ELK功能
    1. Kibana用来展现数据
    2. Elasticsearch用来存储数据
    3. Logstash用来收集数据

    Elasticsearch
    4. 使用Java开发,安装方便
    5. Elasticsearch提供Http接口
    6. Elasticsearch提供集群模式

    Kibana网页访问问题
    7. Kibana网页在Elasticsearch还没安装前无法访问
    8. 安装完Elasticsearch就好了

    Elasticsearch的安装
    9. 下载二进制包
    10. 解压到对应目录完成安装/usr/local/
    11. 目录属主更新为elk,Elasticsearch无法用root启动




    ES的安装
    tar xvf elasticsearch-6.6.0.tar.gz -C /usr/local/
    Elasticsearch配置/usr/local/elasticsearch-6.6.0/config/elasticsearch.yml
    vim /usr/local/elasticsearch-6.6.0/config/elasticsearch.yml
    path.data: /usr/local/elasticsearch-6.6.0/data
    path.logs: /usr/local/elasticsearch-6.6.0/logs
    network.host: 127.0.0.1
    http.port: 9200

    JVM的内存限制更改jvm.options
    vim /usr/local/elasticsearch-6.6.0/config/jvm.options
    -Xms128M
    -Xmx128M

    Elasticsearch的启动,需要用普通用户启动
    12. useradd -s /sbin/nologin elk
    13. chown -Rf elk:elk /usr/local/elasticsearch-6.6.0/
    14. su - elk -s /bin/bash
    15. /usr/local/elasticsearch-6.6.0/bin/elasticsearch -d

    验证启动是否成功
    16. 观察日志,/usr/local/elasticsearch-6.6.0/logs/目录下的日志
    [root@server11 ~]# netstat -pantul | grep java
    tcp6 0 0 127.0.0.1:9200 ::: LISTEN 5546/java
    tcp6 0 0 127.0.0.1:9300 :::     LISTEN 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47448 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47436 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47442 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47424 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47430 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47432 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47434 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47438 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47450 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47426 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47422 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47444 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47440 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47446 ESTABLISHED 5546/java
    tcp6 0 0 127.0.0.1:9200 127.0.0.1:47428 ESTABLISHED 5546/java
    [root@server11 ~]# tail -f /usr/local/elasticsearch-6.6.0/logs/elasticsearch.log
    [2022-03-12T05:53:11,971][INFO ][o.e.c.m.MetaDataIndexTemplateService] [YfBMmRh] adding template [.monitoring-es] for index patterns [.monitoring-es-6-]
    [2022-03-12T05:53:12,030][INFO ][o.e.c.m.MetaDataIndexTemplateService] [YfBMmRh] adding template [.monitoring-beats] for index patterns [.monitoring-beats-6-    ]
    [2022-03-12T05:53:12,091][INFO ][o.e.c.m.MetaDataIndexTemplateService] [YfBMmRh] adding template [.monitoring-alerts] for index patterns [.monitoring-alerts-6]
    [2022-03-12T05:53:12,142][INFO ][o.e.c.m.MetaDataIndexTemplateService] [YfBMmRh] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-6-*]
    [2022-03-12T05:53:12,313][INFO ][o.e.l.LicenseService ] [YfBMmRh] license [7ec225f6-726a-4567-a2d1-3f987eee1524] mode [basic] - valid
    [2022-03-12T05:53:13,216][INFO ][o.e.c.m.MetaDataCreateIndexService] [YfBMmRh] [.kibana_1] creating index, cause [api], templates [], shards [1]/[1], mappings [doc]
    [2022-03-12T05:53:13,224][INFO ][o.e.c.r.a.AllocationService] [YfBMmRh] updating number_of_replicas to [0] for indices [.kibana_1]
    [2022-03-12T05:53:14,117][INFO ][o.e.c.r.a.AllocationService] [YfBMmRh] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_1][0]] …]).
    [2022-03-12T05:53:14,317][INFO ][o.e.c.m.MetaDataIndexTemplateService] [YfBMmRh] adding template [kibana_index_template:.kibana] for index patterns [.kibana]
    [2022-03-12T05:53:14,385][INFO ][o.e.c.m.MetaDataIndexTemplateService] [YfBMmRh] adding template [kibana_index_template:.kibana] for index patterns [.kibana]

    17. 观察Kibana网页

    1.png

    2.png