apr : elasticsearch.yml
-rw-rw----. root elasticsearch Apr : elasticsearch.keystore
配置Elasticsearch数据路径和日志目录:
官方文档:
https://www.elastic.co/guide/en/elasticsearch/reference/6.5/settings.html
https://www.elastic.co/guide/en/elasticsearch/reference/6.5/important-settings.html
# 创建Elasticsearch数据目录及日志目录
mkdir /opt/elasticsearch/{data,log}/ -pv
cd /opt/
chown -R elasticsearch:elasticsearch elasticsearch/ cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml_`date +%Y%m%d_bak` vim /etc/elasticsearch/elasticsearch.yml
# Elasticsearch 节点名称
node.name: node-
#数据
path.data: /opt/elasticsearch/data/
# 日志
path.logs: /opt/elasticsearch/log/ # 内存锁定,将进程地址空间锁定在RAM中,防止任何Elasticsearch内存被换出
bootstrap.memory_lock: true # 监听地址
network.host: 192.168.198.130
# 监听端口
http.port: # 查看修改了那些配置 grep '^[a-z]' /etc/elasticsearch/elasticsearch.yml
node.name: node-
path.data: /opt/elasticsearch/data/
path.logs: /opt/elasticsearch/log/
bootstrap.memory_lock: true
network.host: 192.168.198.130
http.port:
- 配置JVM
Jvm配置文件/etc/elasticsearch/jvm.options
-Xms2g
-Xmx2g
- 文件句柄配置
官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/6.5/setting-system-settings.html
ulimit -n
tail - /etc/security/limits.conf elasticsearch - nofile
- 系统配置
官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/6.5/setting-system-settings.html
vim /usr/lib/systemd/system/elasticsearch.service [Service] # <== 在此标签下添加
LimitMEMLOCK=infinity # 重新加载
systemctl daemon-reload
- 虚拟内存
官方文档:
https://www.elastic.co/guide/en/elasticsearch/reference/6.5/vm-max-map-count.html
临时配置:
sysctl -w vm.max_map_count=
永久配置:/etc/sysctl.conf
tail - /etc/sysctl.conf
vm.max_map_count=
sysctl -p
二、安装Logstash
- 官方文档
https://www.elastic.co/guide/en/logstash/6.5/installing-logstash.html
下载并安装公共签名和密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
在/etc/yum.repos.d/目录下新建logstash.repo文件,文件内容如下:
[logstash-.x]
name=Elastic repository for .x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=
autorefresh=
type=rpm-md
- yum安装logstash
yum -y install logstash
三、安装Kibana
- 官方文档
https://www.elastic.co/guide/en/kibana/6.5/rpm.html
下载并安装公共签名和密钥
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
在/etc/yum.repos.d/目录下,创建kibana.repo,文件内容如下:
[kibana-.x]
name=Kibana repository for .x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=
autorefresh=
type=rpm-md
- yum 安装kibana
yum install kibana
- 启动/停止kibana
systemctl daemon-reload
systemctl enable kibana.service
systemctl start kibana.service
systemctl stop kibana.service
- 配置kibana
Kibana配置文件在/etc/kibana/目录下的kibana.yml。默认kibana运行localhost:5601
[root@localhost ~]# grep '^[a-z]' /etc/kibana/kibana.yml
server.port:
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.198.130:9200"]
kibana.index: ".kibana"
四、安装Filebeat
- 官方文档
https://www.elastic.co/guide/en/beats/filebeat/5.5/setup-repositories.html
https://www.elastic.co/guide/en/beats/filebeat/6.5/configuring-output.html
- 下载并安装公共签名和密钥
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
在/etc/yum.repos.d/目录下创建filebeat.repo文件,文件内容如下:
[elastic-.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=
autorefresh=
type=rpm-md
yum安装filebeat
yum -y install filebeat
# filebeat记录读取文件位偏移 /var/lib/filebeat/registry
五、安装Redis
参考:https://www.cnblogs.com/hwlong/p/9330191.html
https://www.cnblogs.com/hwlong/p/6101019.html
wget http://download.redis.io/releases/redis-3.2.12.tar.gz
上传至 /usr/local
tar xzf redis-3.2..tar.gz
mv redis-3.2. redis
cd redis
make
src/redis-server &
六、Filebeat+Redis+Logstash+Elasticsearch+Kibana
6.1 配置Filebeat
filebeat.prospectors: - input_type: log
paths:
- /data/logs/localhost.localdomain.*.log
exclude_files: [".gz$"]
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
tags: ["localhost-localdomain"]
document_type: localhost-localdomain - input_type: log
paths:
- /data/logs/localhost.localdomain-error.*.log
exclude_files: [".gz$"]
multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'
multiline.negate: true
multiline.match: after
tags: ["localhost-localdomain-error"]
document_type: localhost-localdomain-error fields:
ipaddr: '192.168.198.131' # <== filebeat本机IP
fields_under_root: true output.redis:
hosts: ["192.168.198.130"] # <== redis地址
port:
key: "default_list"
keys:
- key: "%{[type]}" # <== 根据document_type类型写入不同的key中
mapping:
"localhost-localdomain": "localhost-localdomain"
"localhost-localdomain-error": "localhost-localdomain-error" db:
datatype: list
timeout: processors:
- drop_fields:
fields: ["offset","beat","source","input"]
- 启动filebeat
systemctl status filebeat
6.2 配置logstash.conf
input { redis {
host => "192.168.198.130"
port => ""
db => ""
data_type => "list"
key => "default_list"
type => "default_list"
} redis {
host => "192.168.198.130"
port => ""
db => ""
data_type => "list"
key => "localhost-localdomain"
type => "localhost-localdomain"
} redis {
host => "192.168.198.130"
port => ""
db => ""
data_type => "list"
key => "localhost-localdomain-error"
type => "localhost-localdomain-error"
} } filter { } output{
if [type] == "localhost-localdomain" { elasticsearch {
document_type => "localhost-localdomain"
hosts => ["192.168.198.130:9200"]
index => "localhost-localdomain.log"
}
} if [type] == "localhost-localdomain-error" { elasticsearch {
document_type => "localhost-localdomain-error"
hosts => ["192.168.198.130:9200"]
index => "localhost-localdomain-error.log"
}
} }
- 启动logstash
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis-logstash-es.conf &
CentOS7安装elk的更多相关文章
- 在 CentOS7 安装 ELK
ELK是一个成熟的日志系统,主要功能有收集.分析.检索,详细见 elastic官网. 本文主要介绍如何在CentOS7下安装最新版本的ELK,当然现在docker已经有完全配置成功的elk容器,安装配 ...
