elk搭建

版本：7.3.2

环境：JDK11

下载安装包：https://www.elastic.co/cn/downloads/

安装：

一、elasticsearch

mkdir /opt/elk

cd  /opt/elk

拷贝压缩包到  .

tar zxvf  elasticsearch-7.3.2-linux-x86_64.tar.gz
mv elasticsearch-7.3.2-linux-x86_64.tar.gz  elasticsearch-1
cp -r elasticsearch-1/* elasticsearch-2
cp -r elasticsearch-1/* elasticsearch-3

修改 elasticsearch.yml

# es-7.3.2-node-1
cluster.name: my-els
node.name: node-1
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9301","127.0.0.1:9302"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true

# es-7.3.2-node-2
cluster.name: my-els
node.name: node-2
network.host: 0.0.0.0
http.port: 9201
transport.tcp.port: 9301
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9301","127.0.0.1:9302"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true

# es-7.3.2-node-3
cluster.name: my-els
node.name: node-3
network.host: 0.0.0.0
http.port: 9202
transport.tcp.port: 9302
discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300","127.0.0.1:9301","127.0.0.1:9302"]
cluster.initial_master_nodes: ["node-1", "node-2","node-3"]
http.cors.enabled: true
http.cors.allow-origin: "*"
node.master: true
node.data: true

新增用户启动es
useradd elk
chown -R elsearch:elsearch /opt/es/

vim /etc/sysctl.conf
vm.max_map_count=262144 #单个进程中的最大线程数

vim /etc/security/limits.conf
elk soft nofile 65536
elk hard nofile 65536
elk hard nproc 4096
elk soft nproc 4096

cd /opt/elk

./elasticsearch-1/bin/elasticsearch -d

./elasticsearch-2/bin/elasticsearch -d

./elasticsearch-3/bin/elasticsearch -d

二、logstash

tar zxvf  logstash-7.3.2.tar.gz

cd logstash-7.3.2/config
vim logstash.conf

logstash.conf 配置

input {
  tcp {
      mode => "server"
      host => "localhost"
    port => 4560
  }
}

output {
  elasticsearch {
    hosts => ["http://elsearch所在服务器地址:9200"] index => "自定义项目名称-%{+YYYY.MM.dd}" } }

启动logstash

nohup ./bin/logstash -f config/logstash.conf &

注意按照 conf 中的配置，此时需要有一个logstash客户端的项目在该服务器。（建议使用时，logstash安装在和业务项目相同的服务器上）

至此日志已经进到elsearch了。可以通过 elsearch-head 看到

三、kibana

tar zxvf  kibana-7.3.2-linux-x86_64.tar.gz

修改 kibana.yml

server.port: 5601
server.host: "0.0.0.0"
server.name: "your-hostname"
elasticsearch.hosts: ["http://localhost:9200","http://localhost:9201","http://localhost:9202"]
i18n.locale: "zh-CN"

启动 

nohup ./kibana --allow-root &

访问kibana所在服务器5601-》进入kibana-》管理-》索引模式-》创建索引模式（按提示创建）-》discovery-》查到数据