ELK(elasticsearch、logstash、kibana、filebeat)安装

elasticsearch安装：

$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.13.1-linux-x86_64.tar.gz

$ tar -zxvf elasticsearch-8.13.1-linux-x86_64.tar.gz

$ cd elasticsearch-8.13.1/bin

$ vi ../config/elasticsearch.yml

cluster.name: my-application

node.name: node-1

node.attr.rack: r1

path.data: /home/user/elasticsearch-8.13.1/data

path.logs: /home/user/elasticsearch-8.13.1/logs

network.host: 192.168.50.84

http.port: 9200

discovery.seed_hosts: [“192.168.50.84”]

cluster.initial_master_nodes: [“node-1”]

如果多机的话要注意，上面的配置node.name、network.host每台不同，seed_hosts、initial_master_nodes每台都要加上，生成的证书配置和文件要拷贝成一样的。

$ ./elasticsearch -d

$ tail -f ../logs/my-application.log

$ ./elasticsearch-reset-password -u elastic

Password for the [elastic] user successfully reset.

New value: yzDS1Kc2PKX60jo*7CWc

$ ./elasticsearch-reset-password -u kibana

Password for the [kibana] user successfully reset.

New value: FwXJ0_aUGdy*iA59bCQf

记住elastic用户的密码，用web打开： https://192.168.50.84:9200/ ，输出：

{

  “name”: “node-1”,

  “cluster_name”: “my-application”,

  “cluster_uuid”: “WIWRIgEFTUKpNYflCUuOkw”,

  “version”: {

    “number”: “8.13.1”,

    “build_flavor”: “default”,

    “build_type”: “tar”,

    “build_hash”: “9287f29bba5e270bd51d557b8daccb7d118ba247”,

    “build_date”: “2024-03-29T10:05:29.787251984Z”,

    “build_snapshot”: false,

    “lucene_version”: “9.10.0”,

    “minimum_wire_compatibility_version”: “7.17.0”,

    “minimum_index_compatibility_version”: “7.0.0”

  },

  “tagline”: “You Know, for Search”

}

kibana安装：

$ wget https://artifacts.elastic.co/downloads/kibana/kibana-8.13.1-linux-x86_64.tar.gz

$ tar -zxvf kibana-8.13.1-linux-x86_64.tar.gz

$ cd kibana-8.13.1/bin

$ vi ../config/kibana.yml

server.port: 5601

server.host: “192.168.50.84”

elasticsearch.hosts: [“https://192.168.50.84:9200“]

elasticsearch.username: “kibana”

elasticsearch.password: “FwXJ0_aUGdy*iA59bCQf”

elasticsearch.ssl.certificateAuthorities: [ “/home/user/elasticsearch-8.13.1/config/certs/http_ca.crt” ]

i18n.locale: “zh-CN”

注意上面的certificateAuthorities必须配置，不然连接不上es。

$ nohup ./kibana &

用WEB打开： http://192.168.50.84:5601/ ，用户名密码就是es的elastic用户的。

logstash安装：

$ wget https://artifacts.elastic.co/downloads/logstash/logstash-8.13.1-linux-x86_64.tar.gz

$ tar -zxvf logstash-8.13.1-linux-x86_64.tar.gz

$ cd logstash-8.13.1/

下载 https://github.com/escline/InstallCert/blob/master/InstallCert.java 到本目录

$ javac InstallCert.java

$ java –source 11 InstallCert.java  192.168.50.84:9200

$ mv jssecacerts ./jdk/lib/security/

$ chown xxx:xxx /home/user/logstash-8.13.1/jdk/lib/security/jssecacerts  （跟该目录下其他文件的权限和owner要一致）

$ ll  /home/user/logstash-8.13.1/jdk/lib/security/

$ vi config/logstash-sample.conf

input {

  beats {

    port => 5044

  }

}

output {

  elasticsearch {

    hosts => [“https://192.168.50.84:9200“]

    index => “%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}”

    user => “elastic”

    password => “yzDS1Kc2PKX60jo*7CWc”

  }

}

注意上面的user、password必须配置，不然连接不上es。

$ nohup ./bin/logstash -f config/logstash-sample.conf &

打印 Starting server on port: 5044，且不输出错误信息。

filebeat安装：

$ wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.13.0-linux-x86_64.tar.gz

$ tar -zxvf filebeat-8.13.0-linux-x86_64.tar.gz

$ cd filebeat-8.13.0/

$ vi filebeat.yml

filebeat.inputs:

– type: filestream

  id: my-filestream-id

  enabled: true

  paths:

    – /var/log/*.log

setup.template.settings:

  index.number_of_shards: 1

output.elasticsearch:

  hosts: [“192.168.50.84:9200”]

  preset: balanced

  protocol: “https”

  username: “elastic”

  password: “yzDS1Kc2PKX60jo*7CWc”

  ssl.verification_mode: “none”

注意上面的ssl.verification_mode，不然连接es报错。

$ nohup ./filebeat -e -c filebeat.yml &

正常启动，不输出错误信息，并且把/var/log/下面的log信息发送到了es。