CentOS7安裝EFK

前言

JDK選擇了1.8

EFK的版本要一直，能夠從官網下載

1、安裝JDK

安裝完畢JDK後，配置環境變量

vi /etc/profile
export JAVA_HOME=/java/jdk1.8.0_171
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$PATH
source /etc/profile

2、安裝ElasticSearsh

編輯配置文件

vim config/elasticsearch.yml

修改文件節點

cluster.name: my-application
node.name: node-1
network.host: 0.0.0.0 
http.port: 9200

root不能啓動elasticsearsh：can not run elasticsearch as root

#建立用戶
adduser elastic
#設置密碼
passwd elastic
#須要輸入2次密碼
#受權
chmod -R 777 /usr/local/elasticsearch-6.2.4
#切換用戶
su elastic

啓動時若是報錯：

max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]

vi /etc/security/limits.conf

內容是：

* soft nofile 65535

* hard nofile 65535

啓動時若是報錯：

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

vi /etc/sysctl.conf

內容是：

vm.max_map_count=262144

而後執行命令：

sysctl -p

啓動時若是報錯：

the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
則要在配置文件中設置：

cluster.initial_master_nodes: ["node-1"] 

3、安裝Kibana

修改配置文件

vi config/kibana.yml

內容：

elasticsearch.url: "http://localhost:9200"
server.host: "0.0.0.0"
kibana.index: ".kibana"

 4、安裝FileBeat

修改配置文件

vi filebeat.yml

內容：

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/xxx/*.log
    - /var/xxx/*.out
  multiline.pattern: ^\[
  multiline.negate: true
  multiline.match: after
setup.kibana:
  host: "localhost:5601"
output.elasticsearch:
  hosts: ["localhost:9200"]