一、安装Elasticsearch

1.1 安装Java

# 系统版本

 cat /etc/redhat-release

CentOS Linux release 7.5. (Core) 

  uname -r

3.10.-.el7.x86_64

  yum -y install java

  java -version

openjdk version "1.8.0_212"

OpenJDK Runtime Environment (build 1.8.0_212-b04)

OpenJDK -Bit Server VM (build 25.212-b04, mixed mode)

1.2 安装Elasticsearch

  • 关闭防火墙
systemctl disable firewalld
  • 关闭selinux
vim /etc/sysconfig/selinux

SELINUX= Enforcing # <== 修改为 disabled, 重启系统生效
  • 官方文档
https://www.elastic.co/guide/en/elasticsearch/reference/6.5/rpm.html#install-rpm

  • 下载并安装公共签名秘钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • 从RPM存储库安装

在/etc/yum.repos.d/创建一个elasticsearch.repo文件,文件内容如下:

vim /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-.x]

name=Elasticsearch repository for .x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md

  • yum安装ElasticSearch

yum install elasticsearch -y
  • 启动Elasticsearch
systemctl daemon-reload

systemctl enable elasticsearch.service
  • 启动/停止Elasticsearch
systemctl start elasticsearch.service

systemctl stop elasticsearch.service
  • Elasticsearch服务运行状态
systemctl status elasticsearch.service

Elasticsearch日志存储在/var/log/elasticsearch/目录下

  • 检查Elasticsearch是否正在运行

[root@localhost ~]# curl http://localhost:9200

{

  "name" : "O2pObfg",

  "cluster_name" : "elasticsearch",

  "cluster_uuid" : "uXvFw1fgR1iTduPf1d-MAw",

  "version" : {

    "number" : "6.7.1",

    "build_flavor" : "default",

    "build_type" : "rpm",

    "build_hash" : "2f32220",

    "build_date" : "2019-04-02T15:59:27.961366Z",

    "build_snapshot" : false,

    "lucene_version" : "7.7.0",

    "minimum_wire_compatibility_version" : "5.6.0",

    "minimum_index_compatibility_version" : "5.0.0"

  },

  "tagline" : "You Know, for Search"

}

1.3 配置Elasticsearch

Elasticsearch默认使用/etc/elasticsearch运行时配置

默认Elasticsearch从文件/etc/elasticsearch/elastisearch.yml加载配置。

[root@localhost ~]# ll -lrht /etc/elasticsearch/

total 36K

-rw-rw----.  root elasticsearch     Apr   : users_roles

-rw-rw----.  root elasticsearch     Apr   : users

-rw-rw----.  root elasticsearch   Apr   : roles.yml

-rw-rw----.  root elasticsearch   Apr   : role_mapping.yml

-rw-rw----.  root elasticsearch  13K Apr   : log4j2.properties

-rw-rw----.  root elasticsearch .6K Apr   : jvm.options

-rw-rw----.  root elasticsearch .9K Apr   : elasticsearch.yml

-rw-rw----.  root elasticsearch   Apr  : elasticsearch.keystore

  • 配置Elasticsearch数据路径和日志目录:

官方文档:

https://www.elastic.co/guide/en/elasticsearch/reference/6.5/settings.html

https://www.elastic.co/guide/en/elasticsearch/reference/6.5/important-settings.html

# 创建Elasticsearch数据目录及日志目录

mkdir /opt/elasticsearch/{data,log}/ -pv

cd /opt/

chown -R elasticsearch:elasticsearch elasticsearch/

cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml_`date +%Y%m%d_bak`

vim /etc/elasticsearch/elasticsearch.yml

# Elasticsearch 节点名称

node.name: node-

#数据

path.data: /opt/elasticsearch/data/

# 日志

path.logs: /opt/elasticsearch/log/

# 内存锁定,将进程地址空间锁定在RAM中,防止任何Elasticsearch内存被换出

bootstrap.memory_lock: true

# 监听地址

network.host: 192.168.198.130

# 监听端口

http.port: 

# 查看修改了那些配置 grep '^[a-z]' /etc/elasticsearch/elasticsearch.yml

node.name: node-

path.data: /opt/elasticsearch/data/

path.logs: /opt/elasticsearch/log/

bootstrap.memory_lock: true

network.host: 192.168.198.130

http.port:
  • 配置JVM

Jvm配置文件/etc/elasticsearch/jvm.options

-Xms2g

-Xmx2g
  • 文件句柄配置

官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/6.5/setting-system-settings.html

ulimit -n

tail - /etc/security/limits.conf 

elasticsearch  -  nofile
  • 系统配置

官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/6.5/setting-system-settings.html

vim /usr/lib/systemd/system/elasticsearch.service

[Service]        # <== 在此标签下添加

LimitMEMLOCK=infinity

# 重新加载

systemctl daemon-reload
  • 虚拟内存

官方文档:

https://www.elastic.co/guide/en/elasticsearch/reference/6.5/vm-max-map-count.html

