version
- elasticsearch6.7.1
- logstash6.7.1
- kibana6.5.4
ElasticSearch installation
1. Modify conf / elasticsearch.yml
node to assume the role of master data and open host.
Because the server only 1G of memory, adjusting the parameters jvm to 512m
cluster.name: es6.7
node.name: node-1
node.master: true
node.data: true
network.host: 0.0.0.0
复制代码2. Start es es not start with the root, so create a new user and assign permissions
adduser es
chown -R es:es elasticsearch-6.7.1
su es
cd elasticsearch-6.7.1
./bin/elasticsearch
复制代码Start errors
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
vi /etc/sysctl.conf
vm.max_map_count = 262144
sysctl -p
复制代码Logstash installation
1. Modify conf / logstash-simple.conf
cd /home/es/logstash-6.7.1/config
vim logstash-simple.conf
cd logstash-6.7.1/bin
./bin/logstash -f config/logstash-simple.conf
复制代码After starting logstash read the log file, sent to es, and automatically create an index
Start Kibana
Because windows starts directly after download click kibana.bat
Here kibana.yml may need to modify the conf directory, elasticsearch.url es modify the address you want to connect, otherwise the default connection localhost: 9200
test
elasticsearch-head plug View es data (kibana actually can see)
echo "hello" >> dru.log
Append text to the log, you can see logstash output log, and found in the es
to sum up
This is the easiest way to build elk omitted here logstash log parsing and filtering, the place is its most powerful filters filter, the log format can be resolved; es index has not been optimized, created by default five primary and secondary slices