一、安装Elasticsearch

1.1 安装Java

# 系统版本

 cat /etc/redhat-release

CentOS Linux release 7.5. (Core) 

  uname -r

3.10.-.el7.x86_64

  yum -y install java

  java -version

openjdk version "1.8.0_212"

OpenJDK Runtime Environment (build 1.8.0_212-b04)

OpenJDK -Bit Server VM (build 25.212-b04, mixed mode)

1.2 安装Elasticsearch

  • 关闭防火墙
systemctl disable firewalld
  • 关闭selinux
vim /etc/sysconfig/selinux

SELINUX= Enforcing # <== 修改为 disabled, 重启系统生效
  • 官方文档
https://www.elastic.co/guide/en/elasticsearch/reference/6.5/rpm.html#install-rpm

  • 下载并安装公共签名秘钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • 从RPM存储库安装

在/etc/yum.repos.d/创建一个elasticsearch.repo文件,文件内容如下:

vim /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-.x]

name=Elasticsearch repository for .x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md

  • yum安装ElasticSearch

yum install elasticsearch -y
  • 启动Elasticsearch
systemctl daemon-reload

systemctl enable elasticsearch.service
  • 启动/停止Elasticsearch
systemctl start elasticsearch.service

systemctl stop elasticsearch.service
  • Elasticsearch服务运行状态
systemctl status elasticsearch.service

Elasticsearch日志存储在/var/log/elasticsearch/目录下

  • 检查Elasticsearch是否正在运行

[root@localhost ~]# curl http://localhost:9200

{

  "name" : "O2pObfg",

  "cluster_name" : "elasticsearch",

  "cluster_uuid" : "uXvFw1fgR1iTduPf1d-MAw",

  "version" : {

    "number" : "6.7.1",

    "build_flavor" : "default",

    "build_type" : "rpm",

    "build_hash" : "2f32220",

    "build_date" : "2019-04-02T15:59:27.961366Z",

    "build_snapshot" : false,

    "lucene_version" : "7.7.0",

    "minimum_wire_compatibility_version" : "5.6.0",

    "minimum_index_compatibility_version" : "5.0.0"

  },

  "tagline" : "You Know, for Search"

}

1.3 配置Elasticsearch

Elasticsearch默认使用/etc/elasticsearch运行时配置

默认Elasticsearch从文件/etc/elasticsearch/elastisearch.yml加载配置。

[root@localhost ~]# ll -lrht /etc/elasticsearch/

total 36K

-rw-rw----.  root elasticsearch     Apr   : users_roles

-rw-rw----.  root elasticsearch     Apr   : users

-rw-rw----.  root elasticsearch   Apr   : roles.yml

-rw-rw----.  root elasticsearch   Apr   : role_mapping.yml

-rw-rw----.  root elasticsearch  13K Apr   : log4j2.properties

-rw-rw----.  root elasticsearch .6K Apr   : jvm.options

-rw-rw----.  root elasticsearch .9K Apr   : elasticsearch.yml

-rw-rw----.  root elasticsearch   Apr  : elasticsearch.keystore

  • 配置Elasticsearch数据路径和日志目录:

官方文档:

https://www.elastic.co/guide/en/elasticsearch/reference/6.5/settings.html

https://www.elastic.co/guide/en/elasticsearch/reference/6.5/important-settings.html

# 创建Elasticsearch数据目录及日志目录

mkdir /opt/elasticsearch/{data,log}/ -pv

cd /opt/

chown -R elasticsearch:elasticsearch elasticsearch/

cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml_`date +%Y%m%d_bak`

vim /etc/elasticsearch/elasticsearch.yml

# Elasticsearch 节点名称

node.name: node-

#数据

path.data: /opt/elasticsearch/data/

# 日志

path.logs: /opt/elasticsearch/log/

# 内存锁定,将进程地址空间锁定在RAM中,防止任何Elasticsearch内存被换出

bootstrap.memory_lock: true

# 监听地址

network.host: 192.168.198.130

# 监听端口

http.port: 

# 查看修改了那些配置 grep '^[a-z]' /etc/elasticsearch/elasticsearch.yml

node.name: node-

path.data: /opt/elasticsearch/data/

path.logs: /opt/elasticsearch/log/

bootstrap.memory_lock: true

network.host: 192.168.198.130

http.port:
  • 配置JVM

Jvm配置文件/etc/elasticsearch/jvm.options

-Xms2g

-Xmx2g
  • 文件句柄配置

官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/6.5/setting-system-settings.html

ulimit -n

tail - /etc/security/limits.conf 

elasticsearch  -  nofile
  • 系统配置

官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/6.5/setting-system-settings.html

vim /usr/lib/systemd/system/elasticsearch.service

[Service]        # <== 在此标签下添加

LimitMEMLOCK=infinity

# 重新加载

systemctl daemon-reload
  • 虚拟内存

官方文档:

https://www.elastic.co/guide/en/elasticsearch/reference/6.5/vm-max-map-count.html

