Before building ELK, you must first install Redis and JDK, installing Redis please refer to the previous article .
First JDK installation and configuration environment variable
1. Extract the installation package to the / usr / local / java directory
[root @ VM_0_9_centos ~] # tar xvf /ryt/soft/jdk-11.0.3_linux-x64_bin.tar.gz -C / usr / local / java /
2. configure the environment variables (as at the end of the additional content)
[the root VM_0_9_centos @ ~] # Vim / etc / Profile
Export the JAVA_HOME = / usr / local / Java / JDK-11.0.3
Export the JRE_HOME the JAVA_HOME = $ {} / JRE
Export the CLASSPATH =:. $ {the JAVA_HOME} / lib: $ {} the JRE_HOME / lib
Export the PATH = $ {the JAVA_HOME} / bin: $ the PATH
3. Restart the configuration file to take effect immediately
[root@VM_0_9_centos ~]# source /etc/profile
ELK build detailed process
Setup: filebeat, elasticsearch, logstash, kibana
1. Install Elasticsearch
1 ) extracting installation package to the path / usr / local / lower Elk [VM_0_9_centos the root @ ~] # /ryt/soft/elk/elasticsearch-7.2.0-linux-x86_64.tar.gz -C -zxvf the tar / usr / local / elk /
2. Create a user and empowering
[root@VM_0_9_centos elk]# useradd es_user
[root@VM_0_9_centos elk]# groupadd esgroup
[root@VM_0_9_centos elk]# chown -R es_user:esgroup /usr/local/elk/elasticsearch-7.2.0/
3) modify the ES configuration file:
[root@VM_0_9_centos elk]# vim /usr/local/elk/elasticsearch-7.2.0/config/elasticsearch.yml
#这里指定的是集群名称,需要修改为对应的,开启了自发现功能后,ES会按照此集群名称进行集群发现cluster.name: elk-application
node.name: node-1
#目录需要手动创建
path.data: /data/elasticsearch/data path.logs: /data/elasticsearch/logs #ES监听地址 network.host: 0.0.0.0 #允许外网个访问 http.port: 9200
discovery.seed_hosts: ["172.17.0.9"] #内网ip
cluster.initial_master_nodes: ["node-1"]
4)修改系统参数#添加参数、
m.max_map_count=655360注:ES启动的时候回占用特别大的资源所以需要修改下系统参数,若不修改资源启动会异常退出
[root@VM_0_9_centos elk]# vim /etc/sysctl.conf
5)重新载入配置
[root@VM_0_9_centos elk]# sysctl -p /etc/sysctl.conf
6)修改资源参数
[root @ VM_0_9_centos elk] # vim /etc/security/limits.conf
修改内容
* soft nofile 65536
* hard nofile 131072
* soft nproc 65536
* hard nproc 1310727) Set user resource parameters
[root@VM_0_9_centos elk]# vim /etc/security/limits.d/20-nproc.conf
#Add to
es_user soft nproc 65536
8) to create and modify the data and directory permissions log directory
[@ VM_0_9_centos the root Elk] # mkdir -pv / usr / local / Elk / {Data, logs}
[@ VM_0_9_centos the root Elk] # chown -R & lt es_user: esgroup [the root @ VM_0_9_centos elk] # chown -R es_user: esgroup /usr/local/elk/elasticsearch-7.2.0/data/elasticsearch/
9)切换用户并后台启动ES
[root @ VM_0_9_centos elk] # su es_user
[es_user @ VM_0_9_centos elk] $ /usr/local/elk/elasticsearch-7.2.0/bin/elasticsearch &2. Install logstash
1. Extract the installation package and moved to the / usr / local / elk directory
[VM_0_9_centos filebeat- the root @ 7.2 . 0 ] # -zvxf the tar / RYT / Soft / Elk / logstash- 7.2 . 0 .tar.gz -C / usr / local / Elk /
2. Create a soft connection
[root @ VM_0_9_centos elk] # ln -s /usr/local/elk/logstash-7.2.0 / usr / local / elk / logstash
Note: Java HotSpot (TM) 64- Bit warning the VM Server:
the INFO: OS :: commit_memory (0x00000000c5330000, 986 513 408, 0) failed;
error = 'Not enough Space' (errno = 12 is)
[the root @ VM_0_9_centos Elk] # Vim ./elasticsearch-7.2.0/config/jvm .options
3. Install filebeat
1) to extract the installation package of the path / usr / local / Elk [@ VM_0_9_centos the root Elk] # xvf filebeat the tar-7.2.0-Linux-x86_64.tar.gz -C / usr / local / Elk /
2) Modify Profile the filebeat logs get into the redis:
Note: here will get the spring cloud framework eureka logs, other programs may log the same method to get
[root@VM_0_9_centos filebeat-7.2.0]#
[root@VM_0_9_centos filebeat-7.2.0]# pwd
/usr/local/elk/filebeat-7.2.0
[root@VM_0_9_centos filebeat-7.2.0]# vim ./filebeat.yml
#修改的内容有一家几个字段
enabled:true
paths:程序日志路径
output.logstash:
hosts:["服务器IP:5044"]
output.redis:
hosts:127.0.0.1 #redis所在服务器IP
port:6379 #redis端口
key:"filebeat-log" #redis中的key3)设置开机启动
修改配置rc.local,后面追加 /usr/local/elk/filebeat-7.2.0/filebeat > /tmp/filebeat.log 2>&1[root@VM_0_9_centos filebeat-7.2.0]# vim /etc/rc.local
4)后台启动filebeat
[root@VM_0_9_centos filebeat-7.2.0]# /usr/local/elk/filebeat-7.2.0/filebeat & 5)查看启动,filebeat有没有监听端口,主要看日志和进程
[root@VM_0_9_centos filebeat-7.2.0]# ps -ef | grep filebeat
[root@VM_0_9_centos filebeat-7.2.0]# tailf logs/filebeat
4. Start logstash
Test logstash not specified startup configuration file [@ VM_0_9_centos the root config] # / usr / local / Elk / logstash / bin / logstash -e 'stdin INPUT {{Output} {} {}} stdout'
NOTE: manual input hello world, it will output hello world
5. AnSo kibana
1 ) extracting installation package to the path / usr / local / lower Elk [VM_0_9_centos the root @ ~] # -zxvf the tar / RYT / Soft / Elk / kibana- 7.2 . 0 -linux-x86_64.tar.gz -C / usr / local / Elk /
2) editing the configuration file kibana
[root @ VM_0_9_centos ~] # vim /usr/local/elk/kibana-7.2.0/config/kibana.yml
3) backgrounding kibana
[VM_0_9_centos the root @ ~] # & /usr/local/elk/kibana-7.2.0/bin/kibana the --allow the root-