1、安装包下载
- 官网下载相应版本,ELK使用的是7.7.0版本:
https://www.elastic.co/cn/downloads/elasticsearch - 官网下载nodejs,后续安装elasticsearch-head-master插件时会用到:
https://nodejs.org/zh-cn/download/
# 所需的安装包如下
elasticsearch-7.7.0-linux-x86_64.tar.gz
kibana-7.7.0-linux-x86_64.tar.gz
logstash-7.7.0.tar.gz
node-v16.13.0-linux-x64.tar.xz
node_modules.zip
2、服务器环境
| 服务名 | IP |
|---|---|
| elk | 10.22.86.3 |
| client | 10.22.86.4 |
CentOS Linux release 7.9.2009 (Core)
3、安装 elasticsearch
# 安装包放在 /data/elk_file/ 目录下
[root@elk elk_file]# cd /data/elk_file/
[root@elk elk_file]# ls
elasticsearch-7.7.0-linux-x86_64.tar.gz kibana-7.7.0-linux-x86_64.tar.gz node_modules.zip
elasticsearch-head-master.zip node-v16.13.0-linux-x64.tar.xz
[root@elk elk_file]# tar -xzvf elasticsearch-7.7.0-linux-x86_64.tar.gz -C /data
[root@elk elk_file]# tail -3 /etc/profile
export JAVA_HOME=/data/elasticsearch-7.7.0/jdk
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
[root@elk elk_file]# cd /data/elasticsearch-7.7.0
[root@elk config]# cat /data/elasticsearch-7.7.0/config/jvm.options | grep -v '#|^$'
# 根据服务器情况修改jvm值,这里设置的512m
-Xms512m
-Xmx512m
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30
-Djava.io.tmpdir=${ES_TMPDIR}
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=data
-XX:ErrorFile=logs/hs_err_pid%p.log
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:logs/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m
9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
[root@elk config]# cat elasticsearch.yml | grep -v '#|^$'
cluster.name: elasticsearch
node.name: elk
path.data: /data/elk-data
path.logs: /var/log/elasticsearch/logs
http.port: 9200
network.host: 0.0.0.0
cluster.initial_master_nodes: ["elk"]
http.cors.enabled: true
http.cors.allow-origin: "*"
[root@elk config]# useradd elk
[root@elk config]# mkdir -p /data/elk-data
[root@elk config]# mkdir -p /var/log/elasticsearch/logs
[root@elk config]# chown -R elk:elk /data/elasticsearch-7.7.0
[root@elk config]# chown -R elk:elk /data/elk-data/
[root@elk config]# chown -R elk:elk /var/log/elasticsearch/logs/
[root@elk config]# cat /etc/security/limits.conf | grep -v '#|^$'
* soft nofile 65536
* hard nofile 65536
[root@elk config]# cat /etc/sysctl.conf
vm.max_map_count=262144
[root@elk config]# sysctl -p
vm.max_map_count = 262144
[root@elk config]# cd /data/elasticsearch-7.7.0/bin/
[root@elk bin]# su elk
[elk@elk bin]$ ./elasticsearch -d
[elk@elk bin]$ exit
4、安装 elasticsearch-head 可视化插件
[root@elk data]# cd /data/elk_file
[root@elk elk_file]# tar -xf node-v16.13.0-linux-x64.tar.xz
[root@elk elk_file]# unzip elasticsearch-head-master.zip
[root@elk elk_file]# mv node-v16.13.0-linux-x64 /data
[root@elk elk_file]# mv elasticsearch-head-master /data/elasticsearch-7.7.0/
[root@elk elk_file]# ln -s /data/node-v16.13.0-linux-x64/bin/node /usr/bin/node
[root@elk elk_file]# ln -s /data/node-v16.13.0-linux-x64/bin/npm /usr/bin/npm
[root@elk elk_file]# cd elasticsearch-head-master/
[root@elk elasticsearch-head-master]# cat -n Gruntfile.js | sed -n '96,101p'
96 options: {
97 hostname: '*',
98 port: 9100,
99 base: '.',
100 keepalive: true
101 }
[root@elk elasticsearch-head-master]# cd _site/
[root@elk _site]# cat app.js | grep 9200
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://10.22.83.3:9200";
[root@elk elasticsearch-head-master]# npm install -g grunt-cli
[root@elk elasticsearch-head-master]# npm install
[root@elk elasticsearch-head-master]# cd /data/elk_file/
[root@elk elk_file]# mkdir -p /data/elasticsearch-7.7.0/elasticsearch-head-master/node_modules
[root@elk elk_file]# mv node_modules.zip /data/elasticsearch-7.7.0/elasticsearch-head-master/node_modules
[root@elk elk_file]# cd /data/elasticsearch-7.7.0/elasticsearch-head-master/node_modules
[root@elk node_modules]# unzip node_modules.zip
[root@elk node_modules]# chmod -R 777 /data/elasticsearch-7.7.0/elasticsearch-head-master/node_modules
[root@elk node_modules]# su elk
[elk@elk node_modules]$ nohup ./node_modules/grunt/bin/grunt server &
[elk@elk node_modules]$ exit
5、安装 kibana
[root@elk data]# cd /data/elk_file
[root@elk elk_file]# tar -xzvf kibana-7.7.0-linux-x86_64.tar.gz -C /data/
[root@elk elk_file]# cd /data/kibana-7.7.0-linux-x86_64/
[root@elk kibana-7.7.0-linux-x86_64]# cat config/kibana.yml | grep -v '#|^$'
i18n.locale: "zh-CN"
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://10.22.86.3:9200"]
elasticsearch.requestTimeout: 90000
[root@elk kibana-7.7.0-linux-x86_64]# chown -R elk:elk /data/kibana-7.7.0-linux-x86_64
[root@elk kibana-7.7.0-linux-x86_64]# cd bin/
[root@elk bin]# su elk
[elk@elk bin]$ nohup ./kibana &
[elk@elk bin]$ exit
6、测试访问
7、客户端安装 logstash
tar -xzvf logstash-7.7.0.tar.gz -C /opt/
mv /opt/logstash-7.7.0 /opt/logstash
[root@fenghoutest config]# head -1 /opt/logstash/config/logstash.yml
http.host: 0.0.0.0
[root@fenghoutest config]# cd /opt/
[root@fenghoutest config]# mkdir nc
[root@fenghoutest config]# cd nc
[root@fenghoutest config]# vim file.conf
input {
file {
path => "/data/app/clzn-suncmis/suncmis-web-api/logs/info.log"
type => "suncmis"
start_position => "beginning"
codec => multiline {
pattern => "^[a-zA-Z0-9]|[^ ]+"
negate => true
what => "previous"
}
}
}
output {
if [type] == "suncmis"{
elasticsearch {
hosts => ["10.22.86.3:9200"]
index => "dev-suncmis-web-api-log-%{+YYYY.MM.dd}"
}
}
}
[root@fenghoutest config]# mkdir /data/logstash-data
[root@fenghoutest config]# /opt/logstash/bin/logstash -f /opt/nc/file.conf --path.data=/data/logstash-data &
- 配置日志
