centos7搭建EFK

Posted sonyy

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos7搭建EFK相关的知识,希望对你有一定的参考价值。

环境:

    system: CentOS Linux release 7.7.1908

    elasticsearch: elasticsearch-7.5.1-1.x86_64

    kibana: kibana-7.5.1-1.x86_64

    filebeat: filebeat-7.5.1-1.x86_64

 

1. 配置EFK的yum环境

    

   rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

  

 

 

创建一个yum源文件

    vim efk.repo:

[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md


[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

  



 




2. 安装EFK




1     yum install --enablerepo=elasticsearch elasticsearch
2     yum install kibana
3     yum install filebeat




 




 




 


 


3. 配置EFK


 


    a. 配置elasticsearch


        vim /etc/elasticsearch/elasticsearch.yml




  




    node.name: node-1
    cluster.initial_master_nodes: ["node-1"]
    http.port: 9200
    network.host: 0.0.0.0




 


 




    b. 配置kibana


        vim /etc/kibana/kibana.yml




  




    server.port: 5601
    server.host: "0.0.0.0"
    elasticsearch.hosts: [" #ip改成部署了elasticsearch服务的机器ip
    kibana.index: ".kibana"




 


 




    c. 配置filebeat


        vim /etc/filebeat/filebeat.yml




  




    setup.kibana:
       host: "  # ip改成部署了kibana服务的机器ip
    
    output.elasticsearch:
       hosts: ["localhost:9200"]            # ip改成部署了elasticsearch服务的机器ip, 我这里是一台机器,所以localhost等于11.22
    
    filebeat.inputs:
    - type: log
       enabled: false
       paths:        # 日志收集的路径
        - /var/log/*.log




 


 




启动EFK服务


    systemctl start elasticsearch.service


    如果有关elasticsearch的启动问题,点击: https://blog.51cto.com/liuxiaolan/2463905


    systemctl start kibana.service


    systemctl start filebeat.service


 
以上是关于centos7搭建EFK的主要内容,如果未能解决你的问题,请参考以下文章
 

 EFK的搭建(未完成)


 kubernetes集群搭建efk日志收集平台


 十九,基于helm搭建EFK日志收集系统


 Centos 7.3 简便搭建EFK日志分析


 docker efk搭建


 k8s搭建EFK日志管理系统