CentOS7搭建ELK6.0.1
1.准备工作:
源码包路径:/usr/local/src/
elasticsearch: elasticsearch-6.0.1.tar.gz
kibana: kibana-6.0.1-linux-x86_64.tar.gz
logstash: logstash-6.0.1.tar.gz
jdk: jdk-8u65-linux-x64.gz

2.安装java环境

cd /usr/local/src
tar zxf jdk-8u65-linux-x64.gz -C /usr/local/
ln -s jdk1.8.0_65 jdk
echo "PATH=/usr/local/jdk/bin:$PATH" >> /etc/profile
source /etc/profile

3.ELK环境配置
#修改系统文件
vi /etc/security/limits.conf
#增加的内容

* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 4096

#修改系统文件
vi /etc/security/limits.d/20-nproc.conf
#调整成以下配置

*          soft    nproc     4096
root       soft    nproc     unlimited

#修改系统文件
vi /etc/sysctl.conf

#增加的内容
vm.max_map_count=655360
fs.file-max=655360
sysctl -p

#创建ELK用户
useradd elk

4.Elasticsearch 部署

mkdir /usr/local/elk6.0.1
cd /usr/local/src/
tar zxf elasticsearch-6.0.1.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/elasticsearch-6.0.1 elasticsearch

修改配置文件:

vim kibana/config/kibana.yml
vi elasticsearch/config/elasticsearch.yml
    cluster.name: es-cluster               # 集群名称
    node.name: node-master                 # master节点名称
    node.master: true                      # 是否为master
    node.data: true                        # 是否为数据节点
    path.data: /home/apps/elasticsearch    # 数据保存路径
    path.logs: /home/logs/elasticsearch    # 日志路径
    network.host: 172.16.8.8               # 监听IP,若为0.0.0.0 表示监听全网IP
    http.port: 9200                        # 端口
    discovery.zen.ping.unicast.hosts: ["172.16.8.8:9200"]   # 配置自动发现的主机
    discovery.zen.minimum_master_nodes: 1                   # 配置只有一个master

创建数据目录:
mkdir -p /home/apps/elasticsearch /home/logs/elasticsearch
修改权限,开放端口访问

chown -R elk:elk /usr/local/elk6.0.1 elasticsearch /home/apps/elasticsearch /home/logs/elasticsearch
firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --add-port=9300/tcp --permanent
firewall-cmd --reload

启动服务:

su - elk;
/usr/local/elasticsearch/bin/elasticsearch -d

查看健康状态(如果返回status=green表示正常):
curl http://172.16.8.8:9200/_cluster/health?pretty

5.Logstash 部署

cd /usr/local/src/
tar zxf logstash-6.0.1.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/logstash-6.0.1 logstash

修改配置文件:

vi logstash/config/logstash.yml
    path.logs: /home/logs/logstash   # 日志路径

创建数据目录 && 授权:

mkdir -p /home/logs/logstash
chown -R elk:elk elk6.0.1/logstash-6.0.1 logstash /home/logs/logstash

6.Logstash 安装JDBC插件
/usr/local/logstash/bin/logstash-plugin install logstash-input-jdbc
编写配置文件:

vi /usr/local/logstash/config/mysqsl-jdbc.conf
input {
   stdin {}
   jdbc {
      jdbc_driver_library => "/usr/local/logstash/mysql-connector-java-5.1.3.jar"
      jdbc_driver_class => "com.mysql.jdbc.Driver"
      jdbc_connection_string => "jdbc:mysql://192.168.0.211:3306/main"
      jdbc_user => "ops"
      jdbc_password => "123"
      jdbc_paging_enabled => "true"
      jdbc_page_size => "50000"
      #statement_filepath => "jdbc.sql"
      statement => "SELECT * from qp_inquiry"
      schedule => "* * * * *"
      type => "jdbc"
   }
}

filter {
   json {
      source => "message"
      remove_field => ["message"]
   }
}

output {
   elasticsearch {
      hosts => "172.16.8.8:9200"
      index => "mysql_query"
      document_id => "%{id}"
   }
   stdout {
      codec => json_lines
   }
}

检查配置 && 启动logstash服务

/usr/local/bin/logstash -f config/mysqsl-jdbc.conf --config.test_and_exit
/usr/local/bin/logstash -f config/mysqsl-jdbc.conf

7.kibana 部署

cd /usr/local/src/
tar zxf kibana-6.0.1-linux-x86_64.tar.gz -C /usr/local/elk6.0.1/
cd /usr/local/
ln -s elk6.0.1/kibana-6.0.1-linux-x86_64 kibana

修改配置文件:

vi kibana/config/kibana.yml
    server.port: 5601                                # 端口
    server.host: "172.16.8.8"                        # 监听IP
    elasticsearch.url: "http://172.16.8.8:9200"      # 配置ES的IP:PORT

修改权限,开放端口访问

chown -R elk:elk elk6.0.1/kibana-6.0.1-linux-x86_64 kibana
firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload

切换账号,启动服务

su - elk;
nohup /usr/local/kibana/bin/kibana &

访问:
浏览器访问: 172.16.8.8:5601