sifeimeng 2020-01-02
环境:
system: CentOS Linux release 7.7.1908
elasticsearch: elasticsearch-7.5.1-1.x86_64
kibana: kibana-7.5.1-1.x86_64
filebeat: filebeat-7.5.1-1.x86_64
1. 配置EFK的yum环境
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
创建一个yum源文件
vim efk.repo:
[elasticsearch] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=0 autorefresh=1 type=rpm-md [elastic-7.x] name=Elastic repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md [kibana-7.x] name=Kibana repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
2. 安装EFK 1 yum install --enablerepo=elasticsearch elasticsearch 2 yum install kibana 3 yum install filebeat
3. 配置EFK
a. 配置elasticsearch
vim /etc/elasticsearch/elasticsearch.yml
node.name: node-1 cluster.initial_master_nodes: ["node-1"] http.port: 9200 network.host: 0.0.0.0
b. 配置kibana
vim /etc/kibana/kibana.yml
server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: [" #ip改成部署了elasticsearch服务的机器ip kibana.index: ".kibana"
c. 配置filebeat
vim /etc/filebeat/filebeat.yml
setup.kibana: host: " # ip改成部署了kibana服务的机器ip output.elasticsearch: hosts: ["localhost:9200"] # ip改成部署了elasticsearch服务的机器ip, 我这里是一台机器,所以localhost等于11.22 filebeat.inputs: - type: log enabled: false paths: # 日志收集的路径 - /var/log/*.log
启动EFK服务
systemctl start elasticsearch.service
如果有关elasticsearch的启动问题,点击: https://blog.51cto.com/liuxiaolan/2463905
systemctl start kibana.service
systemctl start filebeat.service
另外一部分,则需要先做聚类、分类处理,将聚合出的分类结果存入ES集群的聚类索引中。数据处理层的聚合结果存入ES中的指定索引,同时将每个聚合主题相关的数据存入每个document下面的某个field下。