Bootstrap

ELK环境搭建

文章目录

1.ElasticSearch安装

1.安装的版本选择
1.SpringBoot版本:2.4.2 找到依赖的spring-data-elasticsearch的版本

CleanShot 2024-12-30 at 18.53.27@2x

2.spring-data-elasticsearch版本:4.1.3 找到依赖的elasticsearch版本

CleanShot 2024-12-30 at 18.56.35@2x

3.elasticsearch版本:7.9.3
2.安装
1.官方文档

https://www.elastic.co/guide/en/elasticsearch/reference/7.9/getting-started-install.html

2.下载压缩包(百度网盘)

CleanShot 2024-12-30 at 18.59.12@2x

CleanShot 2024-12-30 at 18.59.46@2x

3.上传到服务器
1.在 /usr/local下创建目录ElasticSearch
mkdir /usr/local/ElasticSearch
2.进入目录,并将压缩包上传到该目录
cd /usr/local/ElasticSearch

CleanShot 2024-12-30 at 19.09.33@2x

4.解压缩
1.解压
tar -zxvf elasticsearch-7.9.3-linux-x86_64.tar.gz
2.删除压缩包
rm -rf elasticsearch-7.9.3-linux-x86_64.tar.gz
5.快速启动es
1.进入bin目录
cd /usr/local/ElasticSearch/elasticsearch-7.9.3/bin
2.直接启动
./elasticsearch
3.报错不能使用root用户启动

CleanShot 2024-12-30 at 19.14.13@2x

6.创建一个新的elasticsearch用户启动es
1.添加用户
useradd elasticsearch
2.设置密码(Ww)
passwd elasticsearch
3.将elasticsearch目录的所有者和所在组设置为elasticsearch用户
chown -R elasticsearch:elasticsearch /usr/local/ElasticSearch/elasticsearch-7.9.3
4.查看是否设置成功
ll /usr/local/ElasticSearch/elasticsearch-7.9.3

CleanShot 2024-12-30 at 19.17.37@2x

7.再次启动es
1.切换用户为elasticsearch
su elasticsearch
2.启动
cd /usr/local/ElasticSearch/elasticsearch-7.9.3/bin && ./elasticsearch

CleanShot 2024-12-30 at 19.22.42@2x

8.开放9200端口
1.服务器开启
systemctl start firewalld && firewall-cmd --permanent --add-port=9200/tcp && firewall-cmd --reload && firewall-cmd --query-port=9200/tcp
2.安全组开启

CleanShot 2024-12-30 at 19.25.29@2x

9.elasticsearch配置
1.配置文件位置

CleanShot 2024-12-30 at 19.33.17@2x

CleanShot 2024-12-30 at 19.33.59@2x

2.修改JVM堆大小为512M
vim /usr/local/ElasticSearch/elasticsearch-7.9.3/config/jvm.options

CleanShot 2024-12-30 at 19.45.34@2x

3.日志命名规则以及滚动位置(如果滚动的日志过多可以手动删除)

CleanShot 2024-12-30 at 19.55.46@2x

CleanShot 2024-12-30 at 19.56.06@2x

4.配置path.data 和 path.logs也就是数据目录和日志目录
vim /usr/local/ElasticSearch/elasticsearch-7.9.3/config/elasticsearch.yml
path:
  data: /usr/local/ElasticSearch/elasticsearch-7.9.3/data/elasticsearch
  logs: /usr/local/ElasticSearch/elasticsearch-7.9.3/log/elasticsearch
5.配置集群名字
vim /usr/local/ElasticSearch/elasticsearch-7.9.3/config/elasticsearch.yml
cluster.name: elasticsearch-cluster
6.配置节点名字
vim /usr/local/ElasticSearch/elasticsearch-7.9.3/config/elasticsearch.yml
node.name: elasticsearch-node-9200
7.配置network.host为0.0.0.0 监听所有网络接口
vim /usr/local/ElasticSearch/elasticsearch-7.9.3/config/elasticsearch.yml
network.host: 0.0.0.0
8.将elasticsearch用户打开文件的最大数量设置为 65,535 个
vim /etc/security/limits.conf
elasticsearch  -  nofile  65535

CleanShot 2024-12-30 at 20.20.32@2x

9.虚拟内存设置
vim /etc/sysctl.conf

最后一行

vm.max_map_count=262144

CleanShot 2024-12-30 at 20.26.48@2x

sudo sysctl -p
sysctl vm.max_map_count

CleanShot 2024-12-30 at 20.27.40@2x

10.线程数配置至少为 4096
vim /etc/security/limits.conf
elasticsearch soft nproc 4096
elasticsearch hard nproc 4096

CleanShot 2024-12-30 at 20.30.54@2x

vim /etc/security/limits.d/90-nproc.conf
11.配置节点发现(因为修改了network.host)
vim /usr/local/ElasticSearch/elasticsearch-7.9.3/config/elasticsearch.yml
discovery.seed_hosts:
  - 127.0.0.1
cluster.initial_master_nodes:
  - elasticsearch-node-9200

CleanShot 2024-12-30 at 20.38.38@2x

10.测试
1.重启es
cd /usr/local/ElasticSearch/elasticsearch-7.9.3/bin && ./elasticsearch

CleanShot 2024-12-30 at 20.39.38@2x

2.测试访问

http://ip:9200/

在这里插入图片描述

3.后台启动es并指定日志输出目录
nohup /usr/local/ElasticSearch/elasticsearch-7.9.3/bin/elasticsearch > /usr/local/ElasticSearch/elasticsearch-7.9.3/logs/elasticsearch-nohup.log 2>&1 &
4.查看日志
cat /usr/local/ElasticSearch/elasticsearch-7.9.3/logs/elasticsearch-nohup.log

