環境準備:
centos7.4 |
---|
setenforce 0 |
sed -i “s/SELINUX=enforcing/SELINUX=disabled/” /etc/selinux/config |
systemctl stop firewalld.service |
1、安裝包版本都是 7.6.2版本 kibana用的rpm包
elasticsearch-7.6.2-linux-x86_64.tar.gz
kibana-7.6.2-x86_64.rpm
logstash-7.6.2.tar.gz
下面是個人所需安裝的 腳本中包含
elasticsearch-analysis-ik-7.6.2.zip (放到了es下的plugins中)
filebeat-7.6.2-linux-x86_64.tar.gz
2、先創建路徑用來放安裝包:
mkdir -p /usr/local/software
3、執行腳本前修改Elk.sh中的配置:
將57行 與 79行改爲自己ip
4、授權並執行腳本
chmod -R 777 Elk.sh
腳本內容:
#!/bin/bash
#安裝elasticsearch
tar -zxvf /usr/local/software/elasticsearch-7.6.2-linux-x86_64.tar.gz -C /usr/local/
#安裝ik解析器
mv /usr/local/software/elasticsearch-analysis-ik-7.6.2.zip /usr/local/elasticsearch-7.6.2/plugins/
cd /usr/local/elasticsearch-7.6.2/plugins/
unzip elasticsearch-analysis-ik-7.6.2.zip -d analysis
mv elasticsearch-analysis-ik-7.6.2.zip /usr/local/software/
cd /usr/local/elasticsearch-7.6.2/
#新建data目錄:
mkdir data
cd config/
echo -e cluster.name: my-application >> elasticsearch.yml
echo -e node.name: node-1 >> elasticsearch.yml
echo -e path.data: /usr/local/elasticsearch-7.6.2/data >> elasticsearch.yml
echo -e path.logs: /usr/local/elasticsearch-7.6.2/logs >> elasticsearch.yml
echo -e network.host: 0.0.0.0 >> elasticsearch.yml
echo -e http.port: 9200 >> elasticsearch.yml
echo -e cluster.initial_master_nodes: '["node-1"]' >> elasticsearch.yml
sed -i 's/Xms1g/Xms200m/g' jvm.options
sed -i 's/Xmx1g/Xmx200m/g' jvm.options
cd /root/
#創建用戶
useradd esroot
chown -R esroot.esroot /usr/local/elasticsearch-7.6.2/
#編輯limits.conf
echo -e esroot nofile 65536 >> /etc/security/limits.conf
echo -e esroot hard nofile 65536 >> /etc/security/limits.conf
echo -e esroot soft nproc 4096 >> /etc/security/limits.conf
echo -e esroot hard nproc 4096 >> /etc/security/limits.conf
echo -e esroot soft nproc 4096 >> /etc/security/limits.d/esroot-nproc.conf
echo -e root soft nproc unlimited >> /etc/security/limits.d/esroot-nproc.conf
#編輯sysctl.conf
echo -e vm.max_map_count = 655360 >> /etc/sysctl.conf
sysctl -p
cd /usr/local/elasticsearch-7.6.2/
su - esroot -c "exec /usr/local/elasticsearch-7.6.2/bin/elasticsearch -d"
#安裝kibana
soft_dir="/usr/local/software"
cd $soft_dir
rpm -ivh kibana-7.6.2-x86_64.rpm
cat >> /etc/kibana/kibana.yml <<EOF
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.116.120:9200"]
EOF
sleep 5
systemctl start kibana
systemctl status kibana
echo -e "啓動成功!"
#安裝logstash
cd $soft_dir
tar -zxf logstash-7.6.2.tar.gz
mv logstash-7.6.2 /usr/local/logstash
cat>>/usr/local/logstash/config/01-syslog.conf<<EOF
input {
beats {
port => "5044"
}
}
output {
elasticsearch {
hosts => "192.168.116.120:9200"
}
stdout { codec => rubydebug }
}
EOF
nohup /usr/local/logstash/bin/logstash -f /usr/local/logstash/config/01-syslog.conf & >/dev/null
netstat -lntp |grep 9600
Filebeat腳本
#!/bin/bash
soft_dir="/usr/local/software"
cd $soft_dir
tar -xvf filebeat-7.6.2-linux-x86_64.tar.gz
mv filebeat-7.6.2-linux-x86_64 /usr/local/filebeat
cat >/usr/local/filebeat/filebeat.yml<<EOF
filebeat.prospectors:
- input_type: log
paths:
- /var/log/*.log
output.logstash:
hosts: ["192.168.116.120:5044"]
EOF
cd /usr/local/filebeat/
nohup /usr/local/filebeat/filebeat & >/dev/null
查看端口: ss -taln