一、单机模式

1、上传并解压elasticsearch-7.4.0-linux-x86_64.tar到/opt下

[root@localhost opt]# tar -zxvf elasticsearch-7.4.0-linux-x86_64.tar.gz -C /opt

2、创建es专用用户

[root@localhost opt]# useradd elasticsearch

[root@localhost opt]# passwd elasticsearch

3、为该用户授权

[root@localhost opt]# chown -R elasticsearch.elasticsearch elasticsearch-7.4.0

4、设置es用户最大可创建文件数

[root@localhost opt]# vim /etc/security/limits.conf

elasticsearch soft nofile 65536

elasticsearch hard nofile 65536

[root@localhost opt]# vim /etc/security/limits.d/20-nproc.conf

elasticsearch soft nproc 65536

elasticsearch hard nproc 65536

*          hard    nproc     4096

[root@localhost opt]# vim /etc/sysctl.conf

vm.max_map_count=655360

[root@localhost log]# sysctl -p

5、创建日志、数据目录并授权

[root@localhost log]# mkdir elasticsearch

[root@localhost log]# chown elasticsearch.elasticsearch elasticsearch

[root@localhost data]# mkdir elasticsearch

[root@localhost data]# chown elasticsearch.elasticsearch elasticsearch

6、修改基础配置文件

[elasticsearch@localhost bin]$ vim /opt/elasticsearch-7.4.0/config/elasticsearch.yml

node.name: node-1

path.data: /data/elasticsearch

path.logs: /log/elasticsearch

network.host: 192.168.1.186

http.port: 9200

cluster.initial_master_nodes: ["node-1"]

7、启动es，开通9200端口并访问

[elasticsearch@localhost bin]$ ./elasticsearch

http://192.168.1.186:9200

netstat -lntup|grep 9200

二、集群模式(此处使用多实例)

1、拷贝3份数据源

[root@localhost opt]# cp -R elasticsearch-7.4.0 elasticsearch1

[root@localhost opt]# cp -R elasticsearch-7.4.0 elasticsearch2

[root@localhost opt]# cp -R elasticsearch-7.4.0 elasticsearch3

2、拷贝3份日志、数据目录

[root@localhost log]# mkdir elasticsearch1

[root@localhost log]# mkdir elasticsearch2

[root@localhost log]# mkdir elasticsearch3

[root@localhost data]# mkdir elasticsearch1

[root@localhost data]# mkdir elasticsearch2

[root@localhost data]# mkdir elasticsearch3

3、修改集群配置文件

[root@localhost opt]# vim elasticsearch1/config/elasticsearch.yml

###注意：不同节点标记不同

cluster.name: cdzw    ###集群名称

node.name: node-1    ###节点名称

node.master: true     ###是否有资格成为主节点

node.data: true       ###是否存储节点

node.max_local_storage_nodes: 3     ###最大集群节点数

network.host: 192.168.1.186     ###地址

http.port: 9201      ###端口

transport.tcp.port: 9700    ###节点间通信端口

###节点间互相发现

discovery.seed_hosts: ["192.168.1.186:9700", "192.168.1.186:9800", "192.168.1.186:9900"]

cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]   ###参加选主的节点

path.data: /data/elasticsearch1

path.logs: /log/elasticsearch1

4、目录授权

[root@localhost opt]# chown -R elasticsearch.elasticsearch elasticsearch1

[root@localhost opt]# chown -R elasticsearch.elasticsearch elasticsearch3

[root@localhost opt]# chown -R elasticsearch.elasticsearch elasticsearch2

5、修改es占用内存参数

###根据实际环境情况修改

[root@localhost log]# vim /opt/elasticsearch1/config/jvm.options

-Xms256m

-Xmx256m

三、kibana搭建

1、上传并解压Kibana到/opt目录

[root@localhost zmz]# cp -R kibana-7.4.0-linux-x86_64.tar.gz /opt/

[root@localhost opt]# tar -zxvf kibana-7.4.0-linux-x86_64.tar.gz

2、修改Kibana配置文件

[root@localhost opt]# vim /opt/kibana-7.4.0-linux-x86_64/config/kibana.yml

server.port: 5601

server.host: "192.168.1.186"

