ELK日志平台三节点部署教程

原创 于 2025-06-28 01:32:24 发布 · 615 阅读 · 8 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
文章标签:

#elk

一、环境要求

准备三台机器

操作系统:rocky linux 9.5

IP

        node1:11.0.1.177(elasticsearch)

        node2:11.0.1.178(kibana)

        node3:11.0.1.179(logstash)

java版本:openjdk17

ELK版本:8.13.4

二、环境准备

1、系统初始化

# 设置主机名
hostnamectl set-hostname node1/node2/node3

# 关闭防火墙和SELinux(测试环境)
systemctl disable --now firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

# 安装常用工具
yum install -y wget vim net-tools lsof java-17-openjdk unzip

2、Elasticsearch安装步骤(node1)

(1)创建用户、目录

useradd -r -s /sbin/nologin elastic
mkdir -p /opt/elasticsearch
chown -R elastic:elastic /opt/elasticsearch

(2)安装解压

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.13.4-linux-x86_64.tar.gz
tar -xf elasticsearch-8.13.4-linux-x86_64.tar.gz -C /opt/
mv /opt/elasticsearch-8.13.4 /opt/elasticsearch

chown -R elastic:elastic /opt/elasticsearch/

(3)修改配置文件

vim /opt/elasticsearch/config/elasticsearch.yml

cluster.name: elk-cluster
node.name: node1
network.host: 11.0.1.177
http.port: 9200
transport.port: 9300
bootstrap.memory_lock: true
discovery.type: single-node
node.roles: [ master, data, ingest ]
path.data: /data/es
path.logs: /var/log/elasticsearch
xpack.security.enabled: false

(4)设置systemd启动脚本

vim /etc/systemd/system/elasticsearch.service

[Unit]
Description=Elasticsearch
After=network.target

[Service]
Type=simple
User=elastic
Group=elastic
Environment=ES_HOME=/opt/elasticsearch
Environment=ES_PATH_CONF=/opt/elasticsearch/config
ExecStart=/opt/elasticsearch/bin/elasticsearch
LimitNOFILE=65536
LimitNPROC=4096
Restart=on-failure
TimeoutStopSec=30
WorkingDirectory=/opt/elasticsearch

[Install]
WantedBy=multi-user.target

sudo mkdir -p /var/run/elasticsearch
sudo chown elastic:elastic /var/run/elasticsearch

(5)修改jvm.options配置文件

电脑运存有限,用最简单的配置部署测试

vim /opt/elasticsearch/config/jvm.options

-Xms512m
-Xmx512m
-XX:+UseG1GC
-XX:MaxDirectMemorySize=256m

(6)优化系统配置

# 增加系统限制
sudo bash -c 'cat >> /etc/sysctl.conf << EOF
vm.max_map_count=262144
vm.swappiness=1
EOF'
sudo sysctl -p

# 增加用户限制
sudo bash -c 'cat >> /etc/security/limits.conf << EOF
elastic - nofile 65536
elastic - memlock unlimited
EOF'

(7)启动Elasticsearch

1、使用systemctl命令启动es
sudo systemctl daemon-reload
sudo systemctl start elasticsearch

2、也可以使用sudo -u elastic /opt/elasticsearch/bin/elastcisearch -d

3、kibana安装步骤(node2)

(1)下载并解压kibana

cd /opt
wget https://artifacts.elastic.co/downloads/kibana/kibana-8.13.4-linux-x86_64.tar.gz
tar -xf kibana-8.13.4-linux-x86_64.tar.gz -C /opt/
mv kibana-8.13.4-linux-x86_64/ kibana/

(2)创建用户并授权

useradd -r -s /sbin/nologin kibana
chown -R kibana:kibana /opt/kibana

(3)修改配置文件

vim /opt/kibana/config/kibana.yml

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://11.0.1.177:9200"]



vim node.options
--max-old-space-size=512
--unhandled-rejections=warn
--dns-result-order=ipv4first
--openssl-legacy-provider

--max-old-space-size

系统内存建议值
≤ 2 GB512 或 1024
4~8 GB2048
≥ 16 GB4096 或更大(不超总内存一半)

(4)创建systemd启动脚本

vim /etc/systemd/system/kibana.service

[Unit]
Description=Kibana
After=network.target

[Service]
User=kibana
Group=kibana
ExecStart=/opt/kibana/bin/kibana
Restart=on-failure

[Install]
WantedBy=multi-user.target

(5)重新加载并启动

systemctl daemon-reload
systemctl enable --now kibana

4、logstash安装步骤(node3)

(1)下载并解压

cd /opt
wget https://artifacts.elastic.co/downloads/logstash/logstash-8.13.4-x86_64.rpm
rpm -ivh logstash-8.13.4-x86_64.rpm

(2)配置文件编写(conf.d)

vim /etc/logstash/conf.d/logstash-simple.conf

input {
  beats {
    port => 5044
  }
}

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
  date {
    match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}

output {
  elasticsearch {
    hosts => ["http://11.0.1.177:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
  }
  stdout { codec => rubydebug }
}

 (3)启动服务并验证

systemctl daemon-reload
systemctl enable logstash
systemctl start logstash

# 看日志
journalctl -u logstash -f

三、验证

通过浏览器打开11.0.1.178:5601可以看到elasticsearch页面,部署成功。

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值