|
官网下载源码包
tar zxvf *.tar.gz
chown -R elk. *
1、修改elasticsearch.yml
cluster.name: elk-application
node.name: vm
path.data: /data/elasticsearch/data
path.logs: /es/elasticsearch-7.13.4/logs
network.host: 192.168.118.128
http.port: 9200
discovery.zen.ping.unicast.hosts: ["vm"]
discovery.zen.minimum_master_nodes: 1
cluster.initial_master_nodes: vm
修改sysctl.conf文件
1
2
3
4
vim /etc/sysctl.conf
vm.max_map_count= 262144
sysctl -p
修改/etc/security/limits.conf文件,修改打开文件句柄
* soft nofile 100000
* hard nofile 100000
* soft nproc 100000
* hard nproc 100000
./elasticsearch &
验证:http://es-ip:9200
2、修改filebeat.yml
filebeat.inputs:
- input_type: log
paths:
- /var/log/test.log
output.logstash:
hosts: ["192.168.118.128:5044"]
把配置文件中的默认参数注释
./filebeat &
验证:ps -ef | grep filebeat
3、修改config/test.conf
input {
beats {
port=>"5044"
}
}
output {
elasticsearch {
hosts=>"192.168.118.128:9200"
}
stdout { codec=> rubydebug }
}
指定配置文件启动logstash:
./logstash -f …/config/test.conf &
验证:netstat -antp 查看5044 9600端口
4、修改 kibana.yml
server.port: 5601
server.host: "192.168.118.128"
elasticsearch.hosts: ["http://192.168.118.128:9200/"]
./kibana &
验证:http://es-ip:5601
|