sudo apt install default-jre
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch |sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list
sudo apt update
安装Elasticsearch
sudo apt install elasticsearch
sudo vim /etc/elasticsearch/elasticsearch.yml
Network这里,启用network.host: localhost
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
systemctl status elasticsearch
curl -X GET "localhost:9200"
返回:curl: (52) Empty reply from server
curl -v GET "https://localhost:9200"
安装Kibana
sudo systemctl enable kibana
sudo systemctl start kibana
curl -v http://127.0.0.1:5601/status
service kibana status
vim /etc/kibana/kibana.yml
sudo service kibana restart
打开网页:IP:5601 or IP:5601/status
获取token命令:
/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana --url "https://localhost:9200"
获取verification code
设定初始密码
重启elasticsearch和kibana服务
sudo service elasticsearch restart
sudo service kibana restart
刷新登陆网页,需要稍等一下
默认用户名是:elastic
密码就是刚才自己设定的
安装logstash
sudo apt-get install apt-transport-https
sudo systemctl start logstash
sudo systemctl enable logstash
安装filebeat
sudo apt install filebeat
sudo filebeat modules enable system
sudo systemctl start filebeat
sudo systemctl enable filebeat
很多书/资料都提到数据要通过Logstash传到Elasticsearch,而实际上,现在可以直接通过Agent, Beats等,直接将数据传到Elasticsearch中,而不需要Logstash