efk安装
efk 安装
elasticsearch 安装
三台elasticsearch 
10.16.1.243
10.16.1.244
10.16.1.245
cat  /etc/security/limits.conf | grep -v '#' | grep -v "^$"
* hard nofile 102400
* soft nofile 102400
mkdir -p /opt/software && cd /opt/software
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.3.2-linux-x86_64.tar.gz
tar -zxvf elasticsearch-7.3.2-linux-x86_64.tar.gz
mv elasticsearch-7.3.2 /opt/elasticsearch
useradd elasticsearch -d /opt/elasticsearch -s /sbin/nologin
 mkdir -p /opt/logs/elasticsearch
chown elasticsearch.elasticsearch /opt -R
echo "vm.max_map_count = 655350" >> /etc/sysctl.conf
sysctl -p
cd /opt/elasticsearch
bin/elasticsearch-certutil ca --pem
unzip elastic-stack-ca.zip -d config/
bin/elasticsearch-certutil cert --pem \
  --ca-cert config/ca/ca.crt \
  --ca-key config/ca/ca.key
unzip certs.zip -d config/
cat /opt/elasticsearch/config/elasticsearch.yml  | grep -v '#' | grep -v '^$'
cluster.name: my-application
node.name: 10.16.1.243
path.logs: /opt/logs/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["10.16.1.243", "10.16.1.244","10.16.1.245"]
gateway.recover_after_nodes: 2
cluster.initial_master_nodes: ["10.16.1.243", "10.16.1.244","10.16.1.245"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: config/certs/instance.key
xpack.security.transport.ssl.certificate: config/certs/instance.crt
xpack.security.transport.ssl.certificate_authorities: [ "config/ca/ca.crt" ]
sudo -u elasticsearch /opt/elasticsearch/bin/elasticsearch -d &
kibana 安装
kibana 节点为 10.16.1.241
mkdir -p /opt/software && cd /opt/software
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.3.2-linux-x86_64.tar.gz
tar -zxvf kibana-7.3.2-linux-x86_64.tar.gz
 mv kibana-7.3.2-linux-x86_64 /opt/kibana
useradd kibana -d /opt/kibana -s /sbin/nologin
chown kibana.kibana /opt/kibana -R
cat  /opt/kibana/config/kibana.yml | grep -v '#' | grep -v '^$'
server.port: 5601
server.host: "0.0.0.0"
server.name: "10.16.1.241"
elasticsearch.hosts: ["http://10.16.1.245:9200",
                      "http://10.16.1.244:9200",
                      "http://10.16.1.243:9200"]
kibana.index: ".kibana"
elasticsearch.requestTimeout: 10000000
i18n.locale: "zh-CN"
elasticsearch.hosts: ["http://localhost:9200"]
# 不要用 elastic 账户!
elasticsearch.username: "kibana_system"
elasticsearch.password: "你设置的密码"
/opt/kibana/bin/kibana -c /opt/kibana/config/kibana.yml --allow-root &
安装 filebeat
mkdir -p /opt/software && cd /opt/software
cd  /opt/software
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.2-linux-x86_64.tar.gz
 mkdir -p /opt/logs/filebeat/
tar -zxvf filebeat-7.3.2-linux-x86_64.tar.gz
mv filebeat-7.3.2-linux-x86_64 /opt/filebeat
[root@dev-app1 filebeat]# cat filebeat.yml | grep -v '#' | grep -v '^$'
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /opt/logs/siheng_supplier-portal-service/*.log
  tags: ["siheng_supplier-portal-service"]
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
  host: "10.16.1.242:5601"
output.elasticsearch:
  hosts: ["10.16.1.245:9200",
          "10.16.1.244:9200",
          "10.16.1.243:9200"]
indices:
- index: "siheng_supplier-portal-service-%{[agent.version]}-%{+yyyy.MM}"
  when.contains:
   tags: "catalina"
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
/opt/filebeat/filebeat -e -c /opt/filebeat/filebeat.yml -d "publish" &
 
                     
                    
                 
                    
                
 
                
            
         
         浙公网安备 33010602011771号
浙公网安备 33010602011771号