elk-6.8.1安装-centos-7.6

下载rpm包
官方地址
https://www.elastic.co/cn/downloads/past-releases#kibana
腾讯镜像地址（下载速度快）
https://mirrors.cloud.tencent.com/elasticstack/6.x/yum/6.8.1/

安装elasticsearch

wget https://mirrors.cloud.tencent.com/elasticstack/6.x/yum/6.8.1/elasticsearch-6.8.1.rpm
rpm -ivh elasticsearch-6.8.1.rpm
修改配置文件简单配置以下值

cat /etc/elasticsearch/elasticsearch.yml |grep -v ^#
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 172.16.0.43
http.port: 9200

启动
systemctl start elasticsearch.service
此处会有报错，可能是编译安装的java需要手动指定变量值
/etc/profile写入变量也未生效 报错信息如下

journalctl -u elasticsearch.service
...
Jul 05 15:20:47 ol43 elasticsearch[20037]: which: no java in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
Jul 05 15:20:47 ol43 elasticsearch[20037]: warning: Falling back to java on path. This behavior is deprecated. Specify JAVA_H
Jul 05 15:20:47 ol43 elasticsearch[20037]: could not find java; set JAVA_HOME
...

手动指定变量值

head -n 2 /usr/share/elasticsearch/bin/elasticsearch-env
#!/bin/bash
JAVA_HOME=/usr/local/jdk1.8.0_202

启动
systemctl start elasticsearch.service
验证

 curl 172.16.0.43:9200
{
  "name" : "azFRc7L",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "s8nLQgc_SWqSoRa5u7fqCg",
  "version" : {
    "number" : "6.8.1",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "1fad4e1",
    "build_date" : "2019-06-18T13:16:52.517138Z",
    "build_snapshot" : false,
    "lucene_version" : "7.7.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

启动成功

---

安装kibana

wget https://mirrors.cloud.tencent.com/elasticstack/6.x/yum/6.8.1/kibana-6.8.1-x86_64.rpm
rpm -ivh kibana-6.8.1-x86_64.rpm
修改配置文件

cat /etc/kibana/kibana.yml |grep -Ev '^#|^$'
server.port: 5601
server.host: "172.16.0.43"
elasticsearch.hosts: ["http://172.16.0.43:9200"]

启动
systemctl start kibana
验证
浏览器访问
172.16.0.43:5601

安装filebeat

wget https://mirrors.cloud.tencent.com/elasticstack/6.x/yum/6.8.1/filebeat-6.8.1-x86_64.rpm
rpm -ivh filebeat-6.8.1-x86_64.rpm
修改配置文件

 cat /etc/filebeat/filebeat.yml |grep -Ev '^#|^$|#'
filebeat.inputs:
- type: log
  enabled: false
  paths:
    - /var/log/*.log
- type: log
  enabled: true
  paths:
    - /opt/jar/app-service/app-service.log
  fields:
    doc_type: app-service
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 3
setup.kibana:
output.elasticsearch:
  hosts: ["172.16.0.43:9200"]

启动
systemctl start filebeat
验证
手动到kibana上查看索引
点击index patterns

---

点击 create index patterns 能看到对应记录即为成功

---

为kibana添加登陆验证

htpasswd -c /opt/app/nginx/conf/conf.d/.kibana-user admin
nginx配置

server {
    listen 80;

    server_name elk.888.com;

    auth_basic "Restricted Access";
    auth_basic_user_file /opt/app/nginx/conf/conf.d/.kibana-user;

    location / {
        proxy_pass http://172.16.0.43:5601; 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

---

登陆验证效果如下

---

转载于:https://my.oschina.net/u/4012972/blog/3070968