ELK基础

0.linux基础配置

vim /etc/hostname

------------------

docker01

------------------

vim /etc/sysconfig/network-scripts/ifcfg-ens33

------------------

TYPE=Ethernet                                                                                                                                                                             

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

DEFROUTE=yes

IPV4_FAILURE_FATAL=no

IPV6INIT=no

IPV6_AUTOCONF=no

IPV6_DEFROUTE=no

IPV6_FAILURE_FATAL=no

IPV6_ADDR_GEN_MODE=stable-privacy

NAME=ens33

UUID=be1fa0ae-cedb-400a-b43a-82110b757a4e

DEVICE=ens33

ONBOOT=yes

IPV6_PRIVACY=no

IPADDR=172.16.32.100

NETMASK=255.255.255.0

GATEWAY=172.16.32.2

DNS1=114.114.114.114

DNS2=8.8.8.8

------------------

检测网络

ping http://baidu.com

# 切换到root用户,配置免密sudo权限（容易出幺蛾子，建议拷贝行，然后修改）

sudo su - root

visudo

------------------

## Same thing without a password

# %wheel        ALL=(ALL)      NOPASSWD: ALL

huhao  ALL=(ALL)      NOPASSWD: ALL

------------------

# 退回到普通账号(检测sudo)

exit

sudo visudo

# 关闭防火墙

systemctl stop firewall

# 创建工作空间

cd /opt

mkdir softwares download

chmod 777 -R /opt

# 配置vim

vim ~/.vimrc

-----------------------------------

    set nocompatible " 关闭 vi 兼容模式

    syntax on " 自动语法高亮

    colorscheme koehler " 设定配色方案

    set number " 显示行号

    set cursorline " 突出显示当前行

    set ruler " 打开状态栏标尺

    set shiftwidth=4 " 设定 << 和 >> 命令移动时的宽度为 4

    set nobackup " 覆盖文件时不备份

    set autochdir " 自动切换当前目录为当前文件所在的目录

    filetype plugin indent on " 开启插件

    set backupcopy=yes " 设置备份时的行为为覆盖

    set ignorecase smartcase " 搜索时忽略大小写，但在有一个或以上大写字母时仍保持对大小写敏感

    set nowrapscan " 禁止在搜索到文件两端时重新搜索

    set incsearch " 输入搜索内容时就显示搜索结果

    set hlsearch " 搜索时高亮显示被找到的文本

    set noerrorbells " 关闭错误信息响铃

    set novisualbell " 关闭使用可视响铃代替呼叫

    set t_vb= " 置空错误铃声的终端代码

    set ff=unix " 打开文件格式 为unix

    set paste

    -----------------------------------

1.JDK 安装

yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel

sudo find / -name jre

/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre

vim /etc/profile

------------------------------------------------------------------------------------

# JAVA

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/

export JRE_HOME=$JAVA_HOME/jre

export CLASSPATH=$JAVA_HOME/lib:$JRE_HOME/lib:$CLASSPATH

export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

------------------------------------------------------------------------------------

source /etc/profile

java -version

2.ElasticSearch 安装

下载

cd /opt/download

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.5.4.tar.gz

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.5.4-linux-x86_64.tar.gz

解压

tar -zxvf elasticsearch-6.5.4.tar.gz -C ../softwares

tar -zxvf kibana-6.5.4-linux-x86_64.tar.gz -C ../softwares

配置

cd ../softwares/elasticsearch-6.5.4/config

vim elasticsearch.yml

------------------------------------------------------------------------------------

cluster.name: MyES

node.name: node-01

path.data: /opt/softwares/elasticsearch-6.5.4/data

path.logs: /opt/softwares/elasticsearch-6.5.4/logs

bootstrap.memory_lock: false

bootstrap.system_call_filter: false

network.host: 0.0.0.0

http.port: 9200

action.auto_create_index: .monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*

------------------------------------------------------------------------------------

# 系统调参（最大进程数和打开文件数）

sudo vim /etc/security/limits.conf

------------------------------------

* soft nofile 65536

* hard nofile 131072

* soft nproc 2048

* hard nproc 4096

------------------------------------

# 重启，让参数生效

sudo reboot

# 最大内存页

sudo vi /etc/sysctl.conf

------------------------------------

vm.max_map_count=655360

------------------------------------

# 让参数生效

sudo sysctl -p

启动es

官网推荐启动方式

# 第一种：后台启动

./bin/elasticsearch -d

# 第二种：后台启动，并将进程号赋值给当前shell全局变量pid，使用 kill `cat pid` 可以删除进程(只能在shell命令行使用，脚本不好使)

./bin/elasticsearch -d -p pid

# 第三种：手动传参，定义集群和节点名称

./bin/elasticsearch -d -Ecluster.name=clustername -Enode.name=nodename

配置环境变量

sudo vim /etc/profile

------------------------------------

export ES_HOME=/opt/softwares/elasticsearch-6.5.4

export PATH=$ES_HOME/bin:$PATH

alias es_status="curl http://localhost:9200/"

alias es_on="$ES_HOME/bin/elasticsearch -d"

alias es_off="ps -ef | grep 'org.elasticsearch.bootstrap.Elasticsearch' | grep -v grep | awk -F ' ' '{print $2}'| xargs kill"

------------------------------------

./bin/elasticsearch -d 启动

curl http://localhost:9200/

{

  "name" : "node-01",

  "cluster_name" : "MyES",

  "cluster_uuid" : "c5AdD00aR1mJ1QcIpsblAA",

  "version" : {

    "number" : "6.5.4",

    "build_flavor" : "default",

    "build_type" : "tar",

    "build_hash" : "d2ef93d",

    "build_date" : "2018-12-17T21:17:40.758843Z",

    "build_snapshot" : false,

    "lucene_version" : "7.5.0",

    "minimum_wire_compatibility_version" : "5.6.0",

    "minimum_index_compatibility_version" : "5.0.0"

  },

  "tagline" : "You Know, for Search"

}

宿主机上访问 http://docker-01:9200/

3.KIBANA 安装

# 配置

cd /opt/softwares/kibana-6.5.4-linux-x86_64/config

vim kibana.yml (注意冒号后面有一个空格)

------------------------------------

server.port: 5601

server.host: "0.0.0.0"

elasticsearch.url: "http://localhost:9200"

elasticsearch.username: "elastic"

elasticsearch.password: "elastic"

------------------------------------

# 启动

nohup bin/kibana &

# 宿主机访问

http://docker-01:5601/