elk单机安装部署

Posted 2022-03-14 rdchenxi

解压

tar xf elasticsearch-7.1.0-linux-x86_64.tar.gz -C /data/

　　配置

[[email protected] ~]# vim  /etc/security/limits.conf

* soft nofile 65536
* hard nofile 65536
 [[email protected] ~]# vim  /etc/sysctl.conf
vm.max_map_count=655360

[[email protected] ~]# vim /etc/security/limits.d/20-nproc.conf 


*          soft    nproc     4096
root       soft    nproc     unlimited

　　添加环境变量

[[email protected] ~]# vim  /etc/profile.d/es.sh 

PATH=/data/elasticsearch-7.1.0/bin/:$PATH

　　创建普通用户授权并启动

useradd es
chown es:es /data -R
sysctl -p
su es
elasticsearch -d  后台启动

　　kibana的解压

 tar xf kibana-7.1.0-linux-x86_64.tar.gz -C /usr/local/ 解压
 cd /usr/local/kibana-7.1.0-linux-x86_64/config/
[[email protected] config]# vim kibana.yml

# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is ‘localhost‘, which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "192.168.183.8"# 修改监听的地址默认locathost
[[email protected] config]# vim /etc/profile.d/kibana.sh 
export PATH=/usr/local/kibana-7.1.0-linux-x86_64/bin/:$PATH  #添加环境变量

[[email protected] config]# exec bash #使其在当前shll生效

[[email protected] config]# kibana   # 前台启动

　　测试数据下载地址：https://grouplens.org/datasets/movielens/

       logstash 的安装与导入数据

tar xf logstash-7.1.0.tar.gz -C /usr/local/
cp movies.csv /usr/local/logstash-7.1.0/bin/
 cp logstash.conf /usr/local/logstash-7.1.0/config/
# cat logstash.conf
input 
  file 
    path => "/Users/yiruan/dev/elk7/logstash-7.0.1/bin/movies.csv"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  

filter 
  csv 
    separator => ","
    columns => ["id","content","genre"]
  

  mutate 
    split =>  "genre" => "|" 
    remove_field => ["path", "host","@timestamp","message"]
  

  mutate 

    split => ["content", "("]
    add_field =>  "title" => "%[content][0]"
    add_field =>  "year" => "%[content][1]"
  

#  mutate 

#    gsub => [
#      
#      "year", "\\)", ""
#    ]
#  


  mutate 
    convert => 
      "year" => "integer"
    
    strip => ["title"]
    remove_field => ["path", "host","@timestamp","message","content"]
  




output 
   elasticsearch 
     hosts => "http://localhost:9200"
     index => "movies"
     document_id => "%id"
   
  stdout 

[[email protected] ~]# vim /etc/profile.d/logstash.sh
export PATH=/usr/local/logstash-7.1.0/bin:$PATH  添加环境变量
[[email protected] ~]# exec bash
[[email protected] config]# ../bin/logstash -f logstash.conf 启动