CleanShot 2024-12-30 at 20.46.40@2x

5.再次访问es测试
11.单节点 elasticsearch.yml配置
vim /usr/local/ElasticSearch/elasticsearch-7.9.3/config/elasticsearch.yml
path:
  data: /usr/local/ElasticSearch/elasticsearch-7.9.3/data/elasticsearch
  logs: /usr/local/ElasticSearch/elasticsearch-7.9.3/log/elasticsearch
cluster.name: elasticsearch-cluster
node.name: elasticsearch-node-9200
network.host: 0.0.0.0
discovery.seed_hosts:
  - 127.0.0.1
cluster.initial_master_nodes:
  - elasticsearch-node-9200
12.安装head插件
1.谷歌插件安装

CleanShot 2024-12-30 at 20.54.11@2x

2.创建一个只有一个分片的索引(有副本分片,会警告,因为只有一个节点)

CleanShot 2024-12-30 at 21.06.08@2x

2.Kibana安装

1.安装版本7.9.3
2.下载压缩包
1.找到指定版本的

https://www.elastic.co/downloads/past-releases#kibana

CleanShot 2024-12-30 at 20.50.56@2x

CleanShot 2024-12-30 at 20.51.11@2x

2.百度网盘

CleanShot 2024-12-30 at 20.52.08@2x

3.上传到服务器
1.创建 /usr/local/Kibana的目录
mkdir /usr/local/Kibana
2.将压缩包上传到这里
cd /usr/local/Kibana

CleanShot 2024-12-30 at 21.15.14@2x

4.解压缩
1.解压
tar -zxvf kibana-7.9.3-linux-x86_64.tar.gz
2.删除压缩包
rm -rf kibana-7.9.3-linux-x86_64.tar.gz
5.启动
1.给elasticsearch用户Kibana目录的权限
chown -R elasticsearch:elasticsearch /usr/local/Kibana/kibana-7.9.3-linux-x86_64/

CleanShot 2024-12-30 at 21.18.28@2x

2.切换用户
su elasticsearch
3.配置kibana
1.编辑配置文件
vim /usr/local/Kibana/kibana-7.9.3-linux-x86_64/config/kibana.yml
2.添加下面的内容
elasticsearch.hosts: ["http://ip:9200"] # 配置 Elasticsearch 链接地址
server.port: 5601 # 配置 Kibana 服务监听端口
server.host: "0.0.0.0" # 配置 Kibana 服务绑定地址(允许外部访问)
3.开启5601端口
systemctl start firewalld && firewall-cmd --permanent --add-port=5601/tcp && firewall-cmd --reload && firewall-cmd --query-port=5601/tcp

CleanShot 2024-12-30 at 21.24.29@2x

4.启动
/usr/local/Kibana/kibana-7.9.3-linux-x86_64/bin/kibana

CleanShot 2024-12-30 at 21.26.15@2x

4.访问测试

http://ip:5601

GET /_cat/health?v

CleanShot 2024-12-30 at 21.28.54@2x

5.后台启动
1.启动
nohup /usr/local/Kibana/kibana-7.9.3-linux-x86_64/bin/kibana > /usr/local/Kibana/kibana-7.9.3-linux-x86_64/kibana.log 2>&1 &
2.查看日志
cat /usr/local/Kibana/kibana-7.9.3-linux-x86_64/kibana.log

3.Logstash安装

1.安装版本7.9.3首先需要安装jdk
1.官网下载

https://www.oracle.com/java/technologies/downloads/#java8

CleanShot 2024-12-31 at 12.07.14@2x

2.将压缩包上传到 /usr/local/jdk8
1.创建并进入目录
mkdir /usr/local/jdk8 && cd /usr/local/jdk8
2.上传

CleanShot 2024-12-31 at 12.14.01@2x

3.解压缩
1.解压到当前目录
tar -zxvf jdk-8u261-linux-x64.tar.gz
2.删除原有的压缩包
rm -rf jdk-8u261-linux-x64.tar.gz 
4.配置环境变量
1.首先复制jdk1.8.0_261的路径
/usr/local/jdk8/jdk1.8.0_261
2.编辑环境变量文件,在文件最后配置JAVA_HOME
vim /etc/profile
export JAVA_HOME=/usr/local/jdk8/jdk1.8.0_261
export PATH=$JAVA_HOME/bin:$PATH
3.使配置生效
source /etc/profile
4.输入java -version测试

CleanShot 2024-12-31 at 12.14.49@2x

2.下载压缩包
1.下载地址

https://www.elastic.co/downloads/past-releases/logstash-7-9-3

CleanShot 2024-12-30 at 21.13.09@2x

2.百度网盘

CleanShot 2024-12-30 at 21.38.36@2x

3.上传到服务器
1.上传到/usr/local/logstash下
2.创建目录并进入,然后上传到这个目录下
mkdir /usr/local/logstash && cd /usr/local/logstash

CleanShot 2024-12-30 at 21.47.31@2x

4.解压缩
1.解压
tar -zxvf logstash-7.9.3.tar.gz
2.删除原来的压缩包
rm -rf logstash-7.9.3.tar.gz
5.启动
1.进入bin目录
cd /usr/local/logstash/logstash-7.9.3/bin
2.运行最基本的 Logstash 管道
./logstash -e 'input { stdin { } } output { stdout {} }'

CleanShot 2024-12-31 at 12.16.16@2x

3.输入hello world,有消息就是成功了

CleanShot 2024-12-31 at 12.16.44@2x

;