elk安装
Posted 608ced2e7933f
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了elk安装相关的知识,希望对你有一定的参考价值。
es安装
关闭防火墙,禁用selinux
elk01
[root@elk01 ~]# vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
[root@elk01 ~]# vim /etc/sysctl.conf
vm.max_map_count=262144
fs.file-max=65536
fs.file-max:该文件指定了可以分配的文件句柄的最大数目, 为512 乘以 processes (如128个process则为 65536);
vm.max_map_count:限制一个进程可以拥有的VMA(虚拟内存区域)的数量。 //这个值最好设置大一点,不然ES会启动失败。
添加线程 不然启动报错 如下:
ERROR: [1] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
安装软件
elasticsearch-7.9.3-linux-x86_64.tar.gz
[root@elk01 ~]# tar -zxvf elasticsearch-7.9.3-linux-x86_64.tar.gz
[root@elk01 ~]# mv elasticsearch-7.9.3 /usr/local/elasticsearch
修改配置文件
[root@elk01 elasticsearch]# vim config/elasticsearch.yml
cluster.name: elk
node.name: elk01
node.master: true #允许成为主节点
node.data: true #数据节点
path.data: /usr/local/elasticsearch/data/
path.logs: /usr/local/elastichttp.port: 9200search/logs
bootstrap.memory_lock: false #关闭锁定内存,设置为true会报错
network.host: 192.168.226.141 ##监听ip
http.port: 9200
discovery.seed_hosts: ["192.168.226.142","192.168.226.143"] #一定要设置为另外两个节点的IP
cluster.initial_master_nodes: ["elk01","elk03","elk02"]
http.cors.enabled: true # 是否支持跨域,默认为false
http.cors.allow-origin: "*"
#当设置允许跨域,默认为*,表示支持所有域名,如果我们只是允许某些网站能访问,那么可以使用正则表达式。比如只允许本地地址。 /https?:\\/\\/localhost(:[0-9]+)?/
启动
[root@elk01 ~]# cd /usr/local/elasticsearch/
[root@elk01 elasticsearch]# bin/elasticsearch
浏览器打开可以正常预览9200端口
"name" : "elk01",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "UwHi0BPUTKWmdCeb1i_Fhg",
"version" :
"number" : "7.9.3",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "c4138e51121ef06a6404866cddc601906fe5c868",
"build_date" : "2020-10-16T10:36:16.141335Z",
"build_snapshot" : false,
"lucene_version" : "8.6.2",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
,
"tagline" : "You Know, for Search"
安装node.js
因为head插件是用node.js开发的,所以需要此环境
[root@elk01 ~]# ls
node-v10.15.3-linux-x64.tar.xz
[root@elk01 ~]# xz -d node-v10.15.3-linux-x64.tar.xz
[root@elk01 ~]# ls
node-v10.15.3-linux-x64.tar
[root@elk01 ~]# tar -vf node-v10.15.3-linux-x64.tar
[root@elk01 ~]# mv node-v10.15.3-linux-x64 /usr/local/node
添加node环境变量
[root@elk01 node]# vim /etc/profile
export NODE_HOME=/usr/local/node
export PATH=$NODE_HOME/bin:$PATH
export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH
[root@elk01 node]# source /etc/profile
[root@elk01 node]# node -v
v10.15.3
安装head插件
[root@elk01 ~]# wget https://github.com/mobz/elasticsearch-head/archive/master.zip
[root@elk01 ~]# ls
elasticsearch-head-master.zip
[root@elk01 ~]# unzip elasticsearch-head-master.zip
[root@elk01 ~]# mv elasticsearch-head-master /usr/local/elasticsearch-head
[root@elk01 ~]# cd /usr/local/elasticsearch-head/
[root@elk01 elasticsearch-head]# npm install -g cnpm --registry=https://registry.npm.taobao.org
[root@elk01 elasticsearch-head]# cnpm install -g grunt-cli
[root@elk01 elasticsearch-head]# cnpm install -g grunt
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-clean
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-concat
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-watch
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-connect
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-copy
