ELK安装部署全流程

elk6.5.4安装文档

参考转自：
https://www.cnblogs.com/by1994/p/10412709.html
https://www.cnblogs.com/centos2017/p/8920519.html

环境配置

1. java环境 （安装elasticserach需要java环境）

yum install -y java-1.8.0-openjdk-debug.x86_64

2. nodejs 环境 （安装elasticserach-head需要nodejs环境）

wget  https://nodejs.org/dist/v12.6.0/node-v12.6.0-linux-x64.tar.xz 	
xz -d node-v12.6.0-linux-x64.tar.xz 	
tar -xvf node-v12.6.0-linux-x64.tar
mv node-v12.6.0-linux-x64 node 	
ln -s /usr/local/node/bin/npm  /usr/local/bin/ 	
ln -s /usr/local/node/bin/node /usr/local/bin/

3. 配置系统文件

vim /etc/security/limits.conf 	
末尾添加 		
	elk soft nofile 65535
   	elk hard nofile 65535 		
   	elk soft nproc 4096 		
   	elk hard nproc 4096 

vim /etc/security/limits.d/20-nproc.conf 	
修改 		
	elk          soft      nproc     4096 		
	root       soft    nproc     unlimited 	

vim    /etc/sysctl.conf 		
末未添加 		
	vm.max_map_count=262144 		
执行 sysctl -p

elasticserach安装

1. 添加一个用户（elasticserach不能再root下启动）

useradd elk
passwd elk

2. 下载elasticserach

cd /home/elk
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4-linux-x86_64.tar.gz
tar zxvf elasticsearch-6.5.4-linux-x86_64.tar.gz
mv lasticsearch-6.5.4-linux-x86_64 lasticsearch

3. 修改配置文件

cd lasticsearch
vim config/elasticsearch.yml
文件内容
	path.data: /home/elk/elasticsearch/data
	path.logs: /home/elk/elasticsearch/logs
	http.host: 0.0.0.0
	末尾添加
	http.cors.enabled: true
	http.cors.allow-origin: "*"

4. 启动elasticserach

cd /home/elk/elasticsearch/
./bin/elasticsearch -d
netstat -ntpl | grep 9200

elasticsearch-head安装

1. elasticsearch-head下载

cd /usr/local/elk
wget https://github.com/mobz/elasticsearch-head/archive/master.zip
unzip master.zip
mv elasticsearch-head-master elasticsearch-head
npm install -g cnpm --registry=https://registry.npm.taobao.org
npm install -g grunt-cli
cnpm install
npm install

2. 修改配置文件

cd elasticsearch-head
vim _site/app.js
把  this.base_uri = this.config.base_uri || this.prefs.get(“app-base_uri”) || “http://localhost:9200“;
改成 this.base_uri = this.config.base_uri || this.prefs.get(“app-base_uri”) || “http://elasticSearch机器:9200“;
vim Gruntfile.js
	connect: {
     
            server: {
     
               options: {
     
                   port: 9100,
                   hostname: '*',
                   base: '.',
                   keepalive: true
                }
            }
        }

3. 启动elasticserach-head

cd /usr/local/elk/elasticserach-head/
nohup cnpm run start &> run.log &

logstash安装

1. logstash下载

cd /usr/local/elk
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.5.4.zip
unzip logstash-6.5.4.zip
mv logstash-6.5.4 logstash

2. 修改配置文件

cd /usr/local/elk/logstash
vim config/logstash.yml
path.data: /usr/local/elk/logstash/data
http.host: "0.0.0.0"
path.logs: /usr/local/elk/logstash/logs
vim config/test.conf
input {
     
	file {
     
		path => "/tmp/test1/*.log"
		start_position => "beginning"
		type => "test1"
	}
	file {
     
		path => "/tmp/test2/*.log"
		start_position => "beginning"
		type => "test2"
	}
}
output {
     
	if [type] == "test1" {
      
		elasticsearch {
     
			hosts => ["ip:9200"]
			action => "index"
			index => "logstash-%{+YYYY.MM.dd}"
			document_type => "test"
			#user => "elastic"
			#password => "changeme"
		}
	}
}

3. 调试

cd /usr/local/elk/logstash
logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'

4. 启动logstash

cd /usr/local/elk/logstash
nohup ./bin/logstash -f config/test.conf &> run.log &

kibana安装

1. kibana下载

cd /usr/local/elk
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.5.4-linux-x86_64.tar.gz
tar zxvf kibana-6.5.4-linux-x86_64.tar.gz
mv kibana-6.5.4-linux-x86_64 kibana

2. 修改配置文件

cd /usr/local/elk/kibana
vim config/kibana.yml
	server.port: 5601
	server.host: "本机ip"
	elasticsearch.url: "http://elasticsearchIP:9200"

3. 启动kibana

cd /usr/local/elk/kibana
nohup ./bin/kibana -H 0.0.0.0 &> run.log &

汉化版kibana安装

1. 汉化版kibana下载

cd /usr/local/elk
wget https://github.com/anbai-inc/Kibana_Hanization/archive/master.zip
unzip master.zip
cd Kibana_Hanization-master/old
python main.py /usr/local/elk/kibana

ELK设置密码

1. elasticsearch修改

修改配置文件

su elk
vim /home/elk/elasticsearch/conf/elasticsearch.yml
在文件末尾添加
	xpack.security.enabled: true（注意有可能重启的过程中会变，一定要改回来）
	xpack.ml.enabled: true
	xpack.license.self_generated.type: trial

重启elasticsearch

netstat -ntpl | grep 9200
kill pid
cd /home/elk/elasticsearch/
./bin/elasticsearch -d

修改elasticsearch密码

cd /home/elk/elasticsearch/
./bin/elasticsearch-setup-passwords interactive

2. kibana修改

修改配置文件

cd /usr/local/elk/kibana
vim conf/kibana.yml
修改密码
	elasticsearch.username: "elastic"
	elasticsearch.password: "密码与上面修改的密码一致"

重启kibana

netstat -ntpl | grep 5601
kill pid
cd /usr/local/elk/kibana
nohup ./bin/kibana -H 0.0.0.0 &> run.log &

3. logstash修改

修改配置文件

cd /usr/local/elk/logstash
vim conf/test.conf
	output {
     
		elasticsearch {
     
			hosts => [ "elasticsearch:9200" ]
			user => elastic
			password => "密码与上面修改的密码一致"
			index => "%{[fields][document_type]}-%{+YYYY.MM.dd}"
		}
	}

清除logstasg curl -XDELETE http://127.0 .0.1:9200/logstash-2018.05.23