elk安装安装|

将相本无种，男儿当自强。这篇文章主要讲述elk安装相关的知识，希望能为你提供帮助。
es安装

关闭防火墙，禁用selinux
elk01

[root@elk01 ~]# vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096

[root@elk01 ~]# vim /etc/sysctl.conf
vm.max_map_count=262144
fs.file-max=65536

fs.file-max：该文件指定了可以分配的文件句柄的最大数目，为512 乘以 processes (如128个process则为 65536);
vm.max_map_count：限制一个进程可以拥有的VMA(虚拟内存区域)的数量。 //这个值最好设置大一点，不然ES会启动失败。
添加线程不然启动报错如下：

ERROR: [1] bootstrap checks failed

[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
安装软件
elasticsearch-7.9.3-linux-x86_64.tar.gz

[root@elk01 ~]# tar -zxvf elasticsearch-7.9.3-linux-x86_64.tar.gz
[root@elk01 ~]# mv elasticsearch-7.9.3 /usr/local/elasticsearch

修改配置文件

[root@elk01 elasticsearch]# vim config/elasticsearch.yml
cluster.name: elk
node.name: elk01
node.master: true#允许成为主节点
node.data: true#数据节点
path.data: /usr/local/elasticsearch/data/
path.logs: /usr/local/elastichttp.port: 9200search/logs
bootstrap.memory_lock: false#关闭锁定内存，设置为true会报错
network.host: 192.168.226.141##监听ip
http.port: 9200
discovery.seed_hosts: ["192.168.226.142","192.168.226.143"]#一定要设置为另外两个节点的IP
cluster.initial_master_nodes: ["elk01","elk03","elk02"]
http.cors.enabled: true# 是否支持跨域，默认为false
http.cors.allow-origin: "*"
#当设置允许跨域，默认为*,表示支持所有域名，如果我们只是允许某些网站能访问，那么可以使用正则表达式。比如只允许本地地址。 /https?:\\/\\/localhost(:[0-9]+)?/

启动

[root@elk01 ~]# cd /usr/local/elasticsearch/
[root@elk01 elasticsearch]# bin/elasticsearch

浏览器打开可以正常预览9200端口

"name" : "elk01",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "UwHi0BPUTKWmdCeb1i_Fhg",
"version" :
"number" : "7.9.3",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "c4138e51121ef06a6404866cddc601906fe5c868",
"build_date" : "2020-10-16T10:36:16.141335Z",
"build_snapshot" : false,
"lucene_version" : "8.6.2",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
,
"tagline" : "You Know, for Search"

安装node.js
?因为head插件是用node.js开发的，所以需要此环境

[root@elk01 ~]# ls
node-v10.15.3-linux-x64.tar.xz
[root@elk01 ~]# xz -d node-v10.15.3-linux-x64.tar.xz
[root@elk01 ~]# ls
node-v10.15.3-linux-x64.tar
[root@elk01 ~]# tar -vf node-v10.15.3-linux-x64.tar
[root@elk01 ~]# mv node-v10.15.3-linux-x64 /usr/local/node

添加node环境变量

[root@elk01 node]# vim /etc/profile
export NODE_HOME=/usr/local/node
export PATH=$NODE_HOME/bin:$PATH
export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH
[root@elk01 node]# source /etc/profile
[root@elk01 node]# node -v
v10.15.3

安装head插件

[root@elk01 ~]# wgethttps://github.com/mobz/elasticsearch-head/archive/master.zip
[root@elk01 ~]# ls
elasticsearch-head-master.zip
[root@elk01 ~]# unzip elasticsearch-head-master.zip
[root@elk01 ~]# mv elasticsearch-head-master /usr/local/elasticsearch-head
[root@elk01 ~]# cd /usr/local/elasticsearch-head/

[root@elk01 elasticsearch-head]# npm install -g cnpm --registry=https://registry.npm.taobao.org
[root@elk01 elasticsearch-head]# cnpm install -g grunt-cli
[root@elk01 elasticsearch-head]# cnpm install -g grunt
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-clean
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-concat
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-watch
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-connect
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-copy
[root@elk01 elasticsearch-head]# cnpm install grunt-contrib-jasmine