- 在 CentOS7 安装 ELK【转】
ELK是一个成熟的日志系统,主要功能有收集.分析.检索,详细见 elastic官网. 本文主要介绍如何在CentOS7下安装最新版本的ELK,当然现在docker已经有完全配置成功的elk容器,安装配 ...
- Centos7 安装ELK日志分析
1.安装前准备 借鉴:https://www.cnblogs.com/straycats/p/8053937.html 操作系统:Centos7 虚拟机 8G内存 jdk8+ 软件包下载:采用rp ...
- 【ELK】Centos7 安装 ELK 7.6.2 和 UI 管理界面以及测试例子
1. 初始化环境 1.0 初始化环境官网参考 https://www.elastic.co/guide/en/elasticsearch/reference/current/system-config ...
- Centos7中ELK集群安装流程
Centos7中ELK集群安装流程 说明:三个版本必须相同,这里安装5.1版. 一.安装Elasticsearch5.1 hostnamectl set-hostname elk vim /e ...
- CentOS 7.x安装ELK(Elasticsearch+Logstash+Kibana)
第一次听到ELK,是新浪的@ARGV 介绍内部使用ELK的情况和场景,当时触动很大,原来有那么方便的方式来收集日志和展现,有了这样的工具,你干完坏事,删除日志,就已经没啥作用了. 很多企业都表示出他们 ...
- centos7 搭建elk
CentOS 7.x安装ELK(Elasticsearch+Logstash+Kibana) 云计算 Aug 162015 第一次听到ELK,是新浪的@ARGV 介绍内部使用ELK的情况和场景,当时 ...
- centos7搭建ELK Cluster集群日志分析平台(四):Fliebeat-简单测试
续之前安装好的ELK集群 各主机:es-1 ~ es-3 :192.168.1.21/22/23 logstash: 192.168.1.24 kibana: 192.168.1.25 测试机:cli ...
- centos7搭建ELK Cluster集群日志分析平台(三):Kibana
续 centos7搭建ELK Cluster集群日志分析平台(一) 续 centos7搭建ELK Cluster集群日志分析平台(二) 已经安装好elasticsearch 5.4集群和logst ...
随机推荐
- MYSQL入门(三)
索引简介 索引是对数据库表中一个或多个列(例如,employee 表的姓名 (name) 列)的值进行排序的结构.如果想按特定职员的姓来查找他或她,则与在表中搜索所有的行相比,索引有助于更快地获取信息 ...
- O(1)快速乘注意事项
O(1)快速乘是经典玄学优化啦~由于刚挂了一次特此总结一番. ll mul(ll u,ll v){ return(u*v-ll((long double)u*v/p)*p+p)%p; } double ...
- 脚本放在 <body> 元素的底部
建议把脚本放在 <body> 元素的底部. 这会提高网页加载速度,因为 HTML 加载不受制于脚本加载.
- 第1章 JavaScript简介
概述:Javascript是一种依赖于网页浏览器的脚本语言.是一种脚本语言.由Netscape和Sun共同开发.与Java没有什么关系.作为一种语言标准,而被称为ECMACcript.一个JS的实现包 ...
- Http请求之--C#的HttpWebRequest实现POST方式请求
1.添加头信息和请求方法.有两种方式添加 req = (HttpWebRequest)WebRequest.Create("http://zhidao.baidu.c ...
- ecshop JSON,ajax.call 异步传输
1.res = Ajax.call('user.php?act=depot_id', 'id='+v,null,"GET", "JSON",false); 2. ...
- 深刻认识一下session
session是什么: session即会话,是一种持续性,双向的连接. session和cookie在本质上没什么区别,都是针对http协议的局限性提出的一种保持客户端和服务端会话状态的机制. se ...
- System.BadImageFormatException : 未能加载文件或程序集“Medici.PaymentRecover, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null”或它的某一个依赖项。试图加载格式不正确的程序。
System.BadImageFormatException : 未能加载文件或程序集“xxxxx.xxxxx, Version=1.0.0.0, Culture=neutral, PublicKey ...
- Ftp软件
http://www.xlightftpd.com/cn/index.htm FileZilla Server官网:http://www.filezilla-project.org/
- 二、oracle pctfree和pctused详解
一.建立表时候,注意PCTFREE参数的作用 PCTFREE:为一个块保留的空间百分比,表示数据块在什么情况下可以被insert,默认是10,表示当数据块的可用空间低于10%后,就不可以被insert ...