CentOS ELK 7.6.2 安装笔记

0x01.下载&安装

cd /app/elk
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.2-x86_64.rpm
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.6.2.rpm
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.6.2-x86_64.rpm

采用 rpm 方式安装:

[root@m elk]# rpm -ivh elasticsearch-7.6.2-x86_64.rpm 
warning: elasticsearch-7.6.2-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing...                          ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
Updating / installing...
   1:elasticsearch-0:7.6.2-1          ################################# [100%]
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service
future versions of Elasticsearch will require Java 11; your Java version from [/usr/java/jdk1.8.0_191-amd64/jre] does not meet this requirement
Created elasticsearch keystore in /etc/elasticsearch
[root@m elk]# rpm -ivh kibana-7.6.2-x86_64.rpm 
warning: kibana-7.6.2-x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:kibana-7.6.2-1                   ################################# [100%]
[root@m elk]# rpm -ivh logstash-7.6.2.rpm 
warning: logstash-7.6.2.rpm: Header V4 RSA/SHA512 Signature, key ID d88e42b4: NOKEY
Preparing...                          ################################# [100%]
Updating / installing...
   1:logstash-1:7.6.2-1               ################################# [100%]
Using provided startup.options file: /etc/logstash/startup.options
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.30/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated
Successfully created system startup script for Logstash

0x02 启动 elasticsearch

修改配置文件: vim /etc/elasticsearch/elasticsearch.yml

开启远程访问和数据存储位置:

## 自定义数据目录 
path.data: /app/elk/elasticsearch/data
path.logs: /app/elk/elasticsearch/log
## 远程访问
network.host: 127.0.0.1
http.host: 0.0.0.0
## 开启跨域
http.cors.enabled: true
http.cors.allow-origin: "*"
## 启动
systemctl start elasticsearch.service

命令行执行 curl http://localhost:9200/ 验证一下服务启动信息

CentOS ELK 7.6.2 安装笔记_第1张图片
es

0x03 启动 kibana

  • 配置文件: /etc/kibana/kibana.yml
  • 启动文件:/usr/share/kibana/bin/kibana
## 配置文件,指定 es位置
vim /etc/kibana/kibana.yml
## 配置公网访问IP
server.host: "0.0.0.0"
## 打开 elasticsearch.hosts设置:
elasticsearch.hosts: ["http://localhost:9200"]

## 创建子账号
useradd elk

## 启动
su elk
nohup /usr/share/kibana/bin/kibana &

启动完成后 访问:
http://your-ip:5601

CentOS ELK 7.6.2 安装笔记_第2张图片
kibana

0x04 启动 logstash

  • 启动文件: /usr/share/logstash/bin/logstash
  • 配置文件: /etc/logstash/conf.d
    在上述目录下 手动生成 logstash.conf
    内容如下, 意为 监听 stdin标准输入信息:
input { stdin { } }
output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}

启动:

/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf

此时, 直接在启动结果下面输入文字, 会立即回显logstash处理结果:


CentOS ELK 7.6.2 安装笔记_第3张图片
logstash

同时,logstash会产生一个服务,端口号为 9600

curl http://localhost:9600

0x04 配置第一条 Kibana

CentOS ELK 7.6.2 安装笔记_第4张图片
第一条pattern
CentOS ELK 7.6.2 安装笔记_第5张图片
选择过滤器

CentOS ELK 7.6.2 安装笔记_第6张图片
结果

到这一步后, 一顿乱戳那个图标,直到下图出现:


CentOS ELK 7.6.2 安装笔记_第7张图片
查看数据

到此, 最基本的一配置已经完成, 后续其他文章会更新 基于日志文件的配置效果.

你可能感兴趣的:(CentOS ELK 7.6.2 安装笔记)