临时配置:

sysctl -w vm.max_map_count=

永久配置:/etc/sysctl.conf

tail - /etc/sysctl.conf

vm.max_map_count=

sysctl -p

二、安装Logstash

  • 官方文档

https://www.elastic.co/guide/en/logstash/6.5/installing-logstash.html

  • 下载并安装公共签名和密钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • 在/etc/yum.repos.d/目录下新建logstash.repo文件,文件内容如下:

[logstash-.x]

name=Elastic repository for .x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md
  • yum安装logstash
yum -y install logstash

三、安装Kibana

  • 官方文档

https://www.elastic.co/guide/en/kibana/6.5/rpm.html

  • 下载并安装公共签名和密钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • 在/etc/yum.repos.d/目录下,创建kibana.repo,文件内容如下:

[kibana-.x]

name=Kibana repository for .x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md
  • yum 安装kibana
yum install kibana
  • 启动/停止kibana
systemctl daemon-reload

systemctl enable kibana.service

systemctl start kibana.service

systemctl stop kibana.service
  • 配置kibana

Kibana配置文件在/etc/kibana/目录下的kibana.yml。默认kibana运行localhost:5601

[root@localhost ~]# grep '^[a-z]' /etc/kibana/kibana.yml

server.port:

server.host: "0.0.0.0"

elasticsearch.hosts: ["http://192.168.198.130:9200"]

kibana.index: ".kibana"

四、安装Filebeat

  • 官方文档

https://www.elastic.co/guide/en/beats/filebeat/5.5/setup-repositories.html

https://www.elastic.co/guide/en/beats/filebeat/6.5/configuring-output.html

  • 下载并安装公共签名和密钥
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

  • 在/etc/yum.repos.d/目录下创建filebeat.repo文件,文件内容如下:

[elastic-.x]

name=Elastic repository for 5.x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md

  • yum安装filebeat

yum -y install filebeat

#  filebeat记录读取文件位偏移 /var/lib/filebeat/registry

五、安装Redis

参考:https://www.cnblogs.com/hwlong/p/9330191.html

https://www.cnblogs.com/hwlong/p/6101019.html

wget http://download.redis.io/releases/redis-3.2.12.tar.gz

上传至 /usr/local

tar xzf redis-3.2..tar.gz

mv redis-3.2. redis

cd redis

make

src/redis-server &

六、Filebeat+Redis+Logstash+Elasticsearch+Kibana

6.1 配置Filebeat

filebeat.prospectors:

- input_type: log

  paths:

    - /data/logs/localhost.localdomain.*.log

  exclude_files: [".gz$"]

  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'

  multiline.negate: true

  multiline.match: after

  tags: ["localhost-localdomain"]

  document_type: localhost-localdomain

- input_type: log

  paths:

    - /data/logs/localhost.localdomain-error.*.log

  exclude_files: [".gz$"]

  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'

  multiline.negate: true

  multiline.match: after

  tags: ["localhost-localdomain-error"]

  document_type: localhost-localdomain-error

fields:

  ipaddr: '192.168.198.131'   # <== filebeat本机IP

fields_under_root: true

output.redis:

  hosts: ["192.168.198.130"]        # <== redis地址

  port:

  key: "default_list"

  keys:

    - key: "%{[type]}"                # <== 根据document_type类型写入不同的key中

      mapping:

      "localhost-localdomain": "localhost-localdomain"

      "localhost-localdomain-error": "localhost-localdomain-error"

  db:

  datatype: list

  timeout: 

processors:

  - drop_fields:

       fields: ["offset","beat","source","input"]
  • 启动filebeat
systemctl status filebeat

6.2 配置logstash.conf

input {

  redis {

     host => "192.168.198.130"

     port => ""

     db => ""

     data_type => "list"

     key => "default_list"

     type => "default_list"

  }

  redis {

     host => "192.168.198.130"

     port => ""

     db => ""

     data_type => "list"

     key => "localhost-localdomain"

     type => "localhost-localdomain"

  }

  redis {

     host => "192.168.198.130"

     port => ""

     db => ""

     data_type => "list"

     key => "localhost-localdomain-error"

     type => "localhost-localdomain-error"

  }

}

filter {

}

output{

   if [type] == "localhost-localdomain" {

       elasticsearch {

           document_type => "localhost-localdomain"

           hosts => ["192.168.198.130:9200"]

           index => "localhost-localdomain.log"

       }

   }

   if [type] == "localhost-localdomain-error" {

       elasticsearch {

           document_type => "localhost-localdomain-error"

           hosts => ["192.168.198.130:9200"]

           index => "localhost-localdomain-error.log"

       }

   }

}
  • 启动logstash
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis-logstash-es.conf  &

CentOS7安装elk的更多相关文章

  1. 在 CentOS7 安装 ELK

    ELK是一个成熟的日志系统,主要功能有收集.分析.检索,详细见 elastic官网. 本文主要介绍如何在CentOS7下安装最新版本的ELK,当然现在docker已经有完全配置成功的elk容器,安装配 ...

