This is the 27th day of my participation in Gwen Challenge
😄 direct disk, before the test and online installation of a version, the difference between online and test configuration is not the same.
Wget wget HTTP: / / https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.7.2.tar.gz https://artifacts.elastic.co/downloads/kibana/kibana-6.7.2-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.7.2-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/logstash/logstash-6.7.2.tar.gzCopy the code
/ / can be downloaded to a network backup pan.baidu.com/s/1cQ1RP75W… 9s64
Tar -xzvf elasticSearch-6.7.2.tar. gz -c /usr/local/tar -xzvf kibana-6.7.2-linux-x86_64.tar.gz -c /usr/local/tar -xzvf elasticSearch-6.7.2-linux-x86_64.tar. gz -c /usr/local/tar -xzvf Filebeat-6.7.2-linux-x86_64.tar. gz -c /usr/local/tar-xzvf logstash-6.7.2.tar.gz -c /usr/local/Copy the code
First JDK installation environment # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
rpm -ivh jdk-8u202-linux-x64.rpm pid="sed -i '/export JAVA_HOME/d' /etc/profile" eval $pid pid="sed -i '/export CLASSPATH/d' /etc/profile" eval $pid cat >> /etc/profile <<EOF export JAVA_HOME= /usr/java-jdk1.8.0_152 export CLASSPATH=%JAVA_HOME%/lib:%JAVA_HOME%/jre/lib export PATH=\$PATH:\$JAVA_HOME/bin EOF source /etc/profile java -versionCopy the code
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # user permissions to the user groups
groupadd elasticsearch useradd elasticsearch -g elasticsearch chown -R elasticsearch.elasticsearch / usr/local/elasticsearch - 6.7.2 chown -r elasticsearch. Elasticsearch/usr/local/kibana - 6.7.2 - Linux - x86_64 / config chown -r Elasticsearch. Elasticsearch/usr/local/filebeat - 6.7.2 - Linux - x86_64 hostnamectl set - the hostname elk - server systemctl stop firewalld.service systemctl disable firewalld.serviceCopy the code
cat >> /etc/security/limits.conf << EOF * soft nofile 65536 * hard nofile 131072 * soft nproc 2048 * hard nproc 4096 EOF cat >> /etc/sysctl.conf << EOF vm.max_map_count=655360 EOF sysctl -pCopy the code
Su - elasticSearch /usr/local/elasticSearch -6.7.2 /bin/elasticSearch -d // Enable elasticSearch vim / usr/local/elasticsearch - 6.7.2 / config/elasticsearch. Yml modify network: 0.0.0.0 curl http://127.0.0.1:9200 vi / usr/local/logstash 6.7.2 / config/logstash ymlCopy the code
Need root to create elasticsearch user permissions # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
path.data: /data/logstash/data
path.logs: /data/logstash/logs
Copy the code
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Vi/usr/local/logstash - 6.7.2 / default. ConfCopy the code
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Input {beats {host => "192.168.244.200" port => 5044 COdec => plain {charset => "UTF-8"}}} output {elasticSearch {hosts => "127.0.0.1:9200" Manage_template => false index => "%{[@metadata][beat]}-%{+ YYYy.mm. Dd}" document_type => "%{[@metadata][type]}" } }Copy the code
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Options: vi /usr/local/logstuck-6.7.2 /config/jvm.options: vi /usr/local/logstuck-6.7.2 /config/jvm.options Change the JVM memory to 1 GBCopy the code
/ / start logstash
Nohup /usr/local/logstash-6.7.2/bin/logstash -f /usr/local/logstash-6.7.2/default.conf --config.reload. Automatic > logstash.log 2>&1 &Copy the code
Vi/usr/local/kibana - 6.7.2 - Linux - x86_64 / config/kibana ymlCopy the code
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
Server. port: 5601 server.host: "192.168.2.207" Cloud server 0.0.0.0 ElasticSearch. url: "http://localhost:9200"Copy the code
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
/ / start kibana
Nohup /usr/local/kibana-6.7.2-linux-x86_64/bin/kibana > kibana.log 2> &1&Copy the code
// Collect logs with fileBeat and send them to logstash
Vi/usr/local/filebeat - 6.7.2 - Linux - x86_64 / filebeat ymlCopy the code
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
filebeat.prospectors:
- type: log
enabled: true
paths:
- /var/log/*.log
output.logstash:
hosts: ["localhost:5044"]
Copy the code
Comment out the output. Elasticsearch
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # start filebeat
Nohup /usr/local/filebeat-6.7.2-linux-x86_64/filebeat -e -c /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml -d nohup /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml -d "publish" > filebeat.log 2>&1 &Copy the code
Finally, take a look at the 3 log errors in Su-ElasticSearch.
- Generally, no log is generated because FileBeat is not properly configured with logstash, or the elSASearch or Logstash status is faulty, or the configuration file is incorrect
- Generally, logs cannot be found because the timestamp cannot be separated
- Docker directory location: – /var/new_lib/docker-container//-json.log
- The server time is inconsistent with the real time
Time modification: root user
# # # # # # # # # # # # # # # # # # # # # # #
yum install -y ntpdate
yes | cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate us.pool.ntp.org
crontab -l >/tmp/crontab.bak
echo "*/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP" >> /tmp/crontab.bak
crontab /tmp/crontab.bak
Copy the code
# # # # # # # # # # # # # # # # # # # # # # #
reference
- Blog.51cto.com/andyxu/2124…
- Blog.csdn.net/boling_cava…
Thank you for reading this, if this article is well written and if you feel there is something to it
Ask for a thumbs up 👍 ask for attention ❤️ ask for share 👥 for 8 abs I really very useful!!
If there are any mistakes in this blog, please comment, thank you very much! ❤ ️ ❤ ️ ❤ ️ ❤ ️