规划

image.png

/etc/hosts
20.0.0.210 logstash kibana
20.0.0.211 es1
20.0.0.212 es2
20.0.0.213 es3

es集群

安装

tar xf elasticsearch-7.12.1-linux-x86_64.tar.gz -C /apps/
cd /apps/
ln -s elasticsearch-7.12.1 es

自带 jdk16
image.png

useradd es
chown -R es.es /apps/es/

远程访问参数

cat > /etc/security/limits.d/es.conf <es soft nofile 65536
es hard nofile 131072
es soft nproc 4096
es hard nproc 4096
end

cat >> /etc/sysctl.conf << end
# es
vm.max_map_count=655360
end

sysctl -p

配置文件

/apps/es/config/elasticsearch.yml

es1
cluster.name: elk
node.name: es1
network.host: 0.0.0.0
discovery.seed_hosts: [“es1”, “es2”,”es3”]
cluster.initial_master_nodes: [“es1”, “es2”,”es3”]
es2
cluster.name: elk
node.name: es2
network.host: 0.0.0.0
discovery.seed_hosts: [“es1”, “es2”,”es3”]
cluster.initial_master_nodes: [“es1”, “es2”,”es3”]
es3
cluster.name: elk
node.name: es3
network.host: 0.0.0.0
discovery.seed_hosts: [“es1”, “es2”,”es3”]
cluster.initial_master_nodes: [“es1”, “es2”,”es3”]

启动

su es -c ‘/apps/es/bin/elasticsearch -d’

集群状态

curl es3:9200/_cat/health?v (任一 es 主机)
image.png
image.png

curl es3:9200/_cat/nodes?v (任一 es 主机)
image.png
image.png

kibana

安装

tar xf kibana-7.12.1-linux-x86_64.tar.gz -C /apps/
cd /apps/
ln -s kibana-7.12.1-linux-x86_64 kibana

配置文件

/apps/kibana/config/kibana.yml
server.host: “0.0.0.0”
elasticsearch.hosts: [“http://es1:9200","http://es2:9200","http://es3:9200“]
i18n.locale: “zh-CN”

以root启动

/apps/kibana/bin/kibana —allow-root

logstash

安装

tar xf logstash-7.12.1-linux-x86_64.tar.gz -C /apps/
cd /apps/
ln -s logstash-7.12.1 logstash

自带 jdk11
image.png

filebeat

安装

tar xf filebeat-7.12.1-linux-x86_64.tar.gz -C /apps/
cd /apps/
ln -s filebeat-7.12.1-linux-x86_64 filebeat

  1. cat >> /usr/lib/systemd/system/filebeat.service << end
  2. [Unit]
  3. Description=filebeat server daemon
  4. Wants=network-online.target
  5. After=network-online.target
  7. [Service]
  8. User=root
  9. Group=root
  10. Environment="BEAT_CONFIG_OPTS=-c /apps/filebeat/filebeat.yml"
  11. ExecStart=/apps/filebeat/filebeat \$BEAT_CONFIG_OPTS
  12. Restart=always
  14. [Install]
  15. WantedBy=multi-user.target
  16. end
  1. /etc/supervisord.d/filebeat.ini
  3. [program:filebeat]
  4. command=/apps/filebeat/filebeat -c /apps/filebeat/filebeat.yml
  5. numprocs=1                                     
  6. directory=/apps/filebeat/                        
  7. autostart=true                                 
  8. autorestart=true                               
  9. startsecs=30                                   
  10. startretries=3                                 
  11. exitcodes=0,2                                  
  12. stopsignal=QUIT                                
  13. stopwaitsecs=10                                
  14. user=root                                      
  15. redirect_stderr=true                           
  16. stdout_logfile=/apps/filebeat/supervisor.log   
  17. stdout_logfile_maxbytes=64MB                   
  18. stdout_logfile_backups=4                       
  19. stdout_capture_maxbytes=1MB                    
  20. stdout_events_enabled=false                    
  21. stopasgroup=true
  22. killasgroup=true