  2. 在 CentOS7 安装 ELK【转】

    ELK是一个成熟的日志系统,主要功能有收集.分析.检索,详细见 elastic官网. 本文主要介绍如何在CentOS7下安装最新版本的ELK,当然现在docker已经有完全配置成功的elk容器,安装配 ...

  3. Centos7 安装ELK日志分析

    1.安装前准备 借鉴:https://www.cnblogs.com/straycats/p/8053937.html 操作系统:Centos7 虚拟机  8G内存  jdk8+ 软件包下载:采用rp ...

  4. 【ELK】Centos7 安装 ELK 7.6.2 和 UI 管理界面以及测试例子

    1. 初始化环境 1.0 初始化环境官网参考 https://www.elastic.co/guide/en/elasticsearch/reference/current/system-config ...

  5. Centos7中ELK集群安装流程

    Centos7中ELK集群安装流程   说明:三个版本必须相同,这里安装5.1版. 一.安装Elasticsearch5.1   hostnamectl set-hostname elk vim /e ...

  6. CentOS 7.x安装ELK(Elasticsearch+Logstash+Kibana)

    第一次听到ELK,是新浪的@ARGV 介绍内部使用ELK的情况和场景,当时触动很大,原来有那么方便的方式来收集日志和展现,有了这样的工具,你干完坏事,删除日志,就已经没啥作用了. 很多企业都表示出他们 ...

  7. centos7 搭建elk

    CentOS 7.x安装ELK(Elasticsearch+Logstash+Kibana)  云计算 Aug 162015 第一次听到ELK,是新浪的@ARGV 介绍内部使用ELK的情况和场景,当时 ...

  8. centos7搭建ELK Cluster集群日志分析平台(四):Fliebeat-简单测试

    续之前安装好的ELK集群 各主机:es-1 ~ es-3 :192.168.1.21/22/23 logstash: 192.168.1.24 kibana: 192.168.1.25 测试机:cli ...

  9. centos7搭建ELK Cluster集群日志分析平台(三):Kibana

    续  centos7搭建ELK Cluster集群日志分析平台(一) 续  centos7搭建ELK Cluster集群日志分析平台(二) 已经安装好elasticsearch 5.4集群和logst ...

随机推荐

  1. MVC页面重定向'页面跳转

    MVC页面重定向,主要有以下几种形式: 1.Response.Redirect();方法 using System; using System.Collections.Generic; using S ...

  2. angularjs中$watch监听model(对象属性、对象)变化

    昨天看了一下教学视频,学到了有关$watch的用法,想到最近做的一个页面中有个select下拉选项(select中的值变化了,则后面input中的值也跟着相应的变化),不知是否可以使用$watch来代 ...

  3. PHP无限分类分类导航LINK的代码

    <?php function getCatePath($cid,&$result=array()){ include("conn.php"); $sql=" ...

  4. lua 元表

    Set = {} Set.mt = {} function Set.new(t) local set = {} setmetatable(set, Set.mt) for _, l in ipairs ...

  5. Python学习之模块进程函数详解

    今天在看<Beginning Linux Programming>中的进程相关部分,讲到Linux几个进程相关的系统函数: system , exec , fork ,wait . Pyt ...

  6. AspectJ基础学习之三HelloWorld(转载)

    AspectJ基础学习之三HelloWorld(转载) 一.创建项目 我们将project命名为:aspectjDemo.然后我们新建2个package:com.aspectj.demo.aspect ...

  7. Winsock 入门 判读主机字节序 示例

    #include <stdio.h> union endian_u { /*最大成员的长度就是联合成员的长度.联合可以在定义时直接进行初始化,但这个初始化必须是联合第一个成员的类型,所以把 ...

  8. QT 初阶 1.3 节 控件的几何排列

    #include "mainwindow.h" #include <QApplication> #include <QHBoxLayout> #includ ...

  9. RGB to HSI, HSI to RGB Conversion Calculator

    The RGB color model is an additive system in which each color is defined by the amount of red, green ...

  10. Why is applicationhost.config still being added to source control even thought it's in gitignore

      Why is applicationhost.config still being added to source control even thought it's in gitignore g ...