临时配置:

sysctl -w vm.max_map_count=

永久配置:/etc/sysctl.conf

tail - /etc/sysctl.conf

vm.max_map_count=

sysctl -p

二、安装Logstash

  • 官方文档

https://www.elastic.co/guide/en/logstash/6.5/installing-logstash.html

  • 下载并安装公共签名和密钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • 在/etc/yum.repos.d/目录下新建logstash.repo文件,文件内容如下:

[logstash-.x]

name=Elastic repository for .x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md
  • yum安装logstash
yum -y install logstash

三、安装Kibana

  • 官方文档

https://www.elastic.co/guide/en/kibana/6.5/rpm.html

  • 下载并安装公共签名和密钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

  • 在/etc/yum.repos.d/目录下,创建kibana.repo,文件内容如下:

[kibana-.x]

name=Kibana repository for .x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md
  • yum 安装kibana
yum install kibana
  • 启动/停止kibana
systemctl daemon-reload

systemctl enable kibana.service

systemctl start kibana.service

systemctl stop kibana.service
  • 配置kibana

Kibana配置文件在/etc/kibana/目录下的kibana.yml。默认kibana运行localhost:5601

[root@localhost ~]# grep '^[a-z]' /etc/kibana/kibana.yml

server.port:

server.host: "0.0.0.0"

elasticsearch.hosts: ["http://192.168.198.130:9200"]

kibana.index: ".kibana"

四、安装Filebeat

  • 官方文档

https://www.elastic.co/guide/en/beats/filebeat/5.5/setup-repositories.html

https://www.elastic.co/guide/en/beats/filebeat/6.5/configuring-output.html

  • 下载并安装公共签名和密钥
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

  • 在/etc/yum.repos.d/目录下创建filebeat.repo文件,文件内容如下:

[elastic-.x]

name=Elastic repository for 5.x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=

autorefresh=

type=rpm-md

  • yum安装filebeat

yum -y install filebeat

#  filebeat记录读取文件位偏移 /var/lib/filebeat/registry

五、安装Redis

参考:https://www.cnblogs.com/hwlong/p/9330191.html

https://www.cnblogs.com/hwlong/p/6101019.html

wget http://download.redis.io/releases/redis-3.2.12.tar.gz

上传至 /usr/local

tar xzf redis-3.2..tar.gz

mv redis-3.2. redis

cd redis

make

src/redis-server &

六、Filebeat+Redis+Logstash+Elasticsearch+Kibana

6.1 配置Filebeat

filebeat.prospectors:

- input_type: log

  paths:

    - /data/logs/localhost.localdomain.*.log

  exclude_files: [".gz$"]

  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'

  multiline.negate: true

  multiline.match: after

  tags: ["localhost-localdomain"]

  document_type: localhost-localdomain

- input_type: log

  paths:

    - /data/logs/localhost.localdomain-error.*.log

  exclude_files: [".gz$"]

  multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'

  multiline.negate: true

  multiline.match: after

  tags: ["localhost-localdomain-error"]

  document_type: localhost-localdomain-error

fields:

  ipaddr: '192.168.198.131'   # <== filebeat本机IP

fields_under_root: true

output.redis:

  hosts: ["192.168.198.130"]        # <== redis地址

  port:

  key: "default_list"

  keys:

    - key: "%{[type]}"                # <== 根据document_type类型写入不同的key中

      mapping:

      "localhost-localdomain": "localhost-localdomain"

      "localhost-localdomain-error": "localhost-localdomain-error"

  db:

  datatype: list

  timeout: 

processors:

  - drop_fields:

       fields: ["offset","beat","source","input"]
  • 启动filebeat
systemctl status filebeat

6.2 配置logstash.conf

input {

  redis {

     host => "192.168.198.130"

     port => ""

     db => ""

     data_type => "list"

     key => "default_list"

     type => "default_list"

  }

  redis {

     host => "192.168.198.130"

     port => ""

     db => ""

     data_type => "list"

     key => "localhost-localdomain"

     type => "localhost-localdomain"

  }

  redis {

     host => "192.168.198.130"

     port => ""

     db => ""

     data_type => "list"

     key => "localhost-localdomain-error"

     type => "localhost-localdomain-error"

  }

}

filter {

}

output{

   if [type] == "localhost-localdomain" {

       elasticsearch {

           document_type => "localhost-localdomain"

           hosts => ["192.168.198.130:9200"]

           index => "localhost-localdomain.log"

       }

   }

   if [type] == "localhost-localdomain-error" {

       elasticsearch {

           document_type => "localhost-localdomain-error"

           hosts => ["192.168.198.130:9200"]

           index => "localhost-localdomain-error.log"

       }

   }

}
  • 启动logstash
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis-logstash-es.conf  &

CentOS7安装elk的更多相关文章

  1. 在 CentOS7 安装 ELK

    ELK是一个成熟的日志系统,主要功能有收集.分析.检索,详细见 elastic官网. 本文主要介绍如何在CentOS7下安装最新版本的ELK,当然现在docker已经有完全配置成功的elk容器,安装配 ...

