【 Say little 】
1. Without saying much, directly start dry, repeatedly build, accurate
Can not download, please go to the official website to download!!
Wget artifacts. Elastic. Co/downloads/e… Wget artifacts. Elastic. Co/downloads/k… Wget artifacts. Elastic. Co/downloads/b… Wget artifacts. Elastic. Co/downloads/l…
Tar -xzvf elasticSearch-6.7.2.tar. gz -c /usr/local/tar -xzvf kibana-6.7.2-linux-x86_64.tar.gz -c /usr/local/tar -xzvf elasticSearch-6.7.2-linux-x86_64.tar. gz -c /usr/local/tar -xzvf Filebeat-6.7.2-linux-x86_64.tar. gz -c /usr/local/tar-xzvf logstash-6.7.2.tar.gz -c /usr/local/
First JDK installation environment # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
rpm -ivh jdk-8u202-linux-x64.rpm pid="sed -i '/export JAVA_HOME/d' /etc/profile" eval $pid pid="sed -i '/export CLASSPATH/d' /etc/profile" eval $pid cat >> /etc/profile <<EOF export JAVA_HOME= /usr/java-jdk1.8.0_152 export CLASSPATH=%JAVA_HOME%/lib:%JAVA_HOME%/jre/lib export PATH=\$PATH:\$JAVA_HOME/bin EOF source /etc/profile java -versionCopy the code# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # to elasticsearch user authorization groupadd elasticsearch useradd Elasticsearch -g elasticsearch chown -r elasticsearch. Elasticsearch/usr/local/elasticsearch – 6.7.2 chown -r Elasticsearch. Elasticsearch/usr/local/kibana – 6.7.2 – Linux – x86_64 / config chown -r elasticsearch. Elasticsearch /usr/local/filebeat-6.7.2-linux-x86_64 hostnamectl set-hostname elk-server systemctl stop firewalld.service systemctl disable firewalld.service
cat >> /etc/security/limits.conf << EOF * soft nofile 65536 * hard nofile 131072 * soft nproc 2048 * hard nproc 4096 EOF cat >> /etc/sysctl.conf << EOF vm.max_map_count=655360 EOFCopy the codesysctl -p
su – elasticsearch
/ usr/local/elasticsearch 6.7.2 / bin/elasticsearch – d
Vi/usr/local/elasticsearch – 6.7.2 / config/elasticsearch. Yml modify network: 0.0.0.0
The curl http://127.0.0.1:9200
Vi/usr/local/logstash 6.7.2 / config/logstash yml
Create user root for elasticSearch
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
path.data: /data/logstash/data
path.logs: /data/logstash/logs
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Vi/usr/local/logstash – 6.7.2 / default. Conf
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Input {beats {host => "192.168.244.200" port => 5044 COdec => plain {charset => "UTF-8"}}} output {elasticSearch {hosts => "127.0.0.1:9200" Manage_template => false index => "%{[@metadata][beat]}-%{+ YYYy.mm. Dd}" document_type => "%{[@metadata][type]}" } }Copy the code# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # according to their own needs to change
Options: vi /usr/local/logstuck-6.7.2 /config/jvm.options: vi /usr/local/logstuck-6.7.2 /config/jvm.options 1 gb nohup /usr/local/logstash-6.7.2/bin/logstash -f /usr/local/logstash-6.7.2/default.conf --config.reload. Automatic > logstash. Log 2>&1 & vi /usr/local/kibana-6.7.2-linux-x86_64/config/kibana.ymlCopy the code# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Server. port: 5601 server.host: "192.168.2.207" Cloud server 0.0.0.0 ElasticSearch. url: "http://localhost:9200"Copy the code# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Nohup /usr/local/kibana-6.7.2-linux-x86_64/bin/kibana > kibana.log 2> &1&Copy the code#// Collect logs via fileBeat and send them to logstash.
Vi/usr/local/filebeat - 6.7.2 - Linux - x86_64 / filebeat ymlCopy the code# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
filebeat.prospectors: - type: log enabled: true paths: - /var/log/*.log output.logstash: hosts: ["localhost:5044"] comment output.elasticSearchCopy the code# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Nohup /usr/local/filebeat-6.7.2-linux-x86_64/filebeat -e -c /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml -d nohup /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml -d "publish" > filebeat.log 2>&1 &Copy the code# Finally, check out the 3 log errors in Su-ElasticSearch.
1. Generally, no log is generated because FileBeat has not configured the Logstash properly, or the elSASearch or Logstash status is faulty, or the configuration file is incorrect
2, the general log cannot be found, which may be the problem that the timestamp cannot be separated
3, Docker directory location: – /var/new_lib/docker-container// -json.log
4. The server time is inconsistent with the real time
Time modification: root user
#######################
yum install -y ntpdate
yes | cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate us.pool.ntp.org
crontab -l >/tmp/crontab.bak
echo "*/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP" >> /tmp/crontab.bak
crontab /tmp/crontab.bak
#######################
Copy the codeReference website: