一、 安装Java. 1
二、 安装elasticsearch. 2
三、 配置elasticsearch. 2
四、 安装logstash. 3
五、 配置 logstash. 3
六、 安装kibana. 4
七、 配置kibana. 5
八、 安装x-pack插件... 5
九、 x-pack管理用户... 6
1、 添加用户... 6
2、 查看用户... 6
3、 测试用户登录... 6
4、 删除用户... 6
十、 安装filebeat. 7
一、 安装JAVA # mkdir /usr/local/java/ –p # cd /usr/local/java/# tar zxvf /data/elk5.0/jdk-8u111-linux-x64.tar.gz # cat >>/etc/profile<<EOF export JAVA_HOME=/usr/local/java/jdk1.8.0_111 export PATH=$PATH:$JAVA_HOME/bin export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar EOF # source /etc/profile # java -version java version "1.8.0_111"Java(TM) SE Runtime Environment (build 1.8.0_111-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode) 二、 安装elasticsearch # mkdir /data/PRG/ -p # cd /data/PRG/# tar zxvf /data/elk5.0/elasticsearch-5.0.2.tar.gz # mv elasticsearch-5.0.2 elasticsearch # useradd elasticsearch -s /sbin/nologin # chown elasticsearch. elasticsearch /data/PRG/elasticsearch/添加启动脚本
vi /etc/init.d/elasticsearch
#!/bin/sh# # elasticsearch <summary># # chkconfig: 2345 80 20# description: Starts and stops a single elasticsearch instance on this system # ### BEGIN INIT INFO # Provides: Elasticsearch # Required-Start: $network $named # Required-Stop: $network $named # Default-Start: 2 3 4 5# Default-Stop: 0 1 6# Short-Description: This service manages the elasticsearch daemon # Description: Elasticsearch is a very scalable, schema-free and high-performance search solution supporting multi-tenancy and near realtime search. ### END INIT INFO # # init.d / servicectl compatibility (openSUSE) #if [ -f /etc/rc.status ]; then. /etc/rc.status rc_resetfi# # Source function library. #if [ -f /etc/rc.d/init.d/functions ]; then. /etc/rc.d/init.d/functionsfi# Sets the default values for elasticsearch variables used in this script ES_USER="elasticsearch"ES_GROUP="elasticsearch"ES_HOME="/data/PRG/elasticsearch"MAX_OPEN_FILES=65536MAX_MAP_COUNT=262144LOG_DIR="/var/log/elasticsearch"DATA_DIR="/var/lib/elasticsearch"CONF_DIR="/data/PRG/elasticsearch/config"PID_DIR="/var/run/elasticsearch"# Source the default env fileES_ENV_FILE="/etc/sysconfig/elasticsearch"if [ -f "$ES_ENV_FILE" ]; then. "$ES_ENV_FILE"fi# CONF_FILE setting was removedif [ ! -z "$CONF_FILE" ]; thenecho "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed."exit 1fiexec="$ES_HOME/bin/elasticsearch"prog="elasticsearch"pidfile="$PID_DIR/${prog}.pid"export ES_HEAP_SIZE export ES_HEAP_NEWSIZE export ES_DIRECT_SIZE export ES_JAVA_OPTS export ES_GC_LOG_FILE export ES_STARTUP_SLEEP_TIME export JAVA_HOME export ES_INCLUDElockfile=/var/lock/subsys/$prog # backwards compatibility for old config sysconfig files, pre 0.90.1if [ -n $USER ] && [ -z $ES_USER ] ; then ES_USER=$USERficheckJava() {if [ -x "$JAVA_HOME/bin/java" ]; thenJAVA="$JAVA_HOME/bin/java"elseJAVA=`which java`fiif [ ! -x "$JAVA" ]; thenecho "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME"exit 1fi} start() { checkJava [ -x $exec ] || exit 5if [ -n "$MAX_LOCKED_MEMORY" -a -z "$ES_HEAP_SIZE" ]; thenecho "MAX_LOCKED_MEMORY is set - ES_HEAP_SIZE must also be set"return 7fiif [ -n "$MAX_OPEN_FILES" ]; thenulimit -n $MAX_OPEN_FILESfiif [ -n "$MAX_LOCKED_MEMORY" ]; thenulimit -l $MAX_LOCKED_MEMORYfiif [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; thensysctl -q -w vm.max_map_count=$MAX_MAP_COUNTfiexport ES_GC_LOG_FILE # Ensure that the PID_DIR exists (it is cleaned at OS startup time)if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; thenmkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"fiif [ -n "$pidfile" ] && [ ! -e "$pidfile" ]; thentouch "$pidfile" && chown "$ES_USER":"$ES_GROUP" "$pidfile"ficd $ES_HOMEecho -n $"Starting $prog: "# if not running, start it up here, usually something like "daemon $exec"daemon --user $ES_USER --pidfile $pidfile $exec -p $pidfile -d #daemon --user $ES_USER --pidfile $pidfile $exec -p $pidfile -d -Des.default.path.home=$ES_HOME -Des.default.path.logs=$LOG_DIR -Des.default.path.data=$DATA_DIR -Des.default.path.conf=$CONF_DIR retval=$?echo[ $retval -eq 0 ] && touch $lockfilereturn $retval } stop() {echo -n $"Stopping $prog: "# stop it here, often "killproc $prog"killproc -p $pidfile -d 86400 $prog retval=$?echo[ $retval -eq 0 ] && rm -f $lockfilereturn $retval } restart() { stop start } reload() { restart } force_reload() { restart } rh_status() { # run checks to determine if the service is running or use generic status status -p $pidfile $prog } rh_status_q() { rh_status >/dev/null 2>&1}case "$1" instart) rh_status_q && exit 0$1;; stop) rh_status_q || exit 0$1;; restart) $1;; reload) rh_status_q || exit 7$1;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0restart ;;*)echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"exit 2esacexit $? # chmod +x /etc/init.d/elasticsearch # /etc/init.d/elasticsearch start # /etc/init.d/elasticsearch status elasticsearch (pid 20895) is running... # netstat -ntlp |grep 9[2-3]00tcp 0 0 :::9300 :::* LISTEN 20895/java tcp 0 0 :::9200 :::* LISTEN 20895/java 三、 配置elasticsearch内存低于2G,需要修改jvm配置
-Xms512m