This is the 27th day of my participation in Gwen Challenge

😄 direct disk, before the test and online installation of a version, the difference between online and test configuration is not the same.

Wget wget HTTP: / / https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.7.2.tar.gz https://artifacts.elastic.co/downloads/kibana/kibana-6.7.2-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.7.2-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/logstash/logstash-6.7.2.tar.gzCopy the code

/ / can be downloaded to a network backup pan.baidu.com/s/1cQ1RP75W… 9s64

Tar -xzvf elasticSearch-6.7.2.tar. gz -c /usr/local/tar -xzvf kibana-6.7.2-linux-x86_64.tar.gz -c /usr/local/tar -xzvf elasticSearch-6.7.2-linux-x86_64.tar. gz -c /usr/local/tar -xzvf Filebeat-6.7.2-linux-x86_64.tar. gz -c /usr/local/tar-xzvf logstash-6.7.2.tar.gz -c /usr/local/Copy the code

First JDK installation environment # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

rpm -ivh jdk-8u202-linux-x64.rpm pid="sed -i '/export JAVA_HOME/d' /etc/profile" eval $pid pid="sed -i '/export CLASSPATH/d' /etc/profile" eval $pid cat >> /etc/profile <<EOF export JAVA_HOME= /usr/java-jdk1.8.0_152 export CLASSPATH=%JAVA_HOME%/lib:%JAVA_HOME%/jre/lib export PATH=\$PATH:\$JAVA_HOME/bin EOF source /etc/profile java -versionCopy the code

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # user permissions to the user groups

groupadd elasticsearch useradd elasticsearch -g elasticsearch chown -R elasticsearch.elasticsearch / usr/local/elasticsearch - 6.7.2 chown -r elasticsearch. Elasticsearch/usr/local/kibana - 6.7.2 - Linux - x86_64 / config chown -r Elasticsearch. Elasticsearch/usr/local/filebeat - 6.7.2 - Linux - x86_64 hostnamectl set - the hostname elk - server systemctl stop firewalld.service systemctl disable firewalld.serviceCopy the code
cat >> /etc/security/limits.conf << EOF * soft nofile 65536 * hard nofile 131072 * soft nproc 2048 * hard nproc 4096 EOF  cat >> /etc/sysctl.conf << EOF vm.max_map_count=655360 EOF sysctl -pCopy the code
Su - elasticSearch /usr/local/elasticSearch -6.7.2 /bin/elasticSearch -d // Enable elasticSearch vim / usr/local/elasticsearch - 6.7.2 / config/elasticsearch. Yml modify network: 0.0.0.0 curl http://127.0.0.1:9200 vi / usr/local/logstash 6.7.2 / config/logstash ymlCopy the code

Need root to create elasticsearch user permissions # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

path.data: /data/logstash/data
path.logs: /data/logstash/logs
Copy the code

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Vi/usr/local/logstash - 6.7.2 / default. ConfCopy the code

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Input {beats {host => "192.168.244.200" port => 5044 COdec => plain {charset => "UTF-8"}}} output {elasticSearch {hosts => "127.0.0.1:9200" Manage_template => false index => "%{[@metadata][beat]}-%{+ YYYy.mm. Dd}" document_type => "%{[@metadata][type]}" } }Copy the code

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Options: vi /usr/local/logstuck-6.7.2 /config/jvm.options: vi /usr/local/logstuck-6.7.2 /config/jvm.options Change the JVM memory to 1 GBCopy the code

/ / start logstash

Nohup /usr/local/logstash-6.7.2/bin/logstash -f /usr/local/logstash-6.7.2/default.conf --config.reload. Automatic > logstash.log 2>&1 &Copy the code
Vi/usr/local/kibana - 6.7.2 - Linux - x86_64 / config/kibana ymlCopy the code

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

Server. port: 5601 server.host: "192.168.2.207" Cloud server 0.0.0.0 ElasticSearch. url: "http://localhost:9200"Copy the code

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

/ / start kibana

Nohup /usr/local/kibana-6.7.2-linux-x86_64/bin/kibana > kibana.log 2> &1&Copy the code

// Collect logs with fileBeat and send them to logstash

Vi/usr/local/filebeat - 6.7.2 - Linux - x86_64 / filebeat ymlCopy the code

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/log/*.log
output.logstash:
  hosts: ["localhost:5044"]
Copy the code

Comment out the output. Elasticsearch

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # start filebeat

Nohup /usr/local/filebeat-6.7.2-linux-x86_64/filebeat -e -c /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml -d nohup /usr/local/filebeat-6.7.2-linux-x86_64/filebeat.yml -d "publish" > filebeat.log 2>&1 &Copy the code

Finally, take a look at the 3 log errors in Su-ElasticSearch.

  • Generally, no log is generated because FileBeat is not properly configured with logstash, or the elSASearch or Logstash status is faulty, or the configuration file is incorrect
  • Generally, logs cannot be found because the timestamp cannot be separated
  • Docker directory location: – /var/new_lib/docker-container//-json.log
  • The server time is inconsistent with the real time

Time modification: root user

# # # # # # # # # # # # # # # # # # # # # # #

yum install -y ntpdate
yes | cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
ntpdate us.pool.ntp.org
crontab -l >/tmp/crontab.bak
echo "*/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org | logger -t NTP" >> /tmp/crontab.bak
crontab /tmp/crontab.bak
Copy the code

# # # # # # # # # # # # # # # # # # # # # # #

reference

  • Blog.51cto.com/andyxu/2124…
  • Blog.csdn.net/boling_cava…

Thank you for reading this, if this article is well written and if you feel there is something to it

Ask for a thumbs up 👍 ask for attention ❤️ ask for share 👥 for 8 abs I really very useful!!

If there are any mistakes in this blog, please comment, thank you very much! ❤ ️ ❤ ️ ❤ ️ ❤ ️