安装jdk
JDK版本大于1.8
elk下载地址:
https://www.elastic.co/products
注意:elk三个版本都要保持一致。
rpm -ivh elasticsearch-5.4.0.rpm
rpm -ivh logstash-5.4.0.rpm
rpm -ivh kibana-5.4.0-x86_64.rpm
mkdir -p /data/elasticsearch/{logs,snapshots,nodes}
在文件最后 /etc/security/limits.conf 添加
vi /etc/security/limits.conf
elk hard nofile 65536
elk soft nofile 65536
在文件最后 /etc/sysctl.conf 添加
vi /etc/sysctl.conf
vm.max_map_count=655360
vm.swappiness = 1
使用 sysctl -p 命令来让参数
chown -R elasticsearch:elasticsearch /data/elasticsearch/
修改 elasticsearch 配置文件
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: bx-es
node.name: node-1
path.data: /data/elasticsearch/
path.logs: /data/elasticsearch/logs
path.repo: /data/elasticsearch/snapshots
network.host: ["192.168.56.10","localhost"]
http.port: 9200
修改 elasticsearch 内存
/etc/elasticsearch/jvm.options
-Xms300m
-Xmx300m
启动 elasticesrarch
/etc/init.d/elasticsearch start
或者(针对centos 7.X 及以上):
systemctl start elasticsearch
修改 logstash 配置文件
vi /etc/logstash/logstash.yml
path.data: /var/lib/logstash
pipeline.workers: 2
pipeline.output.workers: 10
pipeline.batch.size: 10000
path.config: /etc/logstash/conf.d
config.reload.automatic: true
config.reload.interval: 60
config.debug: true
log.level: info
path.logs: /data/logstash/logs
启动 logstash
systemctl start logstash
修改 kibana 配置文件
vi /etc/kibana/kibana.yml
server.port: 5601
server.host: "192.168.56.10"
server.name: "192.168.56.10"
elasticsearch.url: "http://192.168.56.10:9200"
启动 kibana
systemctl start kibana