ZeroKong
文章19
标签16
分类6
Centos7搭建ELK 7.4服务器(二)ELK的配置

Centos7搭建ELK 7.4服务器(二)ELK的配置

约1.1k字 预计需要5分钟

Centos7搭建ELK 7.4服务器(二)ELK的配置

Centos7搭建ELK 7.4服务器(二)ELK的配置

前提

完成Centos7搭建ELK 7.4服务器(一)JDK与ELK的安装

elasticsearch配置

配置elasticsearch

配置文件的位置(yum安装位于/etc/elasticsearch/elasticsearch.yml)
配置文件节点解释看下方链接
elasticsearch.yml具体配置详解

命令

启动:systemctl start elasticsearch
停止:systemctl stop elasticsearch
重启:systemctl restart elasticsearch
启动后测试一下elasticsearch

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@localhost ~]# curl -X GET localhost:9200
{
"name" : "localhost.localdomain",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "Vyq89lVzRcCvWlBq-IMs7A",
"version" : {
"number" : "7.4.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "22e1767283e61a198cb4db791ea66e3f11ab9910",
"build_date" : "2019-09-27T08:36:48.569419Z",
"build_snapshot" : false,
"lucene_version" : "8.2.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

通过IP访问ES的配置

elasticsearch启动完成我们修改配置文件让我们可以通过IP进行访问
打开/etc/elasticsearch/elasticsearch.yml修改以下内容

1
2
3
4
5
6
7
8
---------------------------------- Cluster -----------------------------------
cluster.initial_master_nodes: ["node-1"]
------------------------------------ Node ------------------------------------
node.name: node-1
node.data: true
---------------------------------- Network -----------------------------------
network.host: 0.0.0.0
http.port: 9200

设置完后就可以通过web页面访问得到数据

elasticsearch7开启x-pack验证

在Elasticsearch7.x,x-pack已经作为默认的插件集成在elasticsearch里面了,所以无需在bin/elasticsearch-plugin install x-pack了,直接在配置文件中启用就可以了。

1
2
3
[root@localhost ~]# cd /usr/share/elasticsearch/bin/
[root@localhost bin]# ./elasticsearch-plugin install x-pack
ERROR: this distribution of Elasticsearch contains X-Pack by default

开启x-pack

参考官方文档,开启x-pack只需要在elasticsearch的配置文件elasticsearch.yml文件中新增如下配置即可:

1
2
3
4
5
# 开启x-pack安全验证
xpack.security.enabled: true
xpack.license.self_generated.type: basic
# 如果是basic license的话需要加入下面这一行,不然的话restart elasticsearch之后会报错。
xpack.security.transport.ssl.enabled: true

设置密码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
[root@localhost ~]# cd /usr/share/elasticsearch/bin/
[root@localhost bin]# ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

密码设置完成后需要在相对应的服务中增加elasticsearch的账号密码,例如kibana、logstash。

kibana配置

配置kibana

配置文件的位置(yum安装位于/etc/kibana/)

1
kibana.yml 用于配置连接到elasticsearch

在配置文件中启用以下有效配置

1
2
3
4
5
6
7
server.port: 5601	//kibana的端口
server.host: "0.0.0.0" //任意IP访问
elasticsearch.hosts: ["http://127.0.0.1:9200"] //elasticsearch的地址
kibana.index: ".kibana" //主页
elasticsearch.username: "elastic" //默认用户名
elasticsearch.password: "passwd" //刚才上面设置的密码
i18n.locale: "zh-CN" //中文,英文是en

命令

1
2
3
systemctl start kibana	//启动
systemctl stop kibana //停止
systemctl restart kibana //重启

logstash配置

注意

logstash比较特殊使用的是JDK8。并且yum安装时候,可能是因为代码问题没办法使用到系统的JDK环境。我们需要手动去修改一下logstash的启动代码。
如果不知道自己的logstash在哪里可以使用whereis logstash进行查找,yum默认安装在/usr/share/logstash
我们需要手动修改/usr/share/logstash/bin/logstash.lib.sh
大约在50行
加入以下内容

1
2
export JAVA_HOME=/usr/java/jdk1.8.0_221
export JAVA_PATH=${JAVA_HOME}/bin:${JRE_HOME}/bin

配置logstash

配置文件的位置(yum安装位于/etc/logstash/)

1
2
3
4
5
6
7
8
[root@localhost ~]# ll /etc/logstash/
total 32
drwxrwxr-x. 2 root root 27 Oct 18 09:03 conf.d //这个文件夹是放logstash模板的
-rw-r--r--. 1 root root 2019 Sep 27 06:25 jvm.options
-rw-r--r--. 1 root root 5043 Sep 27 06:25 log4j2.properties
-rw-r--r--. 1 root root 8206 Oct 17 22:15 logstash.yml //这个文件是logstash的配置文件
-rw-r--r--. 1 root root 285 Sep 27 06:25 pipelines.yml
-rw-------. 1 root root 1696 Sep 27 06:25 startup.options

编辑logstash的配置文件logstash.yml,找到X-Pack进行修改一些参数

1
2
3
xpack.monitoring.elasticsearch.username: "elastic" //默认用户名
xpack.monitoring.elasticsearch.password: "passwd" //刚才上面设置的密码
xpack.monitoring.elasticsearch.hosts: ["http://127.0.0.1:9200"] //elasticsearch的IP地址,我这里是极端条件都在一台机器上

命令

1
2
3
systemctl start logstash	//启动
systemctl stop logstash //停止
systemctl restart logstash //重启
本文作者:ZeroKong
本文链接:https://blog.zerokong.com/20191022-Centos7%E6%90%AD%E5%BB%BAELK%207.4%E6%9C%8D%E5%8A%A1%E5%99%A8%EF%BC%88%E4%BA%8C%EF%BC%89ELK%E7%9A%84%E9%85%8D%E7%BD%AE/
版权声明:本文采用 CC BY-NC-SA 3.0 CN 协议进行许可
×