server.name: "kibana-cdzw"

elasticsearch.hosts: ["http://192.168.1.186:9201", "http://192.168.1.186:9202", "http://192.168.1.186:9203"]

elasticsearch.requestTimeout: 99999

3、启动Kibana

###需建立kibana用户

[kibana@localhost bin]# ./kibana &

###

默认Kibana也是不允许直接用root用户启动，此处设定允许root用户启动

4、浏览器访问

http://192.168.1.186:5601/app

四、通过Kibana操作es

###es7.x以后索引相当于MySQL的表

1、创建索引

put index_cdzw_cs

2、查询索引

get index_cdzw_cs

3、删除索引

delete index_cdzw_cs

4、关闭索引

post index_cdzw_cs/_close

5、打开索引

post index_cdzw_cs/_open

6、添加映射###映射相当于字段

put /index_cdzw_cs/_mapping

{

  "properties":{

   "name":{

     "type":"text"

   },

   "grade":{

     "type":"integer"

   }

  }

}

7、创建索引同时创建字段

put /index_cdzw_cs2

{

  "mappings":{

     "properties":{

       "name":{

         "type":"text"

       },

       "grade":{

         "type":"integer"

     }

   }

  }

}

8、查询映射

get /index_cdzw_cs2/_mapping

9、添加一个文档（指定id为1）

put /index_cdzw_cs2/_doc/1

{

  "name":"elasticsearch",

  "grade":18

}

10、添加文档（不指定id，会生成）

POST /index_cdzw_cs2/_doc

{

  "name":"docker",

  "grade":19

}

11、查询文档

get index_cdzw_cs2/_search

五、IK分词器

1、准备环境

###依赖与java环境

###直接指向es自带的jdk

[root@localhost ~]# vim /etc/profile

export JAVA_HOME=/opt/elasticsearch-7.4.0/jdk

export PATH=$PATH:${JAVA_HOME}/bin

###刷新

source /ect/profile

2、上传并解压apache-maven-3.1.1-bin.tar.gz到/opt下

[root@localhost opt]# tar -zxvf apache-maven-3.1.1-bin.tar.gz

3、创建软连接

[root@localhost opt]# ln -s apache-maven-3.1.1 maven

4、设置maven环境变量

[root@localhost opt]# vim /etc/profile.d/maven.sh

export MAVEN_HOME=/opt/maven

export PATH=${MAVEN_HOME}/bin:${PATH}

###刷新

[root@localhost opt]# source /etc/profile.d/maven.sh

5、验证maven是否安装成功

[root@localhost opt]# mvn -v

6、上传并解压elasticsearch-analysis-ik-7.4.0.zip到/opt/es的插件目录下

###安装zip、unzip环境

[root@localhost zmz]# yum install zip

[root@localhost zmz]# yum install unzip

###由于会使用不同的插件，所以需要创建一个目录

[root@localhost plugins]# mkdir analysis-ik

[root@localhost analysis-ik]# unzip elasticsearch-analysis-ik-7.4.0.zip

You can't use 'macro parameter character #' in math mode

7、重启es及kibana即可生效

8、精细分词划分

GET /_analyze

{

  "analyzer": "ik_max_word",

  "text": "我是一名DBA"

}

9、粗略分词划分

GET /_analyze

{

  "analyzer": "ik_smart",

  "text": "我是一名DBA"

}

六、设置用户及密码

1、生成证书

[elasticsearch@FHS-20201202 bin]$ ./elasticsearch-certutil -out /opt/elasticsearch1/config/elastic-certificates.p12 -pass ""

