系统要求:Centos7(内核3.5及以上,2核4G)
elk版本:6.2.4(较新版本)
jdk版本:1.8(必须为java1.8版本)
5.2 查看启动日志
cd /var/log/elasticsearch/
tail -f elasticsearch.log
5.3 检查端口情况
netstat -lntp
6、通过x-pack设置密码
cd /usr/share/elasticsearch/bin/
x-pack/setup-passwords interactive
7、登陆测试
打开浏览器访问:http://10.244.78.230:9200
可以看到对话框,输入用户名和密码就可以。默认的用户名:elastic
访问成功!!!!
四、部署kibana
1、rpm安装
cd /opt
rpm -ivh kibana-6.2.4-x86_64.rpm
2、修改配置文件
[root@localhost bin]# cat /etc/kibana/kibana.yml | grep -v "^#" | grep -v "^$"
server.port: 5601
server.host: "10.244.78.230"
elasticsearch.url: "http://10.244.78.230:9200"
elasticsearch.username: "elastic"
elasticsearch.password: "123456"
3、安装x-pack插件
cd /usr/share/kibana/bin/
./kibana-plugin install x-pack
4、启动kibana
systemctl start kibana
5、访问测试(默认端口为5601)
五、部署logstash
1、rpm安装
cd /opt
rpm -ivh logstash-6.2.4.rpm
2、修改配置文件
mkdir -p /usr/share/logstash/config
cp /etc/logstash/log4j2.properties /usr/share/logstash/config
[root@localhost logstash]# cat /etc/logstash/logstash.yml | grep -v "^#" | grep -v "^$"
node.name: logstash
path.data: /var/lib/logstash
path.config: /etc/logstash/conf.d
config.test_and_exit: True
path.logs: /var/log/logstash
3、编写测试conf
一般放在/etc/logstash/conf.d目录下
[root@localhost conf.d]# cat test.conf
input {
stdin {
}
}
output {
elasticsearch {
hosts =>["10.244.78.230:9200"]
index => "test-%{+YYYY.MM.dd}"
user => elastic
password => "123456"
}
stdout {
codec => rubydebug
}
}
4、测试运行
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/test.conf(用来临时做测试用)
5、打开kibana查看
6、开启kibana
后期生产环境中,只需:
1、编写好conf文件
2、启动logstash即可,systemctl start logstash
7、kibana中x-pack认证问题
更多ELK相关教程见以下内容: