ELK基础
0.linux基础配置
vim /etc/hostname
------------------
docker01
------------------
vim /etc/sysconfig/network-scripts/ifcfg-ens33
------------------
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=be1fa0ae-cedb-400a-b43a-82110b757a4e
DEVICE=ens33
ONBOOT=yes
IPV6_PRIVACY=no
IPADDR=172.16.32.100
NETMASK=255.255.255.0
GATEWAY=172.16.32.2
DNS1=114.114.114.114
DNS2=8.8.8.8
------------------
检测网络
ping http://baidu.com
# 切换到root用户,配置免密sudo权限(容易出幺蛾子,建议拷贝行,然后修改)
sudo su - root
visudo
------------------
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
huhao ALL=(ALL) NOPASSWD: ALL
------------------
# 退回到普通账号(检测sudo)
exit
sudo visudo
# 关闭防火墙
systemctl stop firewall
# 创建工作空间
cd /opt
mkdir softwares download
chmod 777 -R /opt
# 配置vim
vim ~/.vimrc
-----------------------------------
set nocompatible " 关闭 vi 兼容模式
syntax on " 自动语法高亮
colorscheme koehler " 设定配色方案
set number " 显示行号
set cursorline " 突出显示当前行
set ruler " 打开状态栏标尺
set shiftwidth=4 " 设定 << 和 >> 命令移动时的宽度为 4
set nobackup " 覆盖文件时不备份
set autochdir " 自动切换当前目录为当前文件所在的目录
filetype plugin indent on " 开启插件
set backupcopy=yes " 设置备份时的行为为覆盖
set ignorecase smartcase " 搜索时忽略大小写,但在有一个或以上大写字母时仍保持对大小写敏感
set nowrapscan " 禁止在搜索到文件两端时重新搜索
set incsearch " 输入搜索内容时就显示搜索结果
set hlsearch " 搜索时高亮显示被找到的文本
set noerrorbells " 关闭错误信息响铃
set novisualbell " 关闭使用可视响铃代替呼叫
set t_vb= " 置空错误铃声的终端代码
set ff=unix " 打开文件格式 为unix
set paste
-----------------------------------
1.JDK 安装
yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
sudo find / -name jre
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre
vim /etc/profile
------------------------------------------------------------------------------------
# JAVA
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
------------------------------------------------------------------------------------
source /etc/profile
java -version
2.ElasticSearch 安装
下载
cd /opt/download
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.5.4-linux-x86_64.tar.gz
解压
tar -zxvf elasticsearch-6.5.4.tar.gz -C ../softwares
tar -zxvf kibana-6.5.4-linux-x86_64.tar.gz -C ../softwares
配置
cd ../softwares/elasticsearch-6.5.4/config
vim elasticsearch.yml
------------------------------------------------------------------------------------
cluster.name: MyES
node.name: node-01
path.data: /opt/softwares/elasticsearch-6.5.4/data
path.logs: /opt/softwares/elasticsearch-6.5.4/logs
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
------------------------------------------------------------------------------------
# 系统调参(最大进程数和打开文件数)
sudo vim /etc/security/limits.conf
------------------------------------
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
------------------------------------
# 重启,让参数生效
sudo reboot
# 最大内存页
sudo vi /etc/sysctl.conf
------------------------------------
vm.max_map_count=655360
------------------------------------
# 让参数生效
sudo sysctl -p
启动es
官网推荐启动方式
# 第一种:后台启动
./bin/elasticsearch -d
# 第二种:后台启动,并将进程号赋值给当前shell全局变量pid,使用 kill `cat pid` 可以删除进程(只能在shell命令行使用,脚本不好使)
./bin/elasticsearch -d -p pid
# 第三种:手动传参,定义集群和节点名称
./bin/elasticsearch -d -Ecluster.name=clustername -Enode.name=nodename
配置环境变量
sudo vim /etc/profile
------------------------------------
export ES_HOME=/opt/softwares/elasticsearch-6.5.4
export PATH=$ES_HOME/bin:$PATH
alias es_status="curl http://localhost:9200/"
alias es_on="$ES_HOME/bin/elasticsearch -d"
alias es_off="ps -ef | grep 'org.elasticsearch.bootstrap.Elasticsearch' | grep -v grep | awk -F ' ' '{print $2}'| xargs kill"
------------------------------------
./bin/elasticsearch -d 启动
curl http://localhost:9200/
{
"name" : "node-01",
"cluster_name" : "MyES",
"cluster_uuid" : "c5AdD00aR1mJ1QcIpsblAA",
"version" : {
"number" : "6.5.4",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "d2ef93d",
"build_date" : "2018-12-17T21:17:40.758843Z",
"build_snapshot" : false,
"lucene_version" : "7.5.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
宿主机上访问 http://docker-01:9200/
3.KIBANA 安装
# 配置
cd /opt/softwares/kibana-6.5.4-linux-x86_64/config
vim kibana.yml (注意冒号后面有一个空格)
------------------------------------
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://localhost:9200"
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
------------------------------------
# 启动
nohup bin/kibana &
# 宿主机访问
http://docker-01:5601/