Elasticsearch 8.x ELK 搭建并配置 SSL

这篇具有很好参考价值的文章主要介绍了Elasticsearch 8.x ELK 搭建并配置 SSL。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

说明:这只是本人在家里组网搭建的集群,所以内容排版可能比较随意了,没有耐心的同学直接跳过去看别的文章吧,我只是放在这里留作记录方便以后翻阅

ELK 的坑实在太多了,自己在物理机(多台)逐渐摸索的,安装最新版本的记录

为了好看可能我下面会出现多个这种的命令行文章来源地址https://www.toymoban.com/news/detail-848397.html

命令行 mkdir -p /iscsi/elk/kibana/config
命令行 mkdir -p /iscsi/elk/kibana/data
命令行 mkdir -p /iscsi/elk/kibana/logs
# 可以使用 mkdir -p /iscsi/elk/kibana/{config,data,logs}代替在一个文件夹下创建多个目录```
ELK安装:
    版本: 8.9.0
    准备:
        更新apt: 
            命令行 apt-get update
            命令行 apt-get upgrade
            命令行 apt-get install unzip
        JDK安装: 
            - 1查看JDK版本: 命令行 apt search openjdk
            - 2安装JDK: 命令行 apt install openjdk-21-jdk -y  (找一个最高的来安装) 
        创建ELK目录: 
            命令行 mkdir -p /iscsi/elk   
            命令行 mkdir -p /iscsi/elk/elasticsearch
            命令行 mkdir -p /iscsi/elk/elasticsearch/data
            命令行 mkdir -p /iscsi/elk/elasticsearch/logs
            命令行 mkdir -p /iscsi/elk/elasticsearch/plugins
            命令行 mkdir -p /iscsi/elk/kibana
            命令行 mkdir -p /iscsi/elk/kibana/config
            命令行 mkdir -p /iscsi/elk/kibana/data
            命令行 mkdir -p /iscsi/elk/kibana/