CentOS7.9单机部署elk

安装环境：
 
CentOS Linux release 7.9.2009 (Core)
 
所需软件包：
 
elasticsearch-6.8.1.rpm
elasticsearch-head.tar.gz
 jdk-8u211-linux-x64.rpm
 kibana-6.8.10-x86_64.rpm
 logstash-6.8.10.rpm
 
安装步骤
 
1)配置epel源
 
[root@elk ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@elk ~]# yum clean all
[root@elk ~]# yum makecache
 
2)安装JDK
 
[root@elk ~]# yum -y localinstall jdk-8u211-linux-x64.rpm
[root@elk ~]# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
[root@elk ~]#
 
3)安装elasticsearch
 
[root@elk ~]# yum -y localinstall elasticsearch-6.8.1.rpm
 
修改配置文件
 
[root@elk ~]# vim /etc/elasticsearch/elasticsearch.yml
 
 
 
#cluster.name: my-application  ->cluster.name: elk-application
#node.name: node-1                  ->node.name: node-1
path.data: /var/lib/elasticsearch  ->path.data: /elk/data
path.logs: /var/log/elasticsearch->path.logs: /elk/logs
#bootstrap.memory_lock: true  ->bootstrap.memory_lock: true
#network.host: 192.168.0.1     ->network.host: 10.158.1.20
#http.port: 9200   ->http.port: 9200
#discovery.zen.ping.unicast.hosts: ["host1", "host2"] ->discovery.zen.ping.unicast.hosts: ["10.158.1.20"]
 
修改配置文件 [root@elk ~]# vim /usr/lib/systemd/system/elasticsearch.service
在Services下增加如下内容：
LimitMEMLOCK=infinity
 
[root@elk ~]# systemctl daemon-reload
 
修改内存限制
[root@elk ~]# vim /etc/elasticsearch/jvm.options
 
-Xms4g
-Xmx4g
创建目录
[root@elk ~]# mkdir -p /elk/{data,logs}
[root@elk ~]# chown elasticsearch.elasticsearch /elk/ -R
 
增加host记录
 
[root@elk ~]# vim /etc/hosts
 
10.158.1.20 node-1
 
设置开机启动并启动服务
[root@elk ~]# systemctl enable elasticsearch.service
[root@elk ~]# systemctl start elasticsearch.service
 
检查服务是否启动成功
 

 

 
备注：启动稍慢
 
4)安装elasticsearch插件head
 
[root@elk ~]# yum -y install npm git
[root@elk ~]# tar zxvf elasticsearch-head.tar.gz -C /usr/local/src/
[root@elk ~]# cd /usr/local/src/elasticsearch-head/
[root@elk elasticsearch-head]# npm run start &
 
修改elasticsearch服务配置文件，开启跨域访问支持，然后重启elasticsearch服务
 
[root@elk elasticsearch-head]# vim /etc/elasticsearch/elasticsearch.yml
 
末尾增加如下内容:
 
http.cors.enabled: true
http.cors.allow-origin: "*
 
重启elasticsearch服务
[root@elk elasticsearch-head]# systemctl restart elasticsearch.service
 
编写elasticsearch-head启动脚本
 
[root@elk elasticsearch-head]# vim /usr/bin/elasticsearch-head
 
#!/bin/bash
#desc: elasticsearch-head service manager
#date: 2019
 
data="cd /usr/local/src/elasticsearch-head/; nohup npm run start > /dev/null 2>&1 & "
 
function START (){
    eval $data && echo -e "elasticsearch-head start\033[32m     ok\033[0m"
}
 
function STOP (){
    ps -ef |grep grunt |grep -v "grep" |awk '{print $2}' |xargs kill -s 9 > /dev/null && echo -e "elasticsearch-head stop\033[32m      ok\033[0m"
}
 
case "$1" in
    start)
        START
        ;;
    stop)
        STOP
        ;;
    restart)
        STOP
        sleep 3
        START
        ;;
    *)
        echo "Usage: elasticsearch-head (start|stop|restart)"
        ;;
esac
 
[root@elk elasticsearch-head]# chmod +x /usr/bin/elasticsearch-head
 
启动服务
 

 
web登录连接es数据库如下图：
 

 
5)安装Logstash
 
[root@elk ~]# yum -y localinstall logstash-6.8.10.rpm
启动服务
[root@elk ~]# systemctl enable logstash.service
[root@elk ~]# systemctl start logstash.service
 
5)安装kibana
 
[root@elk ~]# yum -y localinstall kibana-6.8.10-x86_64.rpm
修改配置文件 
[root@elk ~]# vim /etc/kibana/kibana.yml
 
#server.port: 5601 ->server.port: 5601
#server.host: "localhost"->server.host: "10.158.1.20"
#elasticsearch.hosts: ["http://localhost:9200"] ->elasticsearch.hosts: ["http://10.158.1.20:9200"]
#i18n.locale: "en"->i18n.locale: "zh-CN"
 
启动服务
[root@elk ~]# systemctl enable kibana.service
[root@elk ~]# systemctl start kibana.service
 
使用浏览器打开页面如下：

 
 6)nginx安装fileneat测试
[root@web ~]# curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.8.10-x86_64.rpm
[root@web ~]# sudo rpm -vi filebeat-6.8.10-x86_64.rpm
[root@web ~]# vim /etc/filebeat/filebeat.yml
  hosts: ["localhost:9200"]->hosts: ["10.158.1.20:9200"]
#host: "localhost:5601" ->host: "10.158.1.20:5601"
[root@web ~]# sudo filebeat modules enable nginx
[root@web ~]# sudo filebeat setup
[root@web ~]# sudo service filebeat start
7）访问nginx页面刷新日志后，在kibana查看日志如下图：