linux安装elk

环境：

centOS7

JDK8

Elasticsearch-6.6.1

Logstash-6.6.1

Kibana-6.6.1

准备：

jdk下载地址：https://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

elk下载地址：https://www.elastic.co/downloads

安装：

jdk安装：

1.删除自带的jdk

java -version
rpm -qa | grep java
yum -y remove ***

2.安装

mkdir /usr/jdk
tar -xvf jdk-8u112-linux-x64.tar.gz /usr/jdk

3.配置环境变量

vim /etc/profile

添加如下内容

export JAVA_HOME=/usr/jdk/jdk1.8.0_112
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

保存退出，是配置生效

source /etc/profile

4.查看是否安装成功

java -version

elasticsearch安装

1.解压并拷贝

tar -zxvf elasticsearch-6.6..tar.gz
mv elasticsearch-6.6.1 /usr/local/src/elasticsearch

2.创建用户和用户组

groupadd elasticsearch
useradd elasticsearch -g elasticsearch
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch

3.创建数据文件和日志文件

mkdir /data/es/{data,logs,work} -p
chown -R /data/es

4.修改elasticsearch配置文件

cluster.name: es-cluster
#节点名称，每个节点不一样
node.name: node-
network.host: 192.168.227.130
http.port:
transport.tcp.port:
node.master: true
node.data: true
#path.conf: /usr/local/src/elasticsearch/conf
path.data: /data/es/data
#path.work: /data/es/work
path.logs: /data/es/logs
#集群
discovery.zen.ping.unicast.hosts: ["192.168.227.130:9300", "192.168.227.131:9300", "192.168.227.132:9300"]
discovery.zen.minimum_master_nodes:
http.cors.enabled: true
http.cors.allow-origin: "*"

5.启动

cd /usr/local/src/elasticsearch/bin
./elasticsearch -d

6.查看是否启动成功

[root@bogon bin]# curl http://192.168.227.130:9200
{
  "name" : "node-1",
  "cluster_name" : "es-cluster",
  "cluster_uuid" : "IFLcuRW-SE-U9-njSb9A_g",
  "version" : {
    "number" : "6.6.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "1fd8f69",
    "build_date" : "2019-02-13T17:10:04.160291Z",
    "build_snapshot" : false,
    "lucene_version" : "7.6.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

7.如启动失败，查看启动日志

日志报错内容如下

[] bootstrap checks failed
[]: max virtual memory areas vm.max_map_count [] is too low, increase to at least []

解决办法：
切换到root用户修改配置sysctl.conf

vi /etc/sysctl.conf 

添加下面配置：

vm.max_map_count=

并执行命令：

sysctl -p

然后，重新启动elasticsearch

elasticsearch-head插件安装

logstash安装

1.解压并拷贝

tar -zxvf logstash-6.6.1.tar.gz
mv logstash-6.6.1 /usr/local/logstash

2.修改配置文件

cd /usr/local/logstash/config
cp logstash-sample.conf logstash.conf
vim logstash.conf

input {
#  stdin{}
   tcp {
    # host:port就是上面appender中的 destination，
    # 这里其实把logstash作为服务，开启9250端口接收logback发出的消息
    host => "192.168.227.130" port =>  mode => "server" tags => ["tags"] codec => json_lines
  }
}

filter {
#  mutate{
#    add_field => {
#      "@msg" => "%{msg}"
#    }
#  }
  json{
    source => "msg"
    skip_on_invalid_json => true
#    remove_field => ["msg"]
  }
}

output {
  elasticsearch {
    hosts => ["http://192.168.227.130:9200"]
  }
  stdout { codec => rubydebug }
}

保存退出

3.启动logstash

[root@bogon logstash]# /usr/local/logstash/bin/logstash -f /usr/local/logstash/config/logstash.conf 

后台启动logstash

[root@bogon logstash]# nohup /usr/local/ELk/logstash-5.1.1/bin/logstash -f /usr/local/ELk/logstash-5.1.1/config/conf.d/webnginx.conf >/dev/null &;

kibana安装

1.解压并拷贝

[root@bogon opt]# tar -zxvf kibana-6.6.-linux-x86_64.tar.gz 
[root@bogon opt]# mv kibana-6.6.1-linux-x86_64 /usr/local/kibana

2.修改配置

[root@bogon config]# vi /usr/local/kibana/config/kibana.yml 

server.port:
server.host: "0.0.0.0"
elasticsearch.url: "http://192.168.227.130:9200"
kibana.index: ".kibana"

保存退出

3.启动

[root@bogon bin]# /usr/local/kibana/bin/kibana

因没有权限限制，部署在外网，谁都可以访问，可以使用nginx做代理，设置访问权限