配置虚拟机为静态IP,把rpm包都下载下来。你看我的目录:
[root@localhost elasticstack-rpm]# tree . ├── beat │ └── filebeat-7.8.0-x86_64.rpm ├── elasticsearch-7.8.0-x86_64.rpm ├── kibana-7.8.0-x86_64.rpm ├── logstash-7.8.0.rpm项目包间无依赖关系,直接rpm -ivh xxx.rpm都装上。 禁掉防火墙:systemctl stop firewalld && systemctl disable firewalld
编辑elasticsearch配置文件,/etc/elasticsearch/elasticsearch.yml
network.host: 192.168.124.10 discovery.seed_hosts: [ "192.168.124.10"] cluster.initial_master_nodes: ["localhost.localdomain"]然后启动服务:
systemctl enable elasticsearch && systemctl start elasticsearch启动elasticsearch后,测试是否启动成功:
[root@localhost elasticstack-rpm]# curl 192.168.124.10:9200 { "name" : "localhost.localdomain", "cluster_name" : "elasticsearch", "cluster_uuid" : "_na_", "version" : { "number" : "7.8.0", "build_flavor" : "default", "build_type" : "rpm", "build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65", "build_date" : "2020-06-14T19:35:50.234439Z", "build_snapshot" : false, "lucene_version" : "8.5.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }启动kibana:
systemctl enable kibana && systemctl start kibana浏览器访问:http://192.168.124.10:5601/
配置Pattern 输入时间字段:
然后重启服务
systemctl stop filebeat参考:
Index modulesupdate index settings API