前提:Elasticsearch与kibana版本必须保持一致,logstach不要求。
版本:elasticsearch-6.4.3
kibana-6.4.3-linux-x86_64
logstash-7.10.0-linux-x86_64
部署elasticsearch:
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.4.3.tar.gz
tar -zxvf elasticsearch-6.4.3.tar.gz
yum install tomcat(其实是需要java jdk version "1.8.0_272",因为es依赖Java,可直接装java,这里不列举)
java -version
cd elasticsearch-6.4.3/config
vim elasticsearch.yml
---
在结尾加入
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
---
创建es用户
groupadd elsearch
useradd elsearch -g elsearch -p elasticsearch
cp -r elasticsearch-6.4.3 /usr/local/sandai
chown -R elsearch:elsearch elasticsearch-6.4.3
到这里配置已经ok了,但es有内核参数要求,下面需调参
vim /etc/sysctl.conf
---
vm.max_map_count=655360
---
sysctl -p
vim /etc/security/limits.conf
---
* soft nofile 65536
* hard nofile 65536
---
su elsearch 切换用户
./usr/local/sandai/elasticsearch &
elasticsearch启动
---
放行iptables
/sbin/iptables -I INPUT -p tcp --dport 9200 -j ACCEPT
部署kibana:
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.4.3-linux-x86_64.tar.gz
tar -zxvf kibana-6.4.3-linux-x86_64.tar.gz
cd kibana-6.4.3-linux-x86_64/config
vim kibana.yml
---
yml文件加上以下配置
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://localhost:9200"
kibana.index: ".kibana"
---
cd kibana-6.4.3-linux-x86_64/bin
sh kibana &
---
放行iptables
/sbin/iptables -I INPUT -p tcp --dport 5601 -j ACCEPT
---
部署logstash:
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.10.0-linux-x86_64.tar.gz
tar -zxvf logstash-7.10.0-linux-x86_64.tar.gz
cd logstash-6.4.2/conf/
---
添加配置文件,日志来源在/usr/share/tomcat/logs/*.log
vim logstash1.conf
input {
file {
path => "/usr/share/tomcat/logs/*.log"
start_position => beginning
}
}
filter {
}
output {
elasticsearch {
hosts => "localhost:9200"
}
}
---
执行
sh logstash -f /root/logstash-7.10.0/config/logstash1.conf --path.data=/tmp/logstash.log &
---
ELK部署完毕,kibana即可看到日志
原文:https://www.cnblogs.com/normanlin/p/14086254.html