elk单机安装部署

es 下载地址：wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.1.0-linux-x86_64.tar.gz

kibana下载地址：wget https://artifacts.elastic.co/downloads/kibana/kibana-7.1.0-linux-x86_64.tar.gz

logstash下载地址： wget https://artifacts.elastic.co/downloads/logstash/logstash-7.1.0.tar.gz

解压

tar xf elasticsearch-7.1.0-linux-x86_64.tar.gz -C /data/

　　配置

[root@es ~]# vim  /etc/security/limits.conf

* soft nofile 65536
* hard nofile 65536
 [root@es ~]# vim  /etc/sysctl.conf
vm.max_map_count=655360

[root@es ~]# vim /etc/security/limits.d/20-nproc.conf 


*          soft    nproc     4096
root       soft    nproc     unlimited

　　添加环境变量

[root@es ~]# vim  /etc/profile.d/es.sh 

PATH=/data/elasticsearch-7.1.0/bin/:$PATH

　　创建普通用户授权并启动

useradd es
chown es:es /data -R
sysctl -p
su es
elasticsearch -d  后台启动

    查看es已安装的插件

[es@zk ~]$ elasticsearch-plugin list

　es安装插件操作；国际分词插件

[es@zk ~]$ elasticsearch-plugin install analysis-icu
-> Downloading analysis-icu from elastic
[=================================================] 100%   
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/data/elasticsearch-7.1.0/lib/tools/plugin-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
-> Installed analysis-icu
[es@zk ~]$ elasticsearch-plugin list
analysis-icu

　　

　kibana的解压

 tar xf kibana-7.1.0-linux-x86_64.tar.gz -C /usr/local/ 解压
 cd /usr/local/kibana-7.1.0-linux-x86_64/config/
[root@es config]# vim kibana.yml

# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "192.168.183.8"# 修改监听的地址默认locathost
[root@es config]# vim /etc/profile.d/kibana.sh 
export PATH=/usr/local/kibana-7.1.0-linux-x86_64/bin/:$PATH  #添加环境变量

[root@es config]# exec bash #使其在当前shll生效

[root@es config]# kibana   # 前台启动

　　测试数据下载地址：https://grouplens.org/datasets/movielens/

       logstash 的安装与导入数据

tar xf logstash-7.1.0.tar.gz -C /usr/local/
cp movies.csv /usr/local/logstash-7.1.0/bin/
 cp logstash.conf /usr/local/logstash-7.1.0/config/
# cat logstash.conf
input {
  file {
    path => "/Users/yiruan/dev/elk7/logstash-7.0.1/bin/movies.csv"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}
filter {
  csv {
    separator => ","
    columns => ["id","content","genre"]
  }

  mutate {
    split => { "genre" => "|" }
    remove_field => ["path", "host","@timestamp","message"]
  }

  mutate {

    split => ["content", "("]
    add_field => { "title" => "%{[content][0]}"}
    add_field => { "year" => "%{[content][1]}"}
  }

#  mutate {

#    gsub => [
#      
#      "year", "\\)", ""
#    ]
#  }


  mutate {
    convert => {
      "year" => "integer"
    }
    strip => ["title"]
    remove_field => ["path", "host","@timestamp","message","content"]
  }



}
output {
   elasticsearch {
     hosts => "http://localhost:9200"
     index => "movies"
     document_id => "%{id}"
   }
  stdout {}
}
[root@es ~]# vim /etc/profile.d/logstash.sh
export PATH=/usr/local/logstash-7.1.0/bin:$PATH  添加环境变量
[root@es ~]# exec bash
[root@es config]# ../bin/logstash -f logstash.conf 启动

　浏览器查看节点   IP：9200/_cat/nodes