centos7安装 elk6.2.2教程

安装jdk1.8

1. 将jdk上传到指定目录
2. 解压到/usr/jdk1.8
3. 配置环境变量

   [root@localhost jdk1.8]# vim /etc/profile

   export JAVA_HOME=/usr/jdk1.8
   export CLASSPATH=.:${JAVA_HOME}/jre/lib/rt.jar:${JAVA_HOME}/lib/dt.jar:${JAVA_HOME}/
   lib/tools.jarexport PATH=$PATH:${JAVA_HOME}/bin

    

4. 使环境变量生效

   [root@localhost jdk1.8]# source /etc/profile

    

检查java环境，给出如下提示表示安装成功

[root@localhost jdk1.8]# java -version
java version "1.8.0_131"
Java(TM) SE Runtime Environment (build 1.8.0_131-b11)
Java HotSpot(TM) 64-Bit Server VM (build 25.131-b11, mixed mode)

安装elasticsearch

下载rpm包：https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.rpm

安装rpm包

[root@localhost ~]# rpm -ivh elasticsearch-6.2.2.rpm 

配置rpm配置文件java_home

[root@localhost elasticsearch]# vim /etc/sysconfig/elasticsearch 

修改elasticsearch.yml配置文件中ip地址

[root@localhost elasticsearch]# vim /etc/elasticsearch/elasticsearch.yml

启动elasticsearch

[root@localhost elasticsearch]# sudo systemctl start elasticsearch.service

[root@localhost elasticsearch]# sudo systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor p
reset: disabled)   Active: active (running) since 一 2018-08-06 09:19:00 CST; 8s ago
     Docs: http://www.elastic.co
 Main PID: 20974 (java)
   CGroup: /system.slice/elasticsearch.service
           └─20974 /usr/jdk1.8/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX...

8月 06 09:19:00 localhost.localdomain systemd[1]: Started Elasticsearch.
8月 06 09:19:00 localhost.localdomain systemd[1]: Starting Elasticsearch...

内部测试elasticsearch

[root@localhost elasticsearch]# curl -XGET '192.168.26.134:9200/?pretty'
{
  "name" : "5Gklft1",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "7xLCGLC3TTeD7IgHR00Gyg",
  "version" : {
    "number" : "6.2.2",
    "build_hash" : "10b1edd",
    "build_date" : "2018-02-16T19:01:30.685723Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

浏览器访问http://192.168.26.134:9200/，访问不到，需要关闭centos防火墙

[root@localhost elasticsearch]# sudo systemctl stop firewalld.service

浏览器再次访问即可成功

安装logstash

下载tar.gz：https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.rpm

安装之前先创建一个软链

[root@localhost bin]# ln -s /usr/jdk1.8/bin/java /usr/bin/java

安装rpm

[root@localhost ~]# rpm -ivh logstash-6.2.2.rpm 

配置logstash输入输出文件

[root@localhost log]# vim /etc/logstash/conf.d/logstash.conf

input {

        #stdin {}

        file {

                path =>"/usr/log/*"

                type =>"system"

                start_position =>"beginning"

                #codec => plain{charset => "UTF-8" }

   }

}

filter{

}

output {

         elasticsearch {

        #cluster =>"ourfuture"

        hosts =>["192.168.26.134:9200"]

        index => "wfq"

    }



}

启动logstash

[root@localhost log]# sudo systemctl start logstash.service

查询启动状态

[root@localhost log]# sudo systemctl status logstash.service
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; disabled; vendor preset: di
sabled)   Active: active (running) since 一 2018-08-06 10:27:27 CST; 27s ago
 Main PID: 22287 (java)
   CGroup: /system.slice/logstash.service
           └─22287 /bin/java -Xms256m -Xmx1g -XX:+UseParNewGC -XX:+UseConcMarkSwe...

8月 06 10:27:27 localhost.localdomain systemd[1]: Started logstash.
8月 06 10:27:27 localhost.localdomain systemd[1]: Starting logstash...
8月 06 10:27:49 localhost.localdomain logstash[22287]: Sending Logstash's logs t...
Hint: Some lines were ellipsized, use -l to show in full.

往/usr/log/ 下面任何文件中写入内容即可被logstash采集！

安装kibana

下载url：https://artifacts.elastic.co/downloads/kibana/kibana-6.2.2-x86_64.rpm

安装rpm

[root@localhost ~]# rpm -ivh kibana-6.2.2-x86_64.rpm 

修改kibana配置文件

[root@localhost kibana]# vim /etc/kibana/kibana.yml 

启动kibana

[root@localhost kibana]# sudo systemctl start kibana.service

查看启动状态

[root@localhost kibana]# sudo systemctl status kibana.service
● kibana.service - Kibana
   Loaded: loaded (/etc/systemd/system/kibana.service; disabled; vendor preset: disa
bled)   Active: active (running) since 一 2018-08-06 10:39:48 CST; 5s ago
 Main PID: 22987 (node)
   CGroup: /system.slice/kibana.service
           └─22987 /usr/share/kibana/bin/../node/bin/node --no-warnings /usr/shar...

8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:51 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:53 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
8月 06 10:39:53 localhost.localdomain kibana[22987]: {"type":"log","@timestamp":...
Hint: Some lines were ellipsized, use -l to show in full.

浏览器访问http://192.168.26.134:5601

创建索引

至此，结束，这只是入门教程，详细使用还需各位多看官方文档。