admin管理员组文章数量:1579963
Elastic Stack(Elasticsearch + kibana + Logstash + FileBeat + APM) 7.17.14 版本的本地搭建
1.前言:
1.本文为Elastic Stack 7.17.14版本 进行 安装的 非集群 环境配置说明,并且如果使用的是8.x 版本的Elastic Stack产品,本文不适用
2.本文示例为使用Kibana查看日志,使用FileBeat监听nginx日志,APM监听JAVA性能指标
2.文档涉及的软硬件环境
2.1.硬件
3台计算机,配置如下
设备1:elasticsearch + kibana
| # | 设备 | |
|---|---|---|
| 1 | CPU | 2核4线程 及以上,推荐 8核16线程 |
| 2 | 内存 | 16GB |
| 4 | SSD硬盘 | 100GB 以上 |
| 5 | 网络 | 设置固定IP ,例如: 192.168.5.181 |
设备2:logstash + apm server
| # | 设备 | |
|---|---|---|
| 1 | CPU | 2核4线程 及以上,推荐 8核16线程 |
| 2 | 内存 | 16GB |
| 4 | SSD硬盘 | 100GB 以上 |
| 5 | 网络 | 设置固定IP ,例如: 192.168.5.182 |
设备3:nginx + filebeat
| # | 设备 | |
|---|---|---|
| 1 | CPU | 2核4线程 及以上 |
| 2 | 内存 | 8GB |
| 4 | SSD硬盘 | 20GB 以上 |
| 5 | 网络 | 设置固定IP ,例如: 192.168.5.184 |
2.2.软件
注: 所有软件必须为同一版本
| # | 设备 | 版本及下载地址 |
|---|---|---|
| 1 | CentOS 7.9 | CentOS-7-x86_64-Everything-2009.iso |
| 2 | elasticsearch | elasticsearch-7.17.14-x86_64.rpm |
| 3 | kibana | kibana-7.17.14-x86_64.rpm |
| 4 | logstash | logstash-7.17.14-x86_64.rpm |
| 5 | filebeat | filebeat-7.17.14-x86_64.rpm |
| 6 | apm-server | apm-server-7.17.14-x86_64.rpm |
2.3.软件安装顺序
- CentOS 7.9
- elasticsearch-7.17.14-x86_64.rpm(服务器 192.168.5.181)
- kibana-7.17.14-x86_64.rpm(服务器 192.168.5.181)
- logstash-7.17.14-x86_64.rpm(服务器 192.168.5.182)
- filebeat-7.17.14-x86_64.rpm(服务器 192.168.5.184)
- apm-server-7.17.14-x86_64.rpm(服务器 192.168.5.182)
- Java agent
3.安装Centos7.9
3.1.1 加载centos镜像,选择[Install CentOS 7]
3.1.2 系统语言 默认为英文,点击[Continue]
3.1.3 [SOFTWARE SELECTION] 进行修改
3.1.4.选择带GUI图像的基本环境 和 系统管理员工具
3.1.5. 修改磁盘布局
3.1.6. 选择 自行配置分区
3.1.7. 选择自动创建分区
3.1.8. 调整Home及根路径的大小
这里修改为 /home 10 GB ,根路径 81 GB
3.1.9. 应用磁盘更改
3.1.10. 修改网络及主机名称
3.1.11. 设置服务器1的静态IP及服务器名称
3.1.12. 设置服务器2的静态IP及服务器名称
3.1.13. 点击开始安装 操作系统
3.1.14. 修改root账号密码及创建管理员账号
3.1.15. 点击重启
3.1.16. 接受许可 完成安装
4.安装elasticsearch
4.1 关闭防火墙及设置北京时区
cp -f /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
systemctl stop firewalld
systemctl disable firewalld
4.2.将已经下载好的elasticsearch-7.17.14-x86_64.rpm拷贝到服务器
这里 将已经下载好的文件通过FTP工具上传到服务器的 /root目录下 或者搭建内网文件服务器进行下载都可以
4.3.使用rpm命令安装elasticsearch-7.17.14,并且设置开机自启动
sudo rpm --install elasticsearch-7.17.14-x86_64.rpm
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
4.4.编辑/etc/elasticsearch/elasticsearch.yml文件
vim /etc/elasticsearch/elasticsearch.yml
4.4.基本配置内容
| 关键字 | 值 | 备注 |
|---|---|---|
| cluster.name | elk01 | 集群名称 |
| path.data | /var/lib/elasticsearch | elasticsearch数据存储目录 |
| path.logs | /var/log/elasticsearch | elasticsearch log存储目录 |
| network.host | 0.0.0.0 | 允许任意网段的任意IP地址进行访问 |
| http.port | 9200 | 默认端口号 |
| discovery.type | single-node | 集群单节点模式 |
| xpack.security.enabled | true | 开启elasticsearch 加密模式,该项目必须开启 |
| xpack.security.authc.api_key.enabled | true | 开启elasticsearch api 加密模式,如果使用fleet ,该项目必须开启 |
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: elk01
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
# ---------------------------------- Security ----------------------------------
#
# *** WARNING ***
#
# Elasticsearch security features are not enabled by default.
# These features are free, but require configuration changes to enable them.
# This means that users don’t have to provide credentials and can get full access
# to the cluster. Network connections are also not encrypted.
#
# To protect your data, we strongly encourage you to enable the Elasticsearch security features.
# Refer to the following documentation for instructions.
#
# https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html
discovery.type: single-node
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
4.5.启动elasticsearch服务器,并且查看状态
sudo systemctl start elasticsearch.service
sudo systemctl status elasticsearch.service
4.6.设置各模块的默认密码, 统一将密码设置成123456
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive -b
4.7.打开http://192.168.5.181:9200 网页,确认elasticsearch状态
输入用户名密码
用户名:elastic
密码:123456
登录成功,返回elasticsearch状态
5.安装kibana
5.1.将已经下载好的kibana-7.17.14-x86_64.rpm拷贝到服务器
这里 将已经下载好的文件通过FTP工具上传到服务器的 /root目录下 或者搭建内网文件服务器进行下载都可以
5.2.使用rpm命令安装kibana-7.17.14,并且设置开机自启动
sudo rpm --install kibana-7.17.14-x86_64.rpm
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
5.3.编辑/etc/kibana/kibana.yml文件,修改基本配置
vim /etc/kibana/kibana.yml
5.4.基本配置内容
| 关键字 | 值 | 备注 |
|---|---|---|
| server.port | 5601 | kibana的默认端口号 |
| server.host | “0.0.0.0” | 允许任意网段的任意IP访问kibana |
| server.name | Elastic-Kibana | kibana名称 |
| elasticsearch.hosts | [“http://192.168.5.181:9200”] | elasticsearch服务器地址,如果是集群 ,需要填写多个地址 |
| kibana.index | .kibana | kibana 索引 |
| elasticsearch.username | kibana_system | kibana管理员 |
| elasticsearch.password | 123456 | kibana管理员用户的密码 |
| i18n.locale | “zh-CN” | 修改页面显示为中文 |
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true 本文标签: 版本ElasticsearchkibanaElasticStack
版权声明:本文标题:Elastic Stack(Elasticsearch + kibana + Logstash + FileBeat + APM) 7.17.14 版本的本地搭建 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dongtai/1725866130a1045728.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论