Elasticsearch + Logstash + Kibana搭建

~]$ vim /etc/profile
　　　export JAVA_HOME=/usr/local/jdk1.8.0_201
　　　export JAVA_BIN=/usr/local/jdk1.8.0_201/bin
　　　export PATH=$PATH:$JAVA_BIN
　　　export CLASSPATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
　　　export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
　　　export JAVA_HOME JAVA_BIN PATH CLASSPATH
~]$ source /etc/profile   #刷新环境变量

~]$ java -version   #查看java版本
　　java version "1.8.0_201"
　　Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
　　Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)

#修改系统链接数
~]$ vim /etc/sysctl.conf
　vm.max_map_count = 655360
　fs.file = 1000000
~]$ sysctl -p  #刷新配置

#修改系统打开文件数为65535
~]$ vim /etc/security/limits.conf
　　* soft nofile 65536
　　* hard nofile 65536
　　* soft nproc 65536
　　* hard nproc 65536
~]$ ulimit -n #查看系统文件数
　　ulimit -n 65535  #若是系统

~]$ vim /etc/security/limits.d/20-nproc.conf
*  soft  nproc 1024 修改成  * soft nproc 2048

1）解压ES安装包
tar -xf elasticsearch-7.1.1-linux-x86_64.tar
mv elasticsearch-7.1.1-linux-x86_64.tar /apps/elasticsearch
2）建立启动用户
useradd  elastic 
3）建立启动日志目录,数据目录，PID目录
mkdir -p /apps/log/elasticsearch
mkdir -p /apps/lib/elasticsearch
mkdir -p /apps/run/elasticsearch
4）赋予对应权限
chown -R elastic:elastic /apps/elasticsearch
chown -R elastic:elastic /apps/log/elasticsearch
chown -R elastic:elastic /apps/lib/elasticsearch
chown -R elastic:elastic /apps/run/elasticsearch

5）修改ES配置文件
~]$ vim /etc/elasticsearch/config/elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#判断节点是否属于统一集群，多台ES集群名称要一致
cluster.name: daoran
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#节点名称，写主机名就行
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#ES数据目录
path.data: /apps/lib/elasticsearch
#
# Path to log files:
#ES日志目录
path.logs: /apps/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#解决centos6可能会报错，因此添加这行
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#network.host: 172.17.0.2只能本地访问，若是想浏览器访问改成0.0.0.0
network.host: 192.168.1.101
#
# Set a custom port for HTTP:
#
#默认ES端口
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#开启这行注释(集群初始主节点)
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#添加新参数，这样head插件能够访问ES
#是否支持跨域，默认为false
http.cors.enabled: true 
#当设置容许跨域，默认为*,表示支持全部域名，若是咱们只是容许某些网站能访问，那么可使用正则表达式。好比只容许本地地址。 /https?:\/\/localhost(:[0-9]+)?/
http.cors.allow-origin: "*"
#解决若是安装了x-pack插件会致使head访问不了问题,未安装x-pack不须要添加
http.cors.allow-headers: "Authorization,X-Requested-With,Content-Length,Content-Type"
#是否开启x-pack验证，默认是false（此项须要理解ES运行后再开启，不然坑比较多，前期建议先关闭），若是开启还须要增长ssl方式，否定则会报错
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false

6）设置jvm内存，通常设置为物理内存一半
~]$vim /apps/elasticsearch/config/jvm.options
　　-Xms1g
　　-Xmx1g
7）以守护进程启动Elasticsearch
~]$ su elastic #不能用root启动，不然会报错
elastic]$ cd /apps/elasticsearch
elastic]$ ./bin/elasticsearch -d

~]$ yum install httpd -y
~]$ unzip -o elasticsearch-head-master.tar
~]$ cp -r elasticsearch-head-master/* /var/www/html/
~]$ vim /var/www/html/_site/app.js
　　将配置文件中的
　　this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://localhost:9200";
　　修改成：
　　this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.1.101:9200";
#启动httpd服务
~]$ service httpd start

~]$ tar -xf kibana-7.1.1-linux-x86_64.tar
~]$ mv kibana-7.1.1-linux-x86_64 /apps/kibana
~]$ vim /apps/kibana/config/kibana.yml

# Kibana is served by a back end server. This setting specifies the port to use.
#Kibana默认服务端口
server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
#服务访问地址
server.host: "192.168.1.101"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
#server.rewriteBasePath: false

# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576

# The Kibana server's name.  This is used for display purposes.
#server.name: "your-hostname"

# The URLs of the Elasticsearch instances to use for all your queries.
#链接Elasticsearch
elasticsearch.hosts: ["http://192.168.1.101:9200"]

# When this setting's value is true Kibana uses the hostname specified in the server.host
# setting. When the value of this setting is false, Kibana uses the hostname of the host
# that connects to this Kibana instance.
#elasticsearch.preserveHost: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
# dashboards. Kibana creates a new index if the index doesn't already exist.
#Kibana日志
kibana.index: ".kibana"

# The default application to load.
#kibana.defaultAppId: "home"

················

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
#i18n.locale: "en"
#添加中文支持
i18n.locale: "zh-CN"

因为Kibana是须要在前台运行，因此使用screen
~]$screen   #这样就另开启一个终端窗口了
~]$cd /apps/kibana/
~]$./bin/kibana

~]$tar -xf logstash-7.1.1.tar.gz
~]$mv logstash-7.1.1 /apps/logstas

因为ELK如今版本已经自带了x-pack因此不须要再去安装x-pack只需开启就行
##############################################Elasticsearch 
修改Elasticsearch配置文件，开启x-pack验证
~]$vim /apps/elasticsearch/config/elasticsearch.yml
········
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true

从新启动Elasticsearch
~]$su elastic
elastic]$cd /apps/elasticsearch/
elastic]$./bin/elasticsearch

##############################################Logstach
修改Logstach配置文件，取消以下几行的注释并修改内容
~]$vim /apps/logstash/config/logstash.yml
·········
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "changeme"
xpack.monitoring.elasticsearch.hosts: ["https://192.168.1.101:9200"]

############################################## Elasticsearch-head
重启head插件
~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
再次访问head时，URL须要加上帐户和密码，不然访问不到页面：
192.168.1.101/?auth_user=elastic&auth_password=changeme

##############################################Kibana~]
取消链接Elasticsearch帐户的注释
~]$vim /apps/kibana/config/kibana.yml
········
elasticsearch.username: "elastic"
elasticsearch.password: "changeme"

重启Kibana，就会看到以下登陆页面