前提
完成Centos7搭建ELK 7.4服务器(一)JDK与ELK的安装
elasticsearch配置
配置elasticsearch
配置文件的位置(yum安装位于/etc/elasticsearch/elasticsearch.yml)
配置文件节点解释看下方链接
elasticsearch.yml具体配置详解
命令
启动:systemctl start elasticsearch
停止:systemctl stop elasticsearch
重启:systemctl restart elasticsearch
启动后测试一下elasticsearch
[root@localhost ~]# curl -X GET localhost:9200
{
"name" : "localhost.localdomain",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "Vyq89lVzRcCvWlBq-IMs7A",
"version" : {
"number" : "7.4.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "22e1767283e61a198cb4db791ea66e3f11ab9910",
"build_date" : "2019-09-27T08:36:48.569419Z",
"build_snapshot" : false,
"lucene_version" : "8.2.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
通过IP访问ES的配置
elasticsearch启动完成我们修改配置文件让我们可以通过IP进行访问
打开/etc/elasticsearch/elasticsearch.yml修改以下内容
---------------------------------- Cluster -----------------------------------
cluster.initial_master_nodes: ["node-1"]
------------------------------------ Node ------------------------------------
node.name: node-1
node.data: true
---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200
设置完后就可以通过web页面访问得到数据
elasticsearch7开启x-pack验证
在Elasticsearch7.x,x-pack已经作为默认的插件集成在elasticsearch里面了,所以无需在bin/elasticsearch-plugin install x-pack了,直接在配置文件中启用就可以了。
[root@localhost ~]# cd /usr/share/elasticsearch/bin/
[root@localhost bin]# ./elasticsearch-plugin install x-pack
ERROR: this distribution of Elasticsearch contains X-Pack by default
开启x-pack
参考官方文档,开启x-pack只需要在elasticsearch的配置文件elasticsearch.yml文件中新增如下配置即可:
# 开启x-pack安全验证
xpack.security.enabled: true
xpack.license.self_generated.type: basic
# 如果是basic license的话需要加入下面这一行,不然的话restart elasticsearch之后会报错。
xpack.security.transport.ssl.enabled: true
设置密码
[root@localhost ~]# cd /usr/share/elasticsearch/bin/
[root@localhost bin]# ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
密码设置完成后需要在相对应的服务中增加elasticsearch的账号密码,例如kibana、logstash。
kibana配置
配置kibana
配置文件的位置(yum安装位于/etc/kibana/)
kibana.yml 用于配置连接到elasticsearch
在配置文件中启用以下有效配置
server.port: 5601 //kibana的端口
server.host: "0.0.0.0" //任意IP访问
elasticsearch.hosts: ["http://127.0.0.1:9200"] //elasticsearch的地址
kibana.index: ".kibana" //主页
elasticsearch.username: "elastic" //默认用户名
elasticsearch.password: "passwd" //刚才上面设置的密码
i18n.locale: "zh-CN" //中文,英文是en
命令
systemctl start kibana //启动
systemctl stop kibana //停止
systemctl restart kibana //重启
logstash配置
注意
logstash比较特殊使用的是JDK8
。并且yum安装时候,可能是因为代码问题没办法使用到系统的JDK环境。我们需要手动去修改一下logstash的启动代码。
如果不知道自己的logstash在哪里可以使用whereis logstash
进行查找,yum默认安装在/usr/share/logstash
我们需要手动修改/usr/share/logstash/bin/logstash.lib.sh
大约在50行
加入以下内容
export JAVA_HOME=/usr/java/jdk1.8.0_221
export JAVA_PATH=${JAVA_HOME}/bin:${JRE_HOME}/bin
配置logstash
配置文件的位置(yum安装位于/etc/logstash/)
[root@localhost ~]# ll /etc/logstash/
total 32
drwxrwxr-x. 2 root root 27 Oct 18 09:03 conf.d //这个文件夹是放logstash模板的
-rw-r--r--. 1 root root 2019 Sep 27 06:25 jvm.options
-rw-r--r--. 1 root root 5043 Sep 27 06:25 log4j2.properties
-rw-r--r--. 1 root root 8206 Oct 17 22:15 logstash.yml //这个文件是logstash的配置文件
-rw-r--r--. 1 root root 285 Sep 27 06:25 pipelines.yml
-rw-------. 1 root root 1696 Sep 27 06:25 startup.options
编辑logstash的配置文件logstash.yml,找到X-Pack进行修改一些参数
xpack.monitoring.elasticsearch.username: "elastic" //默认用户名
xpack.monitoring.elasticsearch.password: "passwd" //刚才上面设置的密码
xpack.monitoring.elasticsearch.hosts: ["http://127.0.0.1:9200"] //elasticsearch的IP地址,我这里是极端条件都在一台机器上
命令
systemctl start logstash //启动
systemctl stop logstash //停止
systemctl restart logstash //重启
https://blog.zerokong.com/%E5%AD%A6%E4%B9%A0/9.html