环境:
system: CentOS Linux release 7.7.1908
elasticsearch: elasticsearch-7.5.1-1.x86_64
kibana: kibana-7.5.1-1.x86_64
filebeat: filebeat-7.5.1-1.x86_64
1. 配置EFK的yum环境
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
创建一个yum源文件
vim efk.repo:
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
[elastic-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
elasticsearch其他版本的下载地址:https://www.elastic.co/cn/downloads/elasticsearch
kibana其他版本的下载地址: https://www.elastic.co/cn/downloads/kibana
filebeat 其他版本下载地址: https://www.elastic.co/cn/downloads/beats/filebeat
2. 安装EFK
yum install --enablerepo=elasticsearch elasticsearch
yum install kibana
yum install filebeat
3. 配置EFK
a. 配置elasticsearch
vim /etc/elasticsearch/elasticsearch.yml
node.name: node-1
cluster.initial_master_nodes: ["node-1"]
http.port: 9200
network.host: 0.0.0.0
b. 配置kibana
vim /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: [" #ip改成部署了elasticsearch服务的机器ip
kibana.index: ".kibana"
c. 配置filebeat
vim /etc/filebeat/filebeat.yml
setup.kibana:
host: " # ip改成部署了kibana服务的机器ip
output.elasticsearch:
hosts: ["localhost:9200"] # ip改成部署了elasticsearch服务的机器ip, 我这里是一台机器,所以localhost等于11.22
filebeat.inputs:
- type: log
enabled: false
paths: # 日志收集的路径
- /var/log/*.log
启动EFK服务
systemctl start elasticsearch.service
如果有关elasticsearch的启动问题,点击: [https://blog.51cto.com/liuxiaolan/2463905](https://blog.51cto.com/liuxiaolan/2463905)
systemctl start kibana.service
systemctl start filebeat.service
image.png
