实践环境

系统版本：debian12
组件版本：7.17.16

elasticsearch

## 下载程序
root@master-100:~# wget -c https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.16-linux-x86_64.tar.gz

## 解压移动
root@master-100:~# tar xf elasticsearch-7.17.16-linux-x86_64.tar.gz
root@master-100:~# mv elasticsearch-7.17.16 /usr/local/elastic

## 系统参数
root soft nofile 1048576
root hard nofile 1048576
* soft nofile 1048576
* hard nofile 1048576

root soft  nproc  unlimited
root hard  nproc  unlimited
* soft  nproc  unlimited
* hard  nproc  unlimited

## 配置文件path/config/elasticsearch.yml
cluster.name: my-es
node.name: node-01
node.master: true
node.data: true
node.max_local_storage_nodes: 3
path.data: /usr/local/elastic/data
path.logs: /usr/local/elastic/logs
network.host: "192.168.250.100"
http.port: 9200
transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.250.100", "192.168.250.101"]
cluster.initial_master_nodes: ["node-01", "node-02"]
http.cors.enabled: true 
http.cors.allow-origin: "*"

## 内存jvm.options
-Xms100m
-Xmx100m

## jdk环境/etc/profile
export ES_JAVA_HOME=/usr/local/elastic/jdk 
export PATH=$PATH:$ES_JAVA_HOME/bin

## 启动用户
root@master-100:/usr/local# useradd -m -s /bin/bash -r elastic
root@master-100:/usr/local# chown -R elastic:elastic elastic/

## 启动
root@master-100:/usr/local/elastic# su -l elastic -c "/usr/local/elastic/bin/elasticsearch -d"
root@master-100:/usr/local/elastic/config# ps -elf | grep elastic
0 S elastic     1497       1 14  80   0 - 1216147 futex_ 11:54 ?      00:00:29 /usr/local/elastic/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl

## 修改配置文件，在另一台服务器上进行同样操作

elastic-head插件

安装

## 下载
root@master-100:~# apt install git
root@master-100:~# git clone https://github.com/mobz/elasticsearch-head.git
root@master-100:~# mv elasticsearch-head/ /usr/local

## nodejs环境
root@master-100:~# wget -c https://nodejs.org/dist/v20.10.0/node-v20.10.0-linux-x64.tar.xz
root@master-100:~# tar xf node-v20.10.0-linux-x64.tar.xz
root@master-100:~# mv node-v20.10.0-linux-x64 /usr/local/node
root@master-100:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/elastic/jdk/bin:/usr/local/node/bin:/usr/local/mysql/bin:/usr/local/mongo/bin:/usr/local/redis/bin
root@master-100:~# node -v
v20.10.0
root@master-100:~# npm -v
10.2.3

## 安装
root@master-100:/usr/local/elasticsearch-head# npm install

## 修改_site/app.js
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.250.100:9200";

## 启动
root@master-100:/usr/local/elasticsearch-head# npm run start 
root@master-100:/usr/local/elasticsearch-head# netstat -lnpt |grep 9100
tcp        0      0 0.0.0.0:9100            0.0.0.0:*               LISTEN      2413/grunt

查看

kibana

## 下载解压移动权限
root@master-100:~# ls
app  kibana-7.17.16-linux-x86_64.tar.gz
root@master-100:~# tar xf kibana-7.17.16-linux-x86_64.tar.gz 
root@master-100:~# mv kibana-7.17.16-linux-x86_64 /usr/local/kibana
root@master-100:/usr/local# chown -R elastic:elastic kibana/

## 配置文件
root@master-100:/usr/local/kibana/config# cat kibana.yml 
server.port: 5601
server.host: "192.168.250.100"
elasticsearch.hosts: ["http://192.168.250.100:9200", "http://192.168.250.101:9200"]
i18n.locale: "zh-CN"

## 启动
root@master-100:~# su -l elastic -c "/usr/local/kibana/bin/kibana -Q &"
root@master-100:~# netstat -lnpt | grep 5601
tcp        0      0 192.168.250.100:5601    0.0.0.0:*               LISTEN      3076/node

logstash

## 下载解压移动
root@dns-3:~# tar xf logstash-7.17.16-linux-x86_64.tar.gz
root@dns-3:~# mv logstash-7.17.16 /usr/local/logstash

## 收集dns日志配置文件
root@dns-3:/usr/local/logstash/config# cat logstash.conf 
input {
  file {
	path =>"/docker/bind9/log/query.log"
        type =>"dns"
        start_position =>"beginning"
    }
}

output {
    elasticsearch {				
	hosts => ["192.168.250.100:9200","192.168.250.101:9200"]
        index =>"dns-%{+YYYY.MM.dd}"
    }
}

## 启动
root@dns-3:/usr/local/logstash# ./bin/logstash -f ./config/logstash.conf