2. 技术
    3. ELK搭建详细配置

    ELK搭建详细配置

    技术2022-07-11  143

    下载安装包:https://www.elastic.co/downloads 我下载的是:elasticsearch-7.8.0-linux-x86_64.tar.gz 、kibana-7.8.0-linux-x86_64.tar.gz、logstash-7.8.0.tar.gz

    分别拷贝到机器上: 先安装tomcat yum install tomcat 安装完成后,java -version看下是否安装成功 首先安装elsticsearch: 安装完成后,创建启用服务的用户:

    1、groupadd elsearch 2、useradd elsearch -g elsearch -p elasticsearch 3、将文件拷贝到elsearch 用户下,然后修改文件属主为elsearch chown -R elsearch:elsearch +文件夹名字

    配置基础配置文件: elasticsearch-7.8.0/config文件下下,找到elasticsearch.yml 配置如下: 编辑vim jvm.options 当前机器的情况进行调整 elsearch用启动, ./elasticsearch-7.8.0/bin/elasticsearch & 启动时报错:

    2020-06-19T11:21:49,740][INFO ][o.e.b.BootstrapChecks ] [logserver.localdomain] bound or publishing to a non-loopback address, enforcing bootstrap checks ERROR: [3] bootstrap checks failed [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535] [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] [3]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

    下面是分别解决这3个问题: [1]解决办法: Vim etc/security/limits.conf ,在文件最后添加:

    * soft nofile 65536 * hard nofile 65536

    [2]解决办法: vi /etc/sysctl.conf 文件末尾添加以下配置

    vm.max_map_count=655360,添加完成后执行sysctl -p

    [3]解决办法:修改elasticsearch-7.8.0/config/elasticsearch.yml 文件 添加如下配置: 跨域可用于es-head

    再次启动elasticsearch ,页面已经能打开了 elasticsearch的配置如下:

    cluster.name: "my-es" #集群名字(集群内机器所有集群名字必须一致) node.name: "node-1" #节点名字(集群内所有机器节点名不同) node.master: true path.data: "/var/eslog/" path.logs: "/var/eslog/" #日志存储路径 network.host: "0.0.0.0" http.port: 9200 transport.tcp.port: 9300 #集群内传输端口 discovery.zen.ping.unicast.hosts: ["10.0.6.152:9300","10.0.6.153:9300","10.0.6.188:9300"] #集群内主机 discovery.zen.minimum_master_nodes: 1 #主节点数 cluster.initial_master_nodes: ["node-1"] #默认主节点 http.cors.enabled: true http.cors.allow-origin: "*"

    启动logstash的时候,需要指定配置文件,我的是syslog,配置如下: 、

    input { syslog { port => "5140" } } output { elasticsearch { hosts => ["10.0.6.152:9200"] index => "logstash-%{+YYYY.MM.dd HH}" } }

    logstash.yml的配置如下:

    http.enabled: true http.host: "0.0.0.0" http.port: 9600-9700

    kibana配置:

    server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: ["http://127.0.0.1:9200"] kibana.index: ".kibana"

    可以通过安装es-head-master 进行集群监控: 启动es-head

    npm run start &

    还在学习过程中,后面会继续更新。

    Processed: 0.013, SQL: 9