目录
一、配置准备
关闭防火墙与安全上下文
[root@elknfs ~]# systemctl disable --now firewalld
[root@elknfs ~]# setenforce 0安装elasticsearch、kibana、logstash、filebeat
[root@elknfs ~]# rpm -ivh kibana-7.1.1-x86_64.rpm
[root@elknfs ~]# rpm -ivh elasticsearch-7.1.1-x86_64.rpm
[root@elknfs ~]# rpm -ivh logstash-7.1.1.rpm
[root@elknfs ~]# rpm -ivh filebeat-7.1.1-x86_64.rpm 下载java,需要java环境
二、单机模式 ELK部署
修改域名解析
主机ip:192.168.158.176
elasticsearch配置
[root@elk ~]# vim /etc/elasticsearch/elasticsearch.yml
启动elasticsearch服务
[root@elk ~]# systemctl start elasticsearch.service 
查看是否启用
查看监听端口
logstash服务
创建配置文件
[root@elk ~]# cd /etc/logstash/conf.d/
[root@elk conf.d]# ls
[root@elk conf.d]# vim pipline.conf
[root@elk conf.d]# ln -s /usr/share/logstash/bin/logstash /usr/local/bin/input {
file {
path => "/var/log/messages"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["http://192.168.158.176:9200"]
index => "system-log-%{+YYYY.MM.dd}"
}
###日志进行标准输出,观察日志获取的过程###
stdout {
codec => rubydebug
}
}
kibana
[root@elk ~]# cd /etc/logstash/conf.d/
[root@elk conf.d]# ls
[root@elk conf.d]# vim pipline.conf
启动服务kebana
[root@elk ~]# systemctl start kibana.service
[root@elk ~]# netstat -anput | grep node
验证
[root@elk conf.d]# logstash -e 'input{ stdin{} }output { stdout{} }'
[root@elk elasticsearch]# logstash -e 'input { stdin{} } output { stdout{ codec=>rubydebug }}'
网页访问
生成图表
[root@elk elasticsearch]# logstash -f /etc/logstash/conf.d/pipline.conf
回到网页