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-jasmine
[root@elk01 elasticsearch-head]# vim Gruntfile.js
connect:
server:
options:
hostname: 0.0.0.0, #新增这行
port: 9100,
base: .,
keepalive: true
为了后续方便,给head做个启动脚本
[root@elk01 elasticsearch-head]# vim /usr/bin/elasticsearch-head
#!/bin/bash
#description: elasticsearch-head service manager
data="cd /usr/local/elasticsearch-head/ ; nohup npm run start >/dev/null 2>&1 & "
START()
eval $data
STOP()
ps -ef | grep grunt | grep -v "grep" | awk print $2 | xargs kill -s 9 >/dev/null
case "$1" in
start)
START
;;
stop)
STOP
;;
restart)
STOP
sleep 2
START
;;
*)
echo "Usage: elasticsearch-head (|start|stop|restart)"
;;
esac
验证
安装kibana
[root@elk01 ~]# ls
kibana-7.9.3-linux-x86_64.tar.gz
[root@elk01 ~]# tar -zxvf kibana-7.9.3-linux-x86_64.tar.gz
[root@elk01 ~]# mv kibana-7.9.3-linux-x86_64 /usr/local/kibana
[root@elk01 ~]# cd /usr/local/kibana/
[root@elk01 kibana]# ls
bin built_assets config data LICENSE.txt node node_modules NOTICE.txt optimize package.json plugins README.txt src webpackShims x-pack
[root@elk01 kibana]# vim config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.226.141:9200", "http://192.168.226.142:9200", "http://192.168.226.143:9200"]
kibana.index: ".kibana"
logging.dest: /usr/local/kibana/logs/kibana.log
i18n.locale: "en"
[root@elk01 kibana]# mkdir logs
[root@elk01 kibana]# touch logs/kibana.log
[root@elk01 kibana]# chown -R elk:elk /usr/local/kibana/
[root@elk01 kibana]# su elk
[elk@elk01 kibana]$ bin/kibana
页面打开
logstash
[root@elk01 ~]# ls
logstash-7.9.3.tar.gz
[root@elk01 ~]# tar -zxvf logstash-7.9.3.tar.gz
[root@elk01 ~]# mv logstash-7.9.3 /usr/local/logstash
[root@elk01 ~]# cd /usr/local/logstash/
[root@elk01 logstash]# ls
bin CONTRIBUTORS Gemfile lib logstash-core modules tools x-pack
config data Gemfile.lock LICENSE.txt logstash-core-plugin-api NOTICE.TXT vendor
[root@elk01 logstash]# vim config/logstash.yml
http.host: 192.168.226.14
http.port: 9600
[root@elk01 logstash]# yum install -y nginx
log_format main2 $http_host $remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer"
"$http_user_agent" "$upstream_addr" $request_time;
access_log /var/log/nginx/access.log main;
[root@elk01 logstash]# vim /etc/nginx/conf.d/elk.conf
server
listen 80;
server_name elk.test.com;
location /
proxy_pass http://192.168.226.141:5601;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log /var/log/nginx/elk_access.log main2;
[root@elk01 logstash]# mkdir conf
[root@elk01 logstash]# vim conf/nginx_access.conf
input
file
path => "/var/log/nginx/elk_access.log" #设置为nginx访问日志的路径
start_position => "beginning"
type => "nginx"
filter
grok
match => "message" => "%IPORHOST:http_host %IPORHOST:clientip - %USERNAME:remote_user \\[%HTTPDATE:timestamp\\] \\"(?:%WORD:http_verb %NOTSPACE:http_request(?: HTTP/%NUMBER:http_version)?|%DATA:raw_http_request)\\" %NUMBER:response (?:%NUMBER:bytes_read|-) %QS:referrer %QS:agent %QS:xforwardedfor %NUMBER:request_time:float"
geoip
source => "clientip"
output
stdout codec => rubydebug
elasticsearch
hosts => ["192.168.226.141:9200"] #也可以为集群内其它机器的地址
index => "nginx-test-%+YYYY.MM.dd"
[root@elk01 logstash]# systemctl start nginx
以上是关于elk安装的主要内容,如果未能解决你的问题,请参考以下文章