[root@elk01 elasticsearch-head]# vim Gruntfile.js
connect:
server:
options:
hostname: 0.0.0.0,#新增这行
port: 9100,
base: .,
keepalive: true

?为了后续方便，给head做个启动脚本

[root@elk01 elasticsearch-head]# vim /usr/bin/elasticsearch-head
#!/bin/bash
#description: elasticsearch-head service manager

data="https://www.songbingjia.com/android/cd /usr/local/elasticsearch-head/ ; nohupnpm run start > /dev/null 2> & 1 &"
START()
eval $data

STOP()
ps -ef | grep grunt | grep -v "grep" | awk print $2 | xargs kill -s 9 > /dev/null

case "$1" in
start)
START
; ;
stop)
STOP
; ;
restart)
STOP
sleep 2
START
; ;
*)
echo "Usage: elasticsearch-head (|start|stop|restart)"
; ;
esac

验证

安装kibana

[root@elk01 ~]# ls
kibana-7.9.3-linux-x86_64.tar.gz
[root@elk01 ~]# tar -zxvf kibana-7.9.3-linux-x86_64.tar.gz
[root@elk01 ~]# mv kibana-7.9.3-linux-x86_64 /usr/local/kibana
[root@elk01 ~]# cd /usr/local/kibana/
[root@elk01 kibana]# ls
binbuilt_assetsconfigdataLICENSE.txtnodenode_modulesNOTICE.txtoptimizepackage.jsonpluginsREADME.txtsrcwebpackShimsx-pack
[root@elk01 kibana]# vim config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.226.141:9200", "http://192.168.226.142:9200", "http://192.168.226.143:9200"]
kibana.index: ".kibana"
logging.dest: /usr/local/kibana/logs/kibana.log
i18n.locale: "en"

[root@elk01 kibana]# mkdir logs
[root@elk01 kibana]# touch logs/kibana.log
[root@elk01 kibana]# chown -R elk:elk /usr/local/kibana/
[root@elk01 kibana]# su elk
[elk@elk01 kibana]$ bin/kibana

页面打开

logstash

[root@elk01 ~]# ls
logstash-7.9.3.tar.gz
[root@elk01 ~]# tar -zxvf logstash-7.9.3.tar.gz
[root@elk01 ~]# mv logstash-7.9.3 /usr/local/logstash
[root@elk01 ~]# cd /usr/local/logstash/
[root@elk01 logstash]# ls
binCONTRIBUTORSGemfileliblogstash-coremodulestoolsx-pack
configdataGemfile.lockLICENSE.txtlogstash-core-plugin-apiNOTICE.TXTvendor
[root@elk01 logstash]# vim config/logstash.yml
http.host: 192.168.226.14
http.port: 9600

【elk安装】

[root@elk01 logstash]# yum install -y nginx
log_format main2 $http_host $remote_addr - $remote_user [$time_local] "$request"
$status $body_bytes_sent "$http_referer"
"$http_user_agent" "$upstream_addr" $request_time;

access_log/var/log/nginx/access.logmain;

[root@elk01 logstash]# vim /etc/nginx/conf.d/elk.conf
server
listen 80;
server_name elk.test.com;

location /
proxy_passhttp://192.168.226.141:5601;
proxy_set_header Host$host;
proxy_set_header X-Real-IP$remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log/var/log/nginx/elk_access.log main2;

[root@elk01 logstash]# mkdir conf
[root@elk01 logstash]# vim conf/nginx_access.conf
input
file
path => "/var/log/nginx/elk_access.log"#设置为nginx访问日志的路径
start_position => "beginning"
type => "nginx"

filter
grok
match => "message" => "%IPORHOST:http_host %IPORHOST:clientip - %USERNAME:remote_user \\[%HTTPDATE:timestamp\\] \\"(?:%WORD:http_verb %NOTSPACE:http_request(?: HTTP/%NUMBER:http_version)?|%DATA:raw_http_request)\\" %NUMBER:response (?:%NUMBER:bytes_read|-) %QS:referrer %QS:agent %QS:xforwardedfor %NUMBER:request_time:float"

geoip
source => "clientip"

output
stdoutcodec => rubydebug
elasticsearch
hosts => ["192.168.226.141:9200"]#也可以为集群内其它机器的地址
index => "nginx-test-%+YYYY.MM.dd"