Linux - Centos7腳本部署Elasticsearch/logstash/kibana

環境準備：

centos7.4

setenforce 0

sed -i “s/SELINUX=enforcing/SELINUX=disabled/” /etc/selinux/config

systemctl stop firewalld.service

1、安裝包版本都是 7.6.2版本 kibana用的rpm包
elasticsearch-7.6.2-linux-x86_64.tar.gz
kibana-7.6.2-x86_64.rpm
logstash-7.6.2.tar.gz

下面是個人所需安裝的 腳本中包含
elasticsearch-analysis-ik-7.6.2.zip （放到了es下的plugins中）
filebeat-7.6.2-linux-x86_64.tar.gz

2、先創建路徑用來放安裝包：
mkdir -p /usr/local/software
3、執行腳本前修改Elk.sh中的配置：
將57行 與 79行改爲自己ip
4、授權並執行腳本
chmod -R 777 Elk.sh

腳本內容：

#!/bin/bash

#安裝elasticsearch
tar -zxvf /usr/local/software/elasticsearch-7.6.2-linux-x86_64.tar.gz -C /usr/local/
#安裝ik解析器
mv /usr/local/software/elasticsearch-analysis-ik-7.6.2.zip  /usr/local/elasticsearch-7.6.2/plugins/
cd /usr/local/elasticsearch-7.6.2/plugins/
unzip elasticsearch-analysis-ik-7.6.2.zip  -d analysis
mv elasticsearch-analysis-ik-7.6.2.zip  /usr/local/software/

cd /usr/local/elasticsearch-7.6.2/

#新建data目錄：
mkdir data

cd config/
echo -e cluster.name: my-application >> elasticsearch.yml
echo -e node.name: node-1 >> elasticsearch.yml
echo -e path.data: /usr/local/elasticsearch-7.6.2/data >> elasticsearch.yml
echo -e path.logs: /usr/local/elasticsearch-7.6.2/logs >> elasticsearch.yml 
echo -e network.host: 0.0.0.0  >> elasticsearch.yml
echo -e http.port: 9200 >> elasticsearch.yml
echo -e cluster.initial_master_nodes: '["node-1"]' >> elasticsearch.yml

sed -i 's/Xms1g/Xms200m/g' jvm.options
sed -i 's/Xmx1g/Xmx200m/g' jvm.options

cd /root/
#創建用戶
useradd esroot 
chown -R esroot.esroot /usr/local/elasticsearch-7.6.2/

#編輯limits.conf
echo -e esroot nofile 65536 >> /etc/security/limits.conf
echo -e esroot hard nofile 65536 >> /etc/security/limits.conf
echo -e esroot soft nproc 4096 >> /etc/security/limits.conf
echo -e esroot hard nproc 4096 >> /etc/security/limits.conf


echo -e esroot    soft    nproc   4096 >> /etc/security/limits.d/esroot-nproc.conf
echo -e root      soft    nproc   unlimited >> /etc/security/limits.d/esroot-nproc.conf
#編輯sysctl.conf
echo -e vm.max_map_count = 655360 >> /etc/sysctl.conf
sysctl -p

cd /usr/local/elasticsearch-7.6.2/
su - esroot -c "exec /usr/local/elasticsearch-7.6.2/bin/elasticsearch -d"

#安裝kibana
soft_dir="/usr/local/software"
cd $soft_dir

rpm -ivh kibana-7.6.2-x86_64.rpm
cat >> /etc/kibana/kibana.yml <<EOF
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.116.120:9200"]
EOF

sleep 5
systemctl start kibana
systemctl status kibana
echo -e "啓動成功！"

#安裝logstash

cd $soft_dir
tar -zxf logstash-7.6.2.tar.gz
mv logstash-7.6.2 /usr/local/logstash

cat>>/usr/local/logstash/config/01-syslog.conf<<EOF
input {
    beats {
        port => "5044"
        }
    }
output {
    elasticsearch {
        hosts => "192.168.116.120:9200"
    }
    stdout { codec => rubydebug }
}
EOF
nohup /usr/local/logstash/bin/logstash -f /usr/local/logstash/config/01-syslog.conf & >/dev/null
netstat -lntp |grep 9600

Filebeat腳本

#!/bin/bash

soft_dir="/usr/local/software"
cd $soft_dir
tar -xvf filebeat-7.6.2-linux-x86_64.tar.gz  
mv filebeat-7.6.2-linux-x86_64 /usr/local/filebeat

cat >/usr/local/filebeat/filebeat.yml<<EOF
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*.log
output.logstash:
  hosts: ["192.168.116.120:5044"]
EOF
cd /usr/local/filebeat/
nohup /usr/local/filebeat/filebeat & >/dev/null

查看端口: ss -taln