wget下载地址:
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.16.2-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/kibana/kibana-7.16.2-linux-x86_64.tar.gz
https://artifacts.elastic.co/downloads/logstash/logstash-7.16.2-linux-x86_64.tar.gz
将以上三个包统一存放在/usr/local目录下
ps:由于elasticsearch不允许使用root启动,创建以下用户及yoghurt组以备用
【添加组】【用户组名】
groupadd elsearch
【添加用户】【用户名】-g【用户组名】-p【密码值】
useradd elsearch -g elsearch -p elsearch
1)将三个包解压
tar -zxvf elasticsearch-7.16.2-linux-x86_64.tar.gz
tar -zxvf logstash-7.16.2-linux-x86_64.tar.gz
tar -zxvf kibana-7.16.2-linux-x86_64.tar.gz
2)将解压后的目录及权限交给刚创建的elsearch用户
chown -R elsearch:elsearch /usr/local/elasticsearch-7.16.2
chown -R elsearch:elsearch /usr/local/logstash-7.16.2
chown -R elsearch:elsearch /usr/local/kibana-7.16.2-linux-x86_64
修改配置文件elasticsearch.yml
cd /usr/local/elasticsearch-7.16.2/config
vim elasticsearch.yml
按以下方式进行修改:
#集群名称(按实际需要配置名称)
cluster.name: chy-elasticsearch
#节点名称
node.name: node-1
#数据路径(按实际需要配置日志地址)
path.data: /usr/local/elasticsearch-7.16.2/data
#日志路径(按实际需要配置日志地址)
path.logs: /usr/local/elasticsearch-7.16.2/logs
#地址(通常使用内网进行配置)
network.host: 127.0.0.1
#端口号
http.port: 18201
#节点地址
discovery.seed_hosts: ["127.0.0.1", "[::1]"]
#集群master
cluster.initial_master_nodes: ["node-1"]
#跨域(这两项配置手动添加一下)
http.cors.enabled: true
http.cors.allow-origin: "*"
cd /usr/local/elasticsearch-7.16.2/bin
nohup ./elasticsearch >/dev/null &
观察日志判断elasticsearch 是否启动
cd /usr/local/elasticsearch-7.16.2/logs
tail -fn 100 /usr/local/elasticsearch-7.16.2/logs/chy-elasticsearch.log
注:上面这条语句结尾的'chy-elasticsearch.log’为配置中的cluster.name的值
修改配置文件logstash-sample.conf
cd /usr/local/logstash-7.16.2/config
将logstash-sample.conf文件复制一份,并命名为logstash.conf
cp logstash-sample.conf logstash.conf
vim logstash.conf
注意:为了方便解释含义,以下包含注释'#’的行请手动去除
input {
#配合使用filebeats的端口,可忽略
beats {
port => 5044
}
#logstash向elasticsearch 传输数据端口
tcp{
port => 5701
codec =>"json"
}
}
#以下配置为创建用户索引及默认索引情况
output {
if[appname] != "" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "%{[appname]}-%{+YYYY.MM.dd}"
}
} else {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
}
cd /usr/local/logstash-7.16.2/bin
nohup ./logstash -f /usr/local/logstash-7.16.2/config/logstash.conf >../logs/logstash.log &
查看日志检查logstash是否成功启动
cd /usr/local/logstash-7.16.2/logs
tail -fn 100 logstash.log
cd /usr/local/kibana-7.16.2-linux-x86_64/config
vim kibana.yml
按以下进行配置
#服务端口(按实际需求)
server.port: 18501
#服务主机(这里是服务器内网地址)
server.host: "172.16.176.60"
#服务名(按实际需求)
server.name: "chy-Kibana"
#elasticsearch地址
elasticsearch.hosts: ["http://127.0.0.1:18201"]
#设置简体中文
i18n.locale: "zh-CN"
cd /usr/local/kibana-7.16.2-linux-x86_64/bin
nohup ./kibana >/dev/null &
浏览器打开:http://{kibana服务器IP}:{端口}/app/home
例如:http://192.168.1.120:18501/app/home
出现kibana首页则表明启动成功
项目依赖logstash
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>7.0.1</version>
</dependency>
<springProperty scope="context" name="logstash.destination" source="logstash.destination"/>
<appender name="logStash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<param name="Encoding" value="UTF-8"/>
<!-- 日志过滤器(参见) -->
<filter class="com.****.****.common.log.CustomLogFilesFilter"/>
<!--<destination>101.37.65.233:18401</destination>-->
<destination>${logstash.destination}</destination>
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" >
<!-- 索引名appname对应logStash配置中创建的索引 -->
<customFields>{"appname":"${logback.appname}"}</customFields>
</encoder>
</appender>
<!-- 最后别忘了这个 -->
<root level="info">
<appender-ref ref="logStash" />
</root>
联系客服
