elk与jdk自行搜索下载 package(离线安装包)目录:/home/elk-pak
/home/jdk8-pak
安装目录:/usr/local/
jdk8安装
最好查看一下是否存在原服务器自带openJDK
rpm - qa| grep java
rpm - e -- nodeps jdk-xxx
tar - zxvf jdk-8u391-linux-x64. tar. gz - C / usr/local/
vim / etc/profile
export JAVA_HOME=/ usr/local/jdk1. 8. 0_391
export CLASSPATH=. :$JAVA_HOME / jre/lib/rt. jar:$JAVA_HOME / lib/dt. jar:$JAVA_HOME / lib/tools. jar
export PATH=$PATH :$JAVA_HOME / bin
source / etc/profile
java
javac
elasticsearch安装
elk的版本7.11.2; e需要用户非root
,故新建用户es
adduser es
passwd es
mkdir - p / opt/es/logs / opt/es/data
chown - R es / opt/es/data /
chown - R es / opt/es/logs/
ulimit - n
vim / etc/security/limits. conf
* soft nofile 65535
* hard nofile 65535
* hard nproc 4096
* soft nproc 4096
vim / etc/sysctl. conf
vm. max_map_count=262144
sysctl - p
reboot
tar - zxvf elasticsearch-7. 11. 2
mv elasticsearch-7. 11. 2 / usr/local/elasticsearch
chown - R es / usr/local/elasticsearch
chmod u+x / usr/local/elasticsearch/bin
vim / usr/local/elasticsearch/config/elasticsearch. yml
node. name: node-1
path. data : / opt/es/data /
network. host: 0. 0. 0. 0
http. port: 9200
discovery. seed_hosts: [ "127.0.0.1" ]
cluster. initial_master_nodes: [ "node-1" ]
http. cors. enabled: true
http. cors. allow-origin: "*"
http. cors. allow-headers: Authorization, X-Requested-With, Content-Type , Content-Length
xpack. security. enabled: true
xpack. security. transport. ssl. enabled: true
vim / usr/local/elasticsearch/bin/elasticsearch-env
su es
. / elasticsearch
su es
. / elasticsearch-setup-passwords interactive
y
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert -- ca elastic-stack-ca. p12
mkdir certs
xpack. security. transport. ssl. verification_mode: certificate
xpack. security. transport. ssl. keystore. path: certs/elastic-certificates. p12
xpack. security. transport. ssl. truststore. path: certs/elastic-certificates. p12
. / bin/elasticsearch
. / bin/elasticsearch - d
后补:安装ik分词插件
mkdir ik
unzip elasticsearch-analysis-ik-7. 11. 2. zip - d ik/
mv ik/ / usr/local/elasticsearch/plugins/
chown - R es. es / usr/local/elasticsearch/
logstash安装
tar - zxvf logstash-7. 11. 2-linux-aarch64. tar. gz
mv logstash-7. 11. 2 / usr/local/logstash
chown - R es. es / usr/local/logstash
vi / usr/local/logstash/config/logstash-elasticsearch. conf
/ usr/local/logstash/config/logstash. yml
path. data : / usr/local/logstash/data / node1
xpack. monitoring. enabled: true
xpack. monitoring. elasticsearch. username: "elastic"
xpack. monitoring. elasticsearch. password: ""
xpack. monitoring. elasticsearch. hosts: [ "https://***.**.*.*:9200" ]
. / bin/logstash - f config/logstash-elasticsearch. conf
nohup . / bin/logstash - f config/对应配置文件. conf >/ dev/null &
启动如果出现该错误信息无视即可! Unable to retrieve license information from license server {:message=>“Unsupported or unrecognized SSL message”} Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
kinaba安装
tar - zxvf kibana-7. 11. 2-linux-x86_64. tar. gz
mv kibana-7. 11. 2-linux-x86_64 / usr/local/kibana
chown - R es. es / usr/local/kibana
vim config/kinana. yml
server. port: 5601
server. host: "***.**.*.*"
elasticsearch. hosts: [ "http://***.**.*.*:9200" ]
elasticsearch. username: "kibana"
elasticsearch. password: ""
logging. dest: "/usr/local/kibana/logs/kinaba.log"
i18n. locale: "zh-CN"
xpack. reporting. encryptionKey: "LLDeMm"
xpack. security. encryptionKey: "XEGrp9QMenKwD&e&JO2RD~CWlqX1XJFN"
. / bin/kibana
nohup . / kibana >/ dev/null &
kibana的登录用户与密码就是前边安装elasticsearch的账号密码。