首页 > 专栏 > RHEL8 快速部署单机版ELK
RHEL8 快速部署单机版ELK
2023/05/06 13:14 投稿

ELK由以下组成:

  • ElasticSearch 作为搜索引擎存储数据
  • Logstash 负责收集数据并输出给ElasticSearch
  • Kibana 可以理解为elasticsearch的显示面板。

部署步骤: !以下所有操作均在ROOT模式

以下配置均基于最基础的测试环境,具体生产环境有更高级的需求比如加密证书啥的可以去参照网上其他教程细化配置。

1.配置YUM源

#cat > /etc/yum.repos.d/el.repo  <<EOF
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=0
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF

2.安装软件

#dnf install -y elasticsearch
#dnf install -y logstash
#dnf install -y kibana

3.配置elasticsearch,配置好如下:

#cat /etc/elasticsearch/elasticsearch.yml | grep -v "^#"
cluster.name: my-application
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: false
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["node-1"]
http.host: 0.0.0.0
transport.host: 0.0.0.0
# cat /etc/elasticsearch/jvm.options | grep -v "^#"

-Xms1g
-Xmx1g
-XX:+UseG1GC
-Djava.io.tmpdir=${ES_TMPDIR}
-XX:+HeapDumpOnOutOfMemoryError
-XX:+ExitOnOutOfMemoryError
-XX:HeapDumpPath=/var/lib/elasticsearch
-XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log
-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m

4.配置kibana,配置好如下:

#cat /etc/kibana/kibana.yml | grep -v "^#"

server.port: 5601
server.host: "0.0.0.0"
server.publicBaseUrl: "http://192.168.26.100:5601"
elasticsearch.hosts: ["http://192.168.26.100:9200"]
logging:
  appenders:
    file:
      type: file
      fileName: /var/log/kibana/kibana.log
      layout:
        type: json
  root:
    appenders:
      - default
      - file
pid.file: /run/kibana/kibana.pid

6.开启服务
#systemctl enable elasticsearch.service --now
#systemctl enable logstash.service --now
#systemctl enable kibana.service --now

7.验证

elasticsearch: IP-ADDRESS:9200

kibana: IP-ADDRESS:5601