In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Environment and related kernel, install java package.
[root@gz3_elk_001 /] # cat / etc/redhat-release CentOS Linux release 7.7.1908 (Core) [root@gz3_elk_001 /] # yum-y install Java [root @ gz3_elk_001 /] # echo "vm.max_map_count=262144" > > / etc/sysctl.conf [root@gz3_elk_001 /] # sysctl-p
There is no source code installation here, it is convenient to start the service without writing.
If you install it with source code, you can change the service to the corresponding directory with the user.
download
[root@gz3_elk_001 /] # cd / usr/local/ src [root @ gz3_elk_001 /] # wget https://artifacts.elastic.co/downloads/kibana/kibana-7.4.2-x86_64.rpm[root@gz3_elk_001 /] # wget https://artifacts.elastic.co/downloads/logstash/logstash-7.4.2.rpm[root@gz3_elk_001 /] # wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.4.2-x86_64.rpm
Install and set up the boot service
[root@gz3_elk_001 /] # cd / usr/local/ src [root @ gz3_elk_001 /] # rpm-ivh elasticsearch-7.4.2-x86_64.rpm [root@gz3_elk_001 /] # yum-y install logstash- 7.4.2.rpm [root @ gz3_elk_001 /] # rpm-ivh kibana-7.4.2-x86_64.rpm [root@gz3_elk_001 /] # systemctl enable elasticsearch.service kibana.service logstash.service
First, configure elasticsearch
Generate key
[root@gz3_elk_001 /] # cd / usr/share/elasticsearch/bin/ [root @ gz3_elk_001 /] #. / elasticsearch-certutil cert-out / etc/elasticsearch/elastic-certificates.p12-pass ""
There is a pit here, so you have to modify the file permissions.
[root@gz3_elk_001 /] # chown elasticsearch:elasticsearch / etc/elasticsearch/elastic-certificates.p12
Modify configuration
[root@gz3_elk_001 /] # cp elasticsearch.yml ElasticSearch.ymlback [root @ gz3_elk_001 /] # cd / etc/ ElasticSearcher [root @ gz3_elk_001 /] # cat elasticsearch.yml | grep-v "#" cluster.name: elknode.name: truenode.data: truepath.data: / data/elasticsearchpath.logs: / var/log/elasticsearchnetwork.host: 192.168.3.44http.port: 9200discovery.seed_hosts: ["192.168.3.44 "] cluster.initial_master_nodes: [" 192.168.3.44 "]
There is another pit here, and the permissions have to be modified.
[root@gz3_elk_001 /] # chown elasticsearch:elasticsearch / data/elasticsearch
Test start
[root@gz3_elk_001 /] # systemctl restart ElasticSearch.service [root @ gz3_elk_001 /] # systemctl status elasticsearch.service
If there is a startup error, check the log under / var/log/elasticsearch/.
Because the system emphasizes security, it is necessary to configure xpack, modify elasticsearch.yml configuration, and enable xpack.
[root@gz3_elk_001 /] # cat / etc/elasticsearch/elasticsearch.yml | grep-v "#" cluster.name: elknode.name: node-1node.master: truenode.data: truepath.data: / data/elasticsearchpath.logs: / var/log/elasticsearchnetwork.host: 192.168.3.44http.port: 9200discovery.seed_hosts: ["192.168.3.44"] cluster.initial_master_nodes: ["192.168.3.44"] xpack.security.enabled: truexpack .security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: / etc/elasticsearch/elastic-certificates.p12xpack.security.transport.ssl.truststore.path: / etc/elasticsearch/elastic-certificates.p12
Restart systemctl restart elasticsearch.service and generate the default password
[root@gz3_elk_001 /] # cd / usr/share/elasticsearch/bin/ [root @ gz3_elk_001 /] #. / elasticsearch-setup-passwords autoChanged password for user apm_systemPASSWORD apm_system = hyyhuxxxChanged password for user kibanaPASSWORD kibana = HbwFY0xxxChanged password for user logstash_systemPASSWORD logstash_system = nvrxxxChanged password for user beats_systemPASSWORD beats_system = VvAhnxxxChanged password for user remote_monitoring_userPASSWORD remote_monitoring_user = yGNFRTxxxChanged password for user elasticPASSWORD elastic = czF01xx
Remember the above information and use it later.
Second, configure kibana
[root@gz3_elk_001 /] # cd / etc/kibana/ [root @ gz3_elk_001 /] # cp kibana.yml kibana.ymlback[ root @ gz3_elk_001 /] # cat kibana.yml | grep-v "#" | grep-v "^ $" server.port: 5601server.host: "192.168.3.44" elasticsearch.hosts: ["root" kibana "elasticsearch.password:" kOHyFxxxx "i18n.locale:" zh-CN "
I18n.locale: "zh-CN" means in Chinese, and the interface is friendly.
three。 Configure logstash
[root@gz3_elk_001 /] # cd / etc/logstash/ [root @ gz3_elk_001 /] # logstash.ymlback [root @ gz3_elk_001 /] # cd / etc/logstash/conf.dcat nginx_access.confinput {beats {type = > "nginx_access" port = > 5044}} filter {if [type] = = "nginx_access" {match = > {"message" = > "% {IP:remote_ip}" -% {DATA:user_name}\ [% {HTTPDATE:time}\]\ "% {WORD:method}% {DATA:url} HTTP/% {NUMBER:http_version:float}\"% {NUMBER:response_code:int}% {NUMBER:body_sent:int}\ "% {DATA:referrer}\"% {DATA:agent}\ "% {DATA:x_forwarded_for}\"} remove_field = > "message"} date {match = > ["time" "yyyy-MM-dd HH:mm:ss,SSS"] target = > "@ timestamp"}} output {if [type] = "nginx_access" {elasticsearch {hosts = > ["http://192.168.3.44:9200"] index = >" nginx-access-% {+ YYYY.MM.dd} "user = >" elastic "password = >" czF01xx "}
The account password of logstash_system was used here, but it was not successful.
You can only use the most privileged elastic account.
Verify that the configuration is correct
[root@gz3_elk_001 /] # / usr/share/logstash/bin/logstash-f / etc/logstash/conf.d/nginx_access.conf-tThread.exclusive is deprecated, use Thread::MutexWARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or / etc/logstash. You can specify the path using-- path.settings. Continuing using the defaultsCould not find log4j2 configuration at path / usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console [WARN] 2019-11-27 14 LogStash::Runner 59 multilocal-Ignoring the 'pipelines.yml' file because modules or command line options are specified [INFO] 2019-11-27 14 14 multilocal 31.841 [LogStash::Runner] Reflections-Reflections took 56 ms to scan 1 urls, producing 20 keys and 40 values Configuration OK [INFO] 2019-11-27 1459 multilocal 32.487 [LogStash::Runner] runner-Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
When Configuration OK appears, it means configuring Ok.
[root@gz3_elk_001 /] # systemctl status logstash.service ● logstash.service-logstash Loaded: loaded (/ etc/systemd/system/logstash.service; enabled; vendor preset: disabled) Active: active (running) since three 2019-11-27 16:12:15 CST; 2min 11s ago
The configuration on the main server is ready. You can log in to kibana at this time.
Log in using the elastic account password.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.