启动错误:
参考网站:https://blog.csdn.net/feinifi/article/details/73633235?utm_source=itdadao&utm_medium=referral
修改/etc/security/limits.conf,修改完成一定要退出,再次登录参数才能生效。
下载head插件
https://github.com/mobz/elasticsearch-head
下载java jdk
http://www.oracle.com/technetwork/java/javase/downloads/jdk10-downloads-4416644.html
安装报错:
1、安装npm需要修改/etc/sudoers 增加管理员权限 ,然后运行sudo npm install
==================================================================================================
1、创建ELK的用户
创建运行ELK的用户和组
#groupadd elk
#useradd -g elk elk
#passwd elk
创建ELK存放目录
#mkdir /elk && chown -R elk:elk /elk
创建数据和日志存放目录
chown -R elk:elk /tmp/data/elasticesearch
mkdir /tmp/logs &&
2、安装6.2.4
https://www.cnblogs.com/frankdeng/p/9139035.html#top
3、安装6.2.2
https://blog.csdn.net/magerguo/article/details/79637646
4、head插件的安装
https://blog.csdn.net/kimichen123/article/details/79389259
https://blog.csdn.net/zhengchaooo/article/details/80222349
===============================================================
把logstash输出内容到elasticsearch 参考:https://blog.csdn.net/napoay/article/details/53276758
建立配置文件:
vim logstash.conf
内容如下:input{
stdin{}
}
output{
elasticsearch{
hosts => "192.168.1.119"
}
stdout{codec => rubydebug}
}
然后执行:[elk@linux-node1 elk]$ ./logstash-6.2.4/bin/logstash -f logstash-6.2.4/conf/logstash.conf
再打开http://192.168.1.119:9100进行查看
=======================================================================
收集系统日志:
[root@linux-node1 elk]# cat logstash-6.2.4/conf/file.conf
input {
file{
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.1.119:9200"]
index => "system-%{type}-%{+YYYY.MM.dd}"
}
}
然后: [elk@linux-node1 elk]$ ./logstash-6.2.4/bin/logstash -f logstash-6.2.4/conf/file.conf