2、拷贝证书到另外两台服务器

[elasticsearch@FHS-20201202 bin]$ cp /opt/elasticsearch2/config/elastic-certificates.p12 /opt/elasticsearch2/config/

[elasticsearch@FHS-20201202 bin]$ cp /opt/elasticsearch3/config/elastic-certificates.p12 /opt/elasticsearch2/config/

3、修改配置文件并启动

###要分别对应修改每个节点

[elasticsearch@FHS-20201202 bin]$ vim /opt/elasticsearch1/config/elasticsearch.yml

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.transport.ssl.keystore.path: /opt/elasticsearch1/config/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: /opt/elasticsearch1/config/elastic-certificates.p12

###启动

[elasticsearch@FHS-20201202 bin]$ ./elasticsearch -d

4、设置密码

###需要在全部集群启动成功后再设置密码

[elasticsearch@FHS-20201202 bin]$ ./elasticsearch-setup-passwords interactive

5、修改kibana配置

[kibana@FHS-20201202 config]$ vim kibana.yml

elasticsearch.username: "elastic"

elasticsearch.password: "Elastic@123"

5、重启kibana

七、部署使用logstash

注、logstash7.4.x运行需要jdk11，rds5.6需要使用mysql5.1.35驱动

1、上传并解压logstash

[root@FHS-20201202 opt]# tar -zxvf logstash-7.4.0.tar.gz

2、安装jdk11

[root@FHS-20201202 local]# pwd

/usr/local

[root@FHS-20201202 local]# mkdir jdk

[root@FHS-20201202 jdk]# tar -zxvf jdk-11_linux-x64_bin.tar.gz

[root@FHS-20201202 jdk]# vim /etc/profile

export JAVA_HOME=/usr/local/jdk/jdk-11

export PATH=$JAVA_HOME/bin:$PATH

[root@FHS-20201202 jdk]# source /etc/profile

3、验证

[root@FHS-20201202 jdk]# java -version

4、将相应的mysql驱动放至logstash的依赖中

[root@FHS-20201202 jars]# cp /home/cdzw_fhs/mysql-connector-java-5.1.35.jar /opt/logstash-7.4.0/logstash-core/lib/jars/

5、编辑xxx.conf配置文件

input {

  jdbc {

   jdbc_driver_library => "/opt/logstash-7.10.0/logstash-core/lib/jars/mysql-connector-java-5.1.35.jar"

   ###驱动包

   jdbc_driver_class => "com.mysql.jdbc.Driver"

   ###输入源

   jdbc_connection_string => "jdbc:mysql://192.168.1.190:3306/wdview?characterEncoding=UTF-8&useSSL=false&autoReconnect=true"

   jdbc_user => "test"

   jdbc_password => "Zwsj2020!@#$"

   ###执行的sql

   ###此处使用DATE_FORMAT做了时间转换，相当于取消了+8：00时区，并重命名了字段

   statement => "SELECT data_id as id,domain as area,channel_name as channelName,channel_url as channlUrl,url,title,content,author,DATE_FORMAT(publish_time,'%Y-%m-%d %T') as publishTime,title_cn as titleCn,content_cn as contentCn,formatted,reported,DATE_FORMAT(crawled_time,'%Y-%m-%d %T') as crawledTime,DATE_FORMAT(report_time,'%Y-%m-%d %T') as reportTime,DATE_FORMAT(create_time,'%Y-%m-%d %T') as createTime FROM ads_web_data WHERE create_time > date_add(:sql_last_value, interval 8 hour) AND create_time<date_add(NOW(), interval 8 hour) ORDER BY create_time desc"

   ###是否开启分页

   jdbc_paging_enabled => "true"

   #jdbc_page_size => "1000"

   ###每分钟执行一次

   schedule => "* * * * *"

   ###是否将sql中的column名称转小写

   lowercase_column_names => false

  }

}

output {

               elasticsearch {

               hosts => ["192.168.1.190:9200"]

               index => "ads_web_data"

               document_type => "_doc"

