服务器配置

服务器
IP地址 : 192.168.10.19
CPU: i7
MEM: 12G
HD: 500G
OS: centos7.9

到官网看下ES的支持的版本
https://www.elastic.co/cn/support/matrix
目前提供的服务器是支持的。

安装步骤

1. 安装最新版的java

访问,https://www.oracle.com/java/technologies/javase/jdk11-archive-downloads.html

下载java 11 jdk
https://www.oracle.com/java/technologies/javase/jdk11-archive-downloads.html#license-lightbox
需要进行登陆才能下载,为了方便起见,我们下载解压包,然后解压会比简单,容易使得java的多个版本共存

mkdir -p /opt/efk/
cd /opt/efk
wget 'https://download.oracle.com/otn/java/jdk/11.0.22+9/8662aac2120442c2a89b1ee9c67d7069/jdk-11.0.22_linux-x64_bin.tar.gz?AuthParam=1714965968_b152a7401dcd107773b64fc5790bd9f4'

解压该文件,/opt/efk 目录结构如下

[root@servermeeting efk]# tree -L 2
.
├── elasticsearch-7.17.20-linux-x86_64.tar.gz
├── filebeat-7.17.20-linux-x86_64.tar.gz
├── jdk-11.0.22
│   ├── bin
│   ├── conf
│   ├── include
│   ├── jmods
│   ├── legal
│   ├── lib
│   ├── man
│   ├── README.html
│   └── release
├── jdk-11.0.22_linux-x64_bin.tar.gz
├── kibana-7.17.20-linux-x86_64.tar.gz
└── logstash-7.17.20-linux-x86_64.tar.gz

下载 EFK的三个软件

进入官方下载网站,https://www.elastic.co/cn/downloads/past-releases#filebeat
然后在下拉框中选取你所需要的版本,注意这三个软件的版本号要有一致,减少不必要的安装和配置的问题。

wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.20-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.20-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.20-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.17.20-linux-x86_64.tar.gz

解压安装ES

配置内核参数

编辑 /etc/security/limits.conf
vi /etc/security/limits.conf,添加下面内容:
* soft nofile 65536
* hard nofile 65536
之后重新登录生效。

在/etc/sysctl.conf文件最后添加一行

vm.max_map_count=262144
执行/sbin/sysctl -p 立即生效

解压

[root@servermeeting efk]# tar xzf elasticsearch-7.17.20-linux-x86_64.tar.gz
[root@servermeeting efk]# ll
total 1171876
drwxr-xr-x. 9 root root       155 Apr  8 16:38 elasticsearch-7.17.20
-rw-r--r--. 1 root root 327031065 Apr  9 15:09 elasticsearch-7.17.20-linux-x86_64.tar.gz
-rw-r--r--. 1 root root  36931104 Apr  9 15:00 filebeat-7.17.20-linux-x86_64.tar.gz
drwxr-xr-x. 9 root root       126 May  6 11:55 jdk-11.0.22
-rw-r--r--. 1 root root 168647933 Dec 20 06:11 jdk-11.0.22_linux-x64_bin.tar.gz
-rw-r--r--. 1 root root 302691554 Apr  9 15:16 kibana-7.17.20-linux-x86_64.tar.gz
-rw-r--r--. 1 root root 364689902 Apr  9 15:19 logstash-7.17.20-linux-x86_64.tar.gz
[root@servermeeting efk]# cd elasticsearch-7.17.20
[root@servermeeting elasticsearch-7.17.20]# ls
bin  config  jdk  lib  LICENSE.txt  logs  modules  NOTICE.txt  plugins  README.asciidoc

修改config下的主配置文件 elasticsearch.yml
创建data目录
mkdir -p /opt/efk/elasticsearch-7.17.20/data
修改以下内容

cluster.name: my-application
node.name: node-1
path.data: /opt/efk/elasticsearch-7.17.20/data
path.logs: /opt/efk/elasticsearch-7.17.20/logs
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"]

修改config下面的文件 jvm.options,把java启动时候的内存改成3g。


################################################################
## IMPORTANT: JVM heap size
################################################################
##
## The heap size is automatically configured by Elasticsearch
## based on the available memory in your system and the roles
## each node is configured to fulfill. If specifying heap is
## required, it should be done through a file in jvm.options.d,
## and the min and max should be set to the same value. For
## example, to set the heap to 4 GB, create a new file in the
## jvm.options.d directory containing these lines:
##
-Xms3g
-Xmx3g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/7.17/heap-size.html
## for more information
##
################################################################

增加用户/组

ES不允许root启动,因此增加elastic用户和组,注意elastic生成系统用户,不需要家目录。

[root@servermeeting config]# useradd -r elastic
[root@servermeeting config]# id elastic
uid=996(elastic) gid=992(elastic) groups=992(elastic)

chown -R elastic:elastic /opt/efk/elasticsearch-7.17.20

放行9200端口

firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --reload

切换身份运行

su - elastic
/opt/efk/elasticsearch-7.17.20/bin/elasticsearch -d

安装logstash

解压

tar -zxvf logstash-7.17.20-linux-x86_64.tar.gz

.修改配置:logstash-sample.conf

注释掉原来的 output,然后再增加一个


output {
  if "mes-3" in [tags] {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "[mes-log]-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
 }
}
output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
}

放行 5601

firewall-cmd --add-port=5044/tcp --permanent
firewall-cmd --reload

启动

修改用户权限,切换身份启动

chown -R elastic:elastic ../../logstash-7.17.20
su - elastic
 cd /opt/efk/logstash-7.17.20/
nohup bin/logstash -f logstash-sample.conf &

安装kibana

解压

tar zxf kibana-7.17.20-linux-x86_64.tar.gz
top
cd kibana-7.17.20-linux-x86_64
chown -R elastic:elastic ../../kibana-7.17.20-linux-x86_64

修改配置文件

修改下host主机IP,否则外部机器不能够启动,默认启动端口是5601

# cat kibana.yml  |grep -v ^#
server.host: "192.168.10.19"
server.name: "YCJY"

放行 5601

firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload

启动

nohup kibana &

安装filebeat

解压
配置暂时不修改
直接启动
nohup /opt/efk/filebeat-7.17.20-linux-x86_64/filebeat &

作者:严锋  创建时间:2024-05-06 11:00
最后编辑:严锋  更新时间:2025-05-09 15:48