  2. 在 CentOS7 安装 ELK【转】

    ELK是一个成熟的日志系统,主要功能有收集.分析.检索,详细见 elastic官网. 本文主要介绍如何在CentOS7下安装最新版本的ELK,当然现在docker已经有完全配置成功的elk容器,安装配 ...

  3. Centos7 安装ELK日志分析

    1.安装前准备 借鉴:https://www.cnblogs.com/straycats/p/8053937.html 操作系统:Centos7 虚拟机  8G内存  jdk8+ 软件包下载:采用rp ...

  4. 【ELK】Centos7 安装 ELK 7.6.2 和 UI 管理界面以及测试例子

    1. 初始化环境 1.0 初始化环境官网参考 https://www.elastic.co/guide/en/elasticsearch/reference/current/system-config ...

  5. Centos7中ELK集群安装流程

    Centos7中ELK集群安装流程   说明:三个版本必须相同,这里安装5.1版. 一.安装Elasticsearch5.1   hostnamectl set-hostname elk vim /e ...

  6. CentOS 7.x安装ELK(Elasticsearch+Logstash+Kibana)

    第一次听到ELK,是新浪的@ARGV 介绍内部使用ELK的情况和场景,当时触动很大,原来有那么方便的方式来收集日志和展现,有了这样的工具,你干完坏事,删除日志,就已经没啥作用了. 很多企业都表示出他们 ...

  7. centos7 搭建elk

    CentOS 7.x安装ELK(Elasticsearch+Logstash+Kibana)  云计算 Aug 162015 第一次听到ELK,是新浪的@ARGV 介绍内部使用ELK的情况和场景,当时 ...

  8. centos7搭建ELK Cluster集群日志分析平台(四):Fliebeat-简单测试

    续之前安装好的ELK集群 各主机:es-1 ~ es-3 :192.168.1.21/22/23 logstash: 192.168.1.24 kibana: 192.168.1.25 测试机:cli ...

  9. centos7搭建ELK Cluster集群日志分析平台(三):Kibana

    续  centos7搭建ELK Cluster集群日志分析平台(一) 续  centos7搭建ELK Cluster集群日志分析平台(二) 已经安装好elasticsearch 5.4集群和logst ...

随机推荐

  1. 初学angular-简单的angular指令

    实现一个简单的input清空内容,且清空对应ngModel 前台部分 <html ng-app="hpapp"> <head> <meta chars ...

  2. WinForm------TreeList属性介绍

    转载: http://blog.csdn.net/fwj380891124/article/details/6888077 treeList1.LookAndFeel.UseWindowsXPThem ...

  3. HTTP协议发展脉络

    1 发展脉络 1.1 1991 HTTP/0.9 建立TCP连接.客户端发送请求(只有GET命令).服务端返回请求(只能返回html格式字符串)后就关闭TCP连接 1.2 1996.5 HTTP/1. ...

  4. Codeforces Round #371 (Div. 2)B. Filya and Homework

    题目链接:http://codeforces.com/problemset/problem/714/B 题目大意: 第一行输入一个n,第二行输入n个数,求是否能找出一个数x,使得n个数中的部分数加上x ...

  5. AWK改变输入输出分隔符实例分析

    awk默认从STDIN接受数据,打印文本到STDOUT. awk的默认输入和输出分隔符: FS : 输入字段分隔符,默认空格. RS : 输入行分隔符,默认\n. OFS : 输出字段分隔符,默认空格 ...

  6. Spring中ApplicationContext对事件的支持

    Spring中ApplicationContext对事件的支持   ApplicationContext具有发布事件的能力.这是因为该接口继承了ApplicationEventPublisher接口. ...

  7. mvn filter autoconfig 产生自动配置

    可以使用filter, 也可以使用autoconfig 详细请见 http://www.openwebx.org/docs/autoconfig.html

  8. Effective Objective-C 2.0 — 第12条:理解消息转发机制

    11 条讲解了对象的消息传递机制 12条讲解对象在收到无法解读的消息之后会发生什么,就会启动“消息转发”(message forwarding)机制, 若对象无法响应某个选择子,则进入消息转发流程. ...

  9. yii2的urlManager配置

    网址伪静态是一个非常常用的网站需求,Yii2可以非常简单地进行配置. 首先,在配置文件config/main.php的'components' 段中,加入如下设置:'urlManager'=>a ...

  10. Spring入门_02_属性注入

    Spring 的set方法(属性)注入 UserAction类中设置属性和get.set方法.(实际上只需要set方法) private List list = null; private Set s ...