安装jdk

1. 下载jdk8
2. 设置环境变量

 vim /etc/profile

export JAVA_HOME=/usr/local/jdk1.8.0_181
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib/dt.JAVA_HOME/lib/tools.jar:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:${PATH}

 source /etc/profile

系统设置

#设置hostname，打开文件，将内容改为  （不是必须的，可跳过）
vi /etc/hostname
* elk-server

[https://www.jianshu.com/p/8fd07c60f23f](https://www.jianshu.com/p/8fd07c60f23f)
[https://www.cnblogs.com/silent2012/p/4682770.html](https://www.cnblogs.com/silent2012/p/4682770.html)

#关闭防火墙（如果因为其他原因不能关闭防火墙，也请不要禁止80端口）
systemctl stop firewalld.service
systemctl stop iptables.service

#禁止防火墙自动启动：
systemctl disable firewalld.service
systemctl disable iptables.service

#打开添加下面四行内容：
vi /etc/security/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096

#soft nproc: 可打开的文件描述符的最大数(软限制)
#hard nproc： 可打开的文件描述符的最大数(硬限制)
#soft nofile：单个用户可用的最大进程数量(软限制)
#hard nofile：单个用户可用的最大进程数量(硬限制)

#打开文件/etc/sysctl.conf，添加下面一行内容
vi /etc/sysctl.conf
vm.max_map_count=655360
vm.overcommit_memory = 1


#max_map_count定义了一个进程拥有的最多内存区域，默认为65536

# 加载sysctl配置，执行命令
sysctl -p 

# 重启电脑；

安装elasticsearch

#创建elasticsearch用户，注意elasticsearch不能在root中启动
groupadd elasticsearch
useradd elasticsearch -g elasticsearch

tar zxvf elasticsearch-6.5.3.tar.gz -C /usr/local/elk/
cd /usr/local/elk
chown -R elasticsearch:elasticsearch elasticsearch-6.5.3/

cd elasticsearch-6.5.3/

# nohup bin/elasticsearch -d  >elkrunlog/elasticsearch.log 2>&1 &

#修改配置文件
vi config/elasticsearch.yml
cluster.name=es_cluster
node.name=node0
path.data=/tmp/elasticsearch/data
path.logs=/tmp/elasticsearch/logs
#当前hostname或IP，我这里是centos2
network.host=centos2
network.port=9200


#切换用户
su elasticsearch

#使用后台进程的方式启动
./bin/elasticsearch &

#有响应内容则启动成功
curl 127.0.0.1:9200

#退出elasticsearch用户
exit

安装Logstash

tar zxvf logstash-6.5.3.tar.gz -C /usr/local/elk/
cd /usr/local/elk/logstash-6.5.3

#添加配置文件
vi config/log4j_to_es.conf
# For detail structure of this file
# Set: https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
input {
  # For detail config for log4j as input, 
  # See: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html
  log4j {
    mode => "server"
    host => "centos2"
    port => 4567
  }
}
filter {
  #Only matched data are send to output.
}
output {
  # For detail config for elasticsearch as output, 
  # See: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
  elasticsearch {
    action => "index"          #The operation on ES
    hosts  => "centos2:9200"   #ElasticSearch host, can be array.
    index  => "applog"         #The index to write data to.
  }
}


--------------------default.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  beats {
    port => 8021
  }
}

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    #index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    index => "testlog"
    #user => "elastic"
    #password => "changeme"
  }
}


#启动
bin/logstash -f config/log4j_to_es.conf &


netstat -tunlp
netstat -tunlp|grep 9600

安装kibana

tar zxvf kibana-6.5.3-linux-x86_64.tar.gz -C /usr/local/elk/
cd /usr/local/elk/kibana-6.5.3-linux-x86_64/

#修改以下几项
vi config/kibana.yml
server.port: 5601
server.host: “centos2”
elasticsearch.url: http://localhost:9200
kibana.index: “.kibana”


# 启动kibana
./bin/kibana &

#用浏览器打开该地址：
localhost:5601

https://blog.csdn.net/wu2700222/article/details/85044117
https://blog.csdn.net/wu2700222/article/details/82792708
https://my.oschina.net/itblog/blog/547250