一、下载ES
下载地址:https://www.elastic.co/cn/downloads/past-releases
百度网盘下载地址: 链接:https://pan.baidu.com/s/1ANtEMcpzyd5BoSwtX0a9eg?pwd=1005 提取码:1005
二、安装前准备(新虚拟机)
一、关闭防火墙 关闭
systemctl stop firewalld
永久关闭
systemctl disable firewalld.service
也可以开放需要的端口
firewall-cmd --zone=public --add-port=5601/tcp --permanent
二、安装必要环境
yum install -y gcc git wget vim ntp lsof
yum install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel
三、修改系统配置文件
vim /etc/security/limits.conf
1、添加以下内容(带上*号)
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
2、继续修改另一个配置文件
vi /etc/sysctl.conf
3、添加以下内容
vm.swappiness=1
vm.max_map_count=655360
4、刷新配置文件
sysctl -p
修改时区(时区有问题时使用)
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
5、新增目录
mkdir /opt/elk
mkdir /opt/elkSources
6、新建es用户
useradd esuser
passwd esuser
输入重复密码: PassW0rd_1234
7、 为用户赋权限
chown esuser:esuser -R /opt/elk
三、安装ES
1、先将文件上传到虚拟机 /opt/elkSources 目录下
2、解压
tar zxvf /opt/elkSources/elasticsearch-7.16.2-linux-x86_64.tar.gz -C /opt/elk/
3、新增目录
mkdir /opt/elk/elasticsearch-7.16.2/data
4、修改配置文件(elasticsearch.yml)
vi /opt/elk/elasticsearch-7.16.2/config/elasticsearch.yml
(配置文件为单机版)
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
# cluster.name: my-es
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /opt/elk/elasticsearch-7.16.2/data
#
# Path to log files:
#
path.logs: /opt/elk/elasticsearch-7.16.2/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["127.0.0.1"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: false
xpack.security.enabled: true
5、切换用户并启动
su esuser
/opt/elk/elasticsearch-7.16.2/bin/elasticsearch -d
6、 添加账号密码
/opt/elk/elasticsearch-7.16.2/bin
./elasticsearch-setup-passwords interactive
多次输入PassW0rd_1234
之后使用elastic和PassW0rd_1234即可登录
7、设置开机自启
vi /etc/init.d/elasticsearch
#!/bin/bash
#chkconfig: 2345 22 80
#description: elasticsearch
#processname: elasticsearch-7.16.2
export ES_HOME=/opt/elk/elasticsearch-7.16.2
case $1 in
start)
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
stop)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
;;
restart)
pid=`cat $ES_HOME/pid`
kill -9 $pid
echo "elasticsearch is stopped"
sleep 1
su esuser<<!
cd $ES_HOME
./bin/elasticsearch -d -p pid
exit
!
echo "elasticsearch is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
chmod +x /etc/init.d/elasticsearch
chkconfig --add elasticsearch
chkconfig elasticsearch on
四、下载kibana
和es一样,也可以在百度云下载
五、安装kibana
1、将文件放到 /opt/elkSources 目录下
2、 切换用户
su root
3、解压
tar -zxvf kibana-7.16.2-linux-x86_64.tar.gz -C /opt/elk/
4、修改配置文件
vi /opt/elk/kibana-7.16.2-linux-x86_64/config/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false
# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""
# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# The URLs of the Elasticsearch instances to use for all your queries.
elasticsearch.hosts: ["http://localhost:9200"]
# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
kibana.index: ".kibana"
# The default application to load.
#kibana.defaultAppId: "home"
# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
elasticsearch.username: "elastic"
elasticsearch.password: "PassW0rd_1234"
# Kibana can also authenticate to Elasticsearch via "service account tokens".
# If may use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
#server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key
# Optional setting that enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full
# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500
# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000
# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]
# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}
# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000
# Logs queries sent to Elasticsearch. Requires logging.verbose set to true.
#elasticsearch.logQueries: false
# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid
# Enables you to specify a file where Kibana stores log output.
#logging.dest: stdout
# Set the value of this setting to true to suppress all logging output.
#logging.silent: false
# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false
# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false
# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000
# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
#i18n.locale: "en"
5、启动(启动前看下目录的权限是否是esuser的,不是的话再执行一遍<chown esuser:esuser -R /opt/elk>)
su esuser
cd /opt/elk/kibana-7.16.2-linux-x86_64/bin
./kibana >>/dev/null 2>&1 &
6、设置开机自启
vi /etc/init.d/kibana
#!/bin/bash
#chkconfig: 345 63 37
#description: kibana
#processname:kibana-7.6.2
export KIBANA_HOME=/opt/elk/kibana-7.16.2-linux-x86_64
case $1 in
start)
su esuser<<!
cd $KIBANA_HOME
./bin/kibana -p pid &
exit
!
echo "kibana is started"
;;
stop)
pid=`cat $KIBANA_HOME/pid`
kill -9 $pid
echo "kibana is stopped"
;;
restart)
pid=`cat $KIBANA_HOME/pid`
kill -9 $pid
echo "kibana is stopped"
sleep 5
su esuser<<!
cd $KIBANA_HOME
./bin/kibana -p pid &
exit
!
echo "kibana is started"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
chmod +x /etc/init.d/kibana
chkconfig --add kibana
chkconfig kibana on