centos7 build EFK

surroundings:

    system: CentOS Linux release 7.7.1908

    elasticsearch: elasticsearch-7.5.1-1.x86_64

    kibana: kibana-7.5.1-1.x86_64

    filebeat: filebeat-7.5.1-1.x86_64

 

1. EFK configuration of yum environment

    

   rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

　　

 

 

Create a source file yum

    vim efk.repo:

[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md


[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

　　

 

2. Install EFK

1     yum install --enablerepo=elasticsearch elasticsearch
2     yum install kibana
3     yum install filebeat

 

 

 

 

3. Configure EFK

 

    a. Configure elasticsearch

        vim /etc/elasticsearch/elasticsearch.yml

    node.name: node-1
    cluster.initial_master_nodes: ["node-1"]
    http.port: 9200
    network.host: 0.0.0.0

 

 

    b. arrangement kibana

        vim /etc/kibana/kibana.yml

    server.port: 5601 
    server.host: " 0.0.0.0 " 
    elasticsearch.hosts: [ " #ip deployed into the machine ip elasticsearch services 
    kibana.index: " .kibana "

 

 

    c. Configure filebeat

        vim /etc/filebeat/filebeat.yml

    setup.kibana: 
       Host: "   # ip ip kibana machines deployed into service 
    
    output.elasticsearch: 
       hosts: [ " localhost: 9200 " ] # ip deployed into the machine elasticsearch services ip, I have here is a machine, Therefore localhost equal to 11. the 22 is 
    
    filebeat.inputs:
     - type: log 
       Enabled: to false 
       paths: log collection path #
         - / var / log / * .log

 

 

Start EFK Service

    systemctl start elasticsearch.service

    If the startup problem elasticsearch about, click on:  https://blog.51cto.com/liuxiaolan/2463905

    systemctl start kibana.service

    systemctl start filebeat.service