1.安装java

    1. yum install java -y

    2.下载、安装ES和kibana
    https://www.elastic.co/cn/downloads/past-releases#elasticsearch
    wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.3-x86_64.rpm
    rpm -ivh elasticsearch-7.17.3-x86_64.rpm kibana-7.17.3-x86_64.rpm

    3.修改jvm内存

    1. [root@localhost elasticsearch]# vim /etc/elasticsearch/jvm.options
    2. ## -Xms4g
    3. ## -Xmx4g

    4.启动

    5.安装filebeat—用于采集Linux日志,所有Linux服务器的系统需要安装;

    1. wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.17.3-x86_64.rpm
    2. [root@localhost ~]# rpm -ivh filebeat-7.17.3-x86_64.rpm

    6.安装syslog,整合Linux服务器的日志

    1. [root@localhost filebeat]# yum install rsyslog -y 
    2. [root@localhost filebeat]# vim /etc/rsyslog.conf
    3. *.* /var/log/server.log
    5. [root@localhost filebeat]# systemctl start rsyslog 
    6. [root@localhost filebeat]# systemctl enable  rsyslog

    7.配置filebeat

    1. [root@localhost filebeat]# cat filebeat.yml
    2. filebeaet.inputs:
    3.   - type: log
    4.     enabled: true
    5.     paths: 
    6.       - /var/log/server.log
    8. output.elasticsearch:
    9.    hosts: ["10.10.100.221:9200"]