               ###文档_id，%{news_id}意思是取查询出来的news_id的值，并将其映射到test的_id字段中

               ###文档_id，%{newsid}如果是别名，意思是取查询出来的newid的值，并将其映射到test的_id字段中

               document_id => "%{id}"

               user => ""

               password => ""

               }

               #stdout {

               #codec => rubydebug

               #}

}

6、启动运行

[root@FHS-20201202 bin]$ ./logstash -f /data/logstash/es_rds.conf

###后台运行

[root@FHS-20201202 bin]$ nohup ./logstash -f /data/logstash/es_rds.conf &

八、go-mysql-elasticsearch

1、安装go

###创建目录

[root@FHS-20201202 ~]# mkdir -p /usr/local/go

###上传并解压go包

[root@FHS-20201202 go]# tar -C /data/ -zxvf go1.15.2.linux-amd64.tar.gz

###修改环境变量

[root@FHS-20201202 go]# vim /etc/profile

export GOROOT=/data/go

export GOPATH=/usr/local/go

export PATH=$PATH:/data/go/bin

[root@FHS-20201202 go]# source /etc/profile

###调试

2、调试go

[root@FHS-20201202 go]# vim hello.go

    package main

    import "fmt"

    func main() {

        var name string = "go"

        fmt.Println("hello world ", name)

    }

[root@FHS-20201202 go]# go run hello.go

3、mysql binlog日志模式

log_bin="mysql-bin"

binlog_format=row

4、安装go-mysql-elasticsearch依赖包

[root@FHS-20201202 go]#  yum -y install gettext-devel openssl-devel perl-CPAN perl-devel zlib-devel

[root@FHS-20201202 go]# yum -y install git

5、执行安装

[root@localhost go]# go env -w GOPROXY=https://goproxy.cn

[root@localhost go]# go get github.com/siddontang/go-mysql-elasticsearch

6、查看是否下载成功

[root@localhost go]# ls $GOPATH/src/github.com/siddontang/go-mysql-elasticsearch

7、进入安装目录执行安装

[root@localhost go]# cd $GOPATH/src/github.com/siddontang/go-mysql-elasticsearch

[root@localhost go-mysql-elasticsearch]# make

8、编译配置文件

[root@FHS-20201202 config]# vim news.toml

       # MySQL 配置：地址，用户名，密码

       my_addr = "rm-8vb3dv8nz5121p04b.mysql.zhangbei.rds.aliyuncs.com:3306"

       my_user = "cdzw_rds_fhs"

       my_pass = "Cdzw_rds_fhs"

       # Elasticsearch地址

       es_addr = "172.19.37.199:9200"

       es_user = "elastic"

       es_pass = "Elastic@123"

       # 存储数据的位置

       data_dir = "/data/gomysql"

       # Inner Http status address

       stat_addr = "172.19.37.199:12800"

       stat_path = "/es"

       # pseudo server id like a slave

       server_id = 1002

       # mysql or mariadb

       flavor = "mysql"

       # mysqldump execution path

       # mysqldump = "mysqldump"

       # minimal items to be inserted in one bulk

       bulk_size = 128

       # force flush the pending requests if we don't have enough items >= bulk_size

       flush_bulk_time = "200ms"

       # Ignore table without primary key

       skip_no_pk_table = false

       # elasticsearch 与 mysql 同步时对应的数据库名称

       # mysql的数据源

       [[source]]

       schema = "fhs"

       tables = ["news"]

       # es 映射的mapping

       [[rule]]

       schema = "fhs"

       table = "news"

       # es的索引名

       index = "news"

       type = "_doc"

9、启动

[root@FHS-20201202 config]# nohup $GOPATH/src/github.com/siddontang/go-mysql-elasticsearch/bin/go-mysql-elasticsearch -config=/data/go/config/news.toml &