下载软件
JDK
#wget http://172.18.71.12:83/2Q2W261090F59DD53D8C9740EB6430C46EB03192EE29_unknown_229A95874D39CC9F5FE38A6EA9A2A49C92CE7A07_9/download.oracle.com/otn-pub/java/jdk/8u162-b12/0da788060d494f5095bf8624735fa2f1/jdk-8u162-linux-x64.tar.gz -P /usr/local/src/
Elasticsearch
#wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.tar.gz
Logstash
#wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.2.tar.gz
kibana
#wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.2-linux-x86_64.tar.gz
配置环境
#tar -zxf jdk-8u162-linux-x64.tar.gz
#mv jdk1.8.0_162/ /usr/local/
#vim /etc/profile
追加
#JAVA
JAVA_HOME=/usr/local/jdk1.8.0_162
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME CLASSPATH PATH
# source /etc/profile
# java -version
java version "1.8.0_162"
Java(TM) SE Runtime Environment (build 1.8.0_162-b12)
# vim /etc/security/limits.conf
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 6553
# vim /etc/security/limits.d/90-nproc.conf
* soft nproc 4096
root soft nproc unlimited
#vim /etc/sysctl.conf
添加
vm.max_map_count = 262144
安装ELK
#mkdir /usr/local/ELK
#tar -zxf elasticsearch-6.2.2.tar.gz
#mv elasticsearch-6.2.2 /usr/local/ELK/
#tar -zxf logstash-6.2.2.tar.gz
#mv logstash-6.2.2 /usr/local/ELK/
#tar -zxf kibana-6.2.2-linux-x86_64.tar.gz
#mv kibana-6.2.2-linux-x86_64 /usr/local/ELK/
#useradd elk
#passwd elk
#chown elk.elk /usr/local/ELK/ -R
#su - elk
配置elasticsearch
$cd /usr/local/ELK/elasticsearch-6.2.2/config/
$vim elasticsearch.yml
取消注释,修改
cluster.name: test-elk
node.name: node-1
network.host: 2xx.xx.xxx.1x2
http.port: 9200
追加
bootstrap.system_call_filter: false
启动elasticsearch
$/usr/local/ELK/elasticsearch-6.2.2/bin/elasticsearch &
配置logstash
这是最简单的配置,勉强能用,高难的正在研究中....
$ vim /usr/local/ELK/logstash-6.2.2/config/elk.conf
input {
file {
type => "elk-hc_access"
path => "/data/logs/www/hc.log"
start_position => "beginning"
}
file {
type => "elk-hc_error"
path => "/data/logs/www/hc_err.log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["218.60.28.102:9200"]
index => "%{type}-%{+YYYY.MM.dd}"
}
}
启动logstash
$ ./logstash -f /usr/local/ELK/logstash-6.2.2/config/elk.conf &
配置Kibana
$vim kibana.yml
取消注释,修改
server.port: 5601
server.host: "218.60.28.102"
elasticsearch.url: "http://localhost:9200"
启动Kibana
$ ./kibana &
登陆地址
Management=>这里填你定义的elk-hc_access*或者elk-hc_error*
配置里
index => "%{type}-%{+YYYY.MM.dd}" 对应的是搜索elk-hc_access*时候显示:如 elk-hc_access-2018.03.14
杀死kibana
#fuser -n tcp 5601
#kill -9 pid
JDK
#wget http://172.18.71.12:83/2Q2W261090F59DD53D8C9740EB6430C46EB03192EE29_unknown_229A95874D39CC9F5FE38A6EA9A2A49C92CE7A07_9/download.oracle.com/otn-pub/java/jdk/8u162-b12/0da788060d494f5095bf8624735fa2f1/jdk-8u162-linux-x64.tar.gz -P /usr/local/src/
Elasticsearch
#wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.tar.gz
Logstash
#wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.2.tar.gz
kibana
#wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.2-linux-x86_64.tar.gz
配置环境
#tar -zxf jdk-8u162-linux-x64.tar.gz
#mv jdk1.8.0_162/ /usr/local/
#vim /etc/profile
追加
#JAVA
JAVA_HOME=/usr/local/jdk1.8.0_162
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME CLASSPATH PATH
# source /etc/profile
# java -version
java version "1.8.0_162"
Java(TM) SE Runtime Environment (build 1.8.0_162-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.162-b12, mixed mode)
* soft nproc 65536
* hard nproc 65536
* soft nofile 65536
* hard nofile 6553
# vim /etc/security/limits.d/90-nproc.conf
* soft nproc 4096
root soft nproc unlimited
#vim /etc/sysctl.conf
添加
vm.max_map_count = 262144
安装ELK
#mkdir /usr/local/ELK
#tar -zxf elasticsearch-6.2.2.tar.gz
#mv elasticsearch-6.2.2 /usr/local/ELK/
#tar -zxf logstash-6.2.2.tar.gz
#mv logstash-6.2.2 /usr/local/ELK/
#tar -zxf kibana-6.2.2-linux-x86_64.tar.gz
#mv kibana-6.2.2-linux-x86_64 /usr/local/ELK/
#useradd elk
#passwd elk
#chown elk.elk /usr/local/ELK/ -R
#su - elk
配置elasticsearch
$cd /usr/local/ELK/elasticsearch-6.2.2/config/
$vim elasticsearch.yml
取消注释,修改
cluster.name: test-elk
node.name: node-1
network.host: 2xx.xx.xxx.1x2
http.port: 9200
追加
bootstrap.system_call_filter: false
启动elasticsearch
$/usr/local/ELK/elasticsearch-6.2.2/bin/elasticsearch &
配置logstash
这是最简单的配置,勉强能用,高难的正在研究中....
$ vim /usr/local/ELK/logstash-6.2.2/config/elk.conf
input {
file {
type => "elk-hc_access"
path => "/data/logs/www/hc.log"
start_position => "beginning"
}
file {
type => "elk-hc_error"
path => "/data/logs/www/hc_err.log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["218.60.28.102:9200"]
index => "%{type}-%{+YYYY.MM.dd}"
}
}
启动logstash
$ ./logstash -f /usr/local/ELK/logstash-6.2.2/config/elk.conf &
配置Kibana
$vim kibana.yml
取消注释,修改
server.port: 5601
server.host: "218.60.28.102"
elasticsearch.url: "http://localhost:9200"
启动Kibana
$ ./kibana &
登陆地址
http://218.60.28.102:5601
PS:
页面上Management=>这里填你定义的elk-hc_access*或者elk-hc_error*
配置里
index => "%{type}-%{+YYYY.MM.dd}" 对应的是搜索elk-hc_access*时候显示:如 elk-hc_access-2018.03.14
杀死kibana
#fuser -n tcp 5601
#kill -9 pid