安裝包都可以在華爲雲鏡像站獲取,下載速度快,官網的速度太慢了。
https://mirrors.huaweicloud.com/
這裏下載安裝的版本都是 7.1.0 版本的
下面鏈接是已經下載好的,可以在這裏打包下載
打包下載
一、elasticsearch 安裝配置
1、創建用戶
無法使用 root 用戶安裝,先創建用戶 myesuser
useradd myesuser
passwd myesuser
2、解壓
將es下載的安裝包解壓到指定目錄 /home/your-es-path/elasticsearch/
tar -zxvf /home/your-es-path/elasticsearch-7.1.0-linux-x86_64.tar.gz -C /home/your-es-path/elasticsearch/
3、修改文件權限
創建數據保存文件目錄,並修改權限
mkdir -p /home/your-es-path/esdata
chown -R myesuser:myesuser /home/your-es-path/esdata
給目錄分配權限
chown -R myesuser:myesuser /home/your-es-path/elasticsearch/elasticsearch-7.1.0/
chown -R myesuser:myesuser /home/your-es-path/elasticsearch/elasticsearch-7.1.0/config/
chown -R myesuser:myesuser /home/your-es-path/logs/es/
chmod -R +x /home/your-es-path/elasticsearch/elasticsearch-7.1.0/bin
4、修改安全限制配置
安全限制配置文件修改
不配置這個,就會報下面錯誤。 改了後,es 用戶需要重新登錄
#vim /etc/security/limits.conf
myesuser soft nofile 65536
myesuser hard nofile 65536
myesuser soft nproc 4096
myesuser hard nproc 4096
myesuser soft memlock unlimited
myesuser hard memlock unlimited
沒有增加以上參數,將出現以下錯誤
[2020-03-24T16:42:34,176][INFO ][o.e.n.Node ] [yourname] initialized
[2020-03-24T16:42:34,176][INFO ][o.e.n.Node ] [yourname] starting ...
[2020-03-24T16:42:45,352][INFO ][o.e.t.TransportService ] [yourname] publish_address {yourhost:9400}, bound_addresses {yourhost:9300}
[2020-03-24T16:42:45,359][INFO ][o.e.b.BootstrapChecks ] [yourname] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2020-03-24T16:42:45,366][INFO ][o.e.n.Node ] [yourname] stopping ...
[2020-03-24T16:42:45,412][INFO ][o.e.n.Node ] [yourname] stopped
[2020-03-24T16:42:45,413][INFO ][o.e.n.Node ] [yourname] closing ...
[2020-03-24T16:42:45,422][INFO ][o.e.n.Node ] [yourname] closed
[2020-03-24T16:42:45,424][INFO ][o.e.x.m.p.NativeController] [yourname] Native controller process has stopped - no new native processes can be started
5、修改 elasticsearch.yml 配置文件
修改 es 的配置文件 elasticsearch.yml
# 去掉註釋修改對應值,或者添加對應配置項
cluster.name: your-application-name
node.name: node-1
path.data: /home/your-es-path/esdata
path.logs: /home/your-es-path/logs/es/
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.zen.minimum_master_nodes: 1
transport.tcp.compress: true
cluster.initial_master_nodes: ["node-1"]
6、啓動
如果要後臺啓動,就加 -d 參數,不需要就不用加。
./elasticsearch -d
啓動成功後,瀏覽器輸入地址訪問:
http://yourip:9200/
二、kibana 安裝配置
1、下載和解壓
將下載的壓縮包文件解壓到目錄 /home/your-es-path/kibana
tar -zxvf /home/your-es-path/kibana-7.1.0-linux-x86_64.tar.gz -C
/home/your-es-path/kibana
查看端口是否在使用
如果需要看端口是否被其他程序佔用,可以使用命令測試
ss -antlup | grep 5601
2、修改 kibana 配置
只需要打開下面的註釋就行了。
並加上漢化配置項
server.name: "your-kibana-name"
elasticsearch.hosts: ["http://localhost:9200"]
# 7 版本後,自帶支持漢化
i18n.locale: "zh-CN"
3、啓動
進入 bin 目錄後,
./kibana
如果需要後臺啓動,可以用以下命令
nohup /home/your-es-path/kibana/kibana-7.1.0-linux-x86_64/bin/kibana &
查看日誌
tail -f /home/your-es-path/kibana/kibana-7.1.0-linux-x86_64/nohup.out
三、filebeat 安裝配置
使用 filebeat 來收集 nginx 的日誌,需要在 nginx 的服務器安裝 filebeat
1、下載解壓
將下載的filebeat 壓縮包解壓到目錄 /data/filebeat/
tar -zxvf /data/your-fb-path/filebeat-7.1.0-linux-x86_64.tar.gz -C /data/your-fb-path/
2、修改配置文件
chown root filebeat.yml
filebeat.inputs:
- type: log
# Change to true to enable this input configuration.
enabled: false
# Paths that should be crawled and fetched. Glob based paths.
paths:
- /your-nginx-path/logs/access.log
#============================== Kibana =====================================
setup.kibana:
host: "yourip:5601"
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["yourip:9200"]
3、啓用收集 nginx 模塊
在 filebeat 下執行下面命令即可
./filebeat modules enable nginx
啓動模塊後,修改對應模塊下配置文件的日誌路徑
/data/your-fb-path/filebeat-7.1.0-linux-x86_64/modules.d/nginx.yml
- module: nginx
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/your-nginx-path/logs/access.log"]
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
#var.convert_timezone: true
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["/your-nginx-path/logs/error.log"]
# Convert the timestamp to UTC. Requires Elasticsearch >= 6.1.
#var.convert_timezone: true
4、啓動
直接啓動接口
./filebeat -e