2018-07-02 21:32:33
ELK 单实例搭建
环境搭建
1.1我的系统版本
Distributor ID: CentOS
Description: CentOS release 6.5 (Final)
1.2需要的软件:(elk的下载路径:https://www.elastic.co/downloads/)
ElasticSearch:2.2.1
Logstash:2.2.2
Kibana:4.4.2
JRE:1.8.2
1.3 创建用户
[root@db ~]#
useradd elk password
[root@db ~]#
passwd elk
1.4 创建elk 需要的目录
[root@db ~]#
mkdir -p /data/elk/
赋予所有和所属
[root@db ~]#
chown -R elk:elk /data/elk/
一下操作都在用户 elk 下执行,不然服务搭建不成功,会各种报错
安装 jdk 1.8
[elk@db elk]$
pwd
/data/elk
[elk@db elk]$
mkdir java
[elk@db elk]$
tar -zxvf jdk-8u171-linux-x64.tar.gz
配置环境变量(此时切换到root用户下配置)
[root@db ~]#
vim /etc/profile
export
JAVA_HOME=/data/elk/java
export
JRE_HOME=/data/elk/java/jre
export
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export
PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
配置文件限制
(Elk为启动用户,也可以指定为*)
[root@db ~]# vim /etc/security/limits.conf
elk soft nofile
65536
elk hard nofile
131072
elk soft nproc
65536
elk hard nproc
131072
[root@db ~]# vim
/etc/security/limits.d/90-nproc.conf
*
soft nproc 2048
(原来是1024 改成2048即可)
切换到elk用户下在操作
安装 elasticsearch
[elk@db elk]$ tar -zxvf
elasticsearch-2.2.1.tar.gz
对elasticsearch 进行配置
[elk@db config]$ pwd
/data/elk/elasticsearch-2.2.1/config
[elk@db config]$ vim elasticsearch.yml
启动进行验证
通浏览器访问
[elk@db elasticsearch-2.2.1]$
./bin/elasticsearch
(nohup bin/elasticsearch & 这种启动调用到后台了,不然会一直在前台挂着, Ctrl +
C 会杀掉进程,后续的都一样)
验证
下载插件 elasticsearch-head
新建目录
[elk@db mobz]$ pwd
/data/elk/elasticsearch-2.2.1/bin/mobz
[elk@db mobz]$ mkdir mobz
下载elasticsearch-head的路径:https://github.com/mobz/elasticsearch-head
(这个时候下载需要到github上才能下载到,在Windows 安装git客户端进行下载:下载命令:
git clone https://github.com/mobz/elasticsearch-head
新建目录
[elk@db bin]$ pwd
/data/elk/elasticsearch-2.2.1/bin
[elk@db bin]$ mkdir mobz
把elasticsearch-head 放到目录下
加载 elasticsearch-head 插件
[elk@db bin]$ pwd
/data/elk/elasticsearch-2.2.1/bin
[elk@db bin]$ ./plugin install
mobz/elasticsearch-head/
(特别声明:最好在bin 目录下加载,不要在上一级加载,容易出错,加载不出来)
加载完成后再次启动服务
[elk@db elasticsearch-2.2.1]$
./bin/elasticsearch
验证访问
安装logstash
[elk@db elk]$ tar -zxvf logstash-2.2.2.tar.gz
[elk@db logstash-2.2.2]$ pwd
/data/elk/logstash-2.2.2
[elk@db logstash-2.2.2]$ vim
logstash-simple.conf
input {stdin { } }
output {
elasticsearch {hosts => "192.168.25.50" }
stdout { codec=> rubydebug }
}
启动
[elk@db logstash-2.2.2]$ pwd
/data/elk/logstash-2.2.2
[elk@db logstash-2.2.2]$ ./bin/logstash -f
logstash-simple.conf
安装kibana
[elk@db elk]$ tar -zxvf
kibana-4.4.2-linux-x64
进行配置
[elk@db config]$ pwd
/data/elk/kibana-4.4.2-linux-x64/config
[elk@db config]$ vim kibana.yml
只需要修改(去掉注释):server.port: 5601 、
server.host: "192.168.25.50"
elasticsearch.url: http://192.168.25.50:9200
kibana.index:
".kibana"
特别声明:配置的内容要和左面一定要顶齐,不能留有空格,不然启动失败
启动:
[elk@db kibana-4.4.2-linux-x64]$
./bin/kibana
log
[15:23:07.861] [info][status][plugin:kibana] Status changed from
uninitialized to green - Ready
log [15:23:07.902]
[info][status][plugin:elasticsearch] Status changed from uninitialized to
yellow - Waiting for Elasticsearch
log [15:23:07.919]
[info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized
to green - Ready
log [15:23:07.931]
[info][status][plugin:markdown_vis] Status changed from uninitialized to green
- Ready
log [15:23:07.939]
[info][status][plugin:metric_vis] Status changed from uninitialized to green -
Ready
log [15:23:07.965]
[info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
log [15:23:07.972]
[info][status][plugin:statusPage] Status changed from uninitialized to green -
Ready
log [15:23:07.977]
[info][status][plugin:table_vis] Status changed from uninitialized to green -
Ready
log [15:23:07.983]
[info][listening] Server running at http://192.168.25.505601
log [15:23:12.980]
[info][status][plugin:elasticsearch] Status changed from yellow to yellow - No
existing Kibana index found
log [15:23:16.749]
[info][status][plugin:elasticsearch] Status changed from yellow to green -
Kibana index ready
验证