【linux】麒麟v10安装ELKB（ARM架构）

安装elasticsearch

创建目录

#放安装软件的位置
mkdir -pv /software#安装elasticsearch目录
mkdir -pv /usr/local/elasticsearch#安装kibana目录
mkdir -pv /usr/local/kibana

解压elasticsearch

tar -zxvf elasticsearch-8.8.1-linux-aarch64.tar.gz -C /usr/local/elasticsearch/

进入目录

cd /usr/local/elasticsearch/

新建elasticsearch用户

useradd elasticsearch

分配所属权限

chown -R elasticsearch:elasticsearch  elasticsearch-8.8.1/

切换用户

su elasticsearch

进入启动目录

cd elasticsearch-8.8.1/bin

切换到elasticsearch用户

su elasticsearch

前台启动

./elasticsearch

输出下面信息就是启动完成

记录下面信息

下面信息有默认的elastic用户和启动kibana用的token信息

后台启动

用 ctrl+c 停止前台启动的ES。切换后台启动。

 ./elasticsearch -d -p pid

查看启动信息

ps -ef | grep elasticsearch

安装kibana

解压kibana

tar -zxvf kibana-8.8.1-linux-aarch64.tar.gz -C /usr/local/kibana/

进入目录

cd /usr/local/kibana/

新建kibana用户

useradd kibana 

授权kibana

chown -R kibana:kibana kibana-8.8.1/

进入kibana目录 和切换kibana用户

cd /usr/local/kibana/kibana-8.8.1/su kibanacd bin/

启动kibana

前台启动

./kibana

后台启动

nohup sh kibana >/dev/null 2>&1 &

访问页面

网址： http://localhost:5601/?code=843761

填写code

启动URL中的：code=843761

填写es启动生成的token

提示下面信息就是安装成功

输入上面的elastic账号和密码

安装logstash

创建logstash文件目录

mkdir -pv /usr/local/logstash

解压lagstash

tar -zxvf logstash-8.8.1-linux-aarch64.tar.gz -C /usr/local/logstash/

创建访问证书目录

mkdir -pv /usr/local/logstash/logstash-8.8.1/config/certs

获取访问elastic访问配置

下面的http_ca.crt放到上面创建的目录

移动证书到创建的目录

mv http_ca.crt /usr/local/logstash/logstash-8.8.1/config/

创建配置logstash-pipeline.conf

cd /usr/local/elasticsearch/elasticsearch-8.8.1/configmv logstash-sample.conf logstash-pipeline.conf

编辑配置

vim logstash-pipeline.conf

具体配置如下

input {beats {port => "5044"}
}
# The filter part of this file is commented out to indicate that it is
# optional.
# filter {
#
# }filter {if [fields][logtype] == "java-app" {mutate { add_field => { "[logsource]" => "%{[fields][logsource]}" } }grok {match => { "message" => "^%{TIMESTAMP_ISO8601:log_timestamp}\s+\[%{DATA:thread}\]\s+\[%{DATA:trace_id}\]\s+\[%{DATA:logger_name}\]\s+\[%{DATA:log_level}\]:\s+%{GREEDYDATA:log_content}"}}} else if [fields][logtype] == "nginx" {grok {match => { "message" => "%{COMBINEDAPACHELOG}" }}date {match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss SSS" ]} }
}output {if [fields][logtype] == "java-app" {if [fields][logenv] == "jyy-prod" {elasticsearch {hosts => [ "https://192.168.0.1:9200" ]ssl_certificate_authorities => "config/certs/http_ca.crt"user => "elastic"password => "FiTw@1234"index => "prod-log-java-%{+YYYY.MM.dd}"}}  else if [fields][logtype] == "nginx" {elasticsearch {hosts => [ "https://192.168.0.1:9200" ]ssl_certificate_authorities => "config/certs/http_ca.crt"user => "elastic"password => "FiTw@1234"index => "log-nginx%{+YYYY.MM.dd}"}}}
}

启动logstash

cd /usr/local/elasticsearch/elasticsearch-8.8.1/bin

校验文件

./logstash -f ./config/logstash-pipeline.conf --config.test_and_exit

前台启动

./logstash -f ./config/logstash-pipeline.conf --config.reload.automatic

配置系统系统

./system-install  

编辑logstash.service

vim /etc/systemd/system/logstash.service

在ExecStart=/usr/local/logstash/logstash-8.8.1/bin/logstash "--path.settings" "/etc/logstash"  后面增加：

"-f" "/usr/local/logstash/logstash-8.8.1/config/logstash-pipeline.conf"

编辑完成的项目

ExecStart=/usr/local/logstash/logstash-8.8.1/bin/logstash "--path.settings" "/etc/logstash"  "-f" "/usr/local/logstash/logstash-8.8.1/config/logstash-pipeline.conf"

查看和修改状态

systemctl status logstashsystemctl enable logstash

加载和重启

systemctl daemon-reloadsystemctl start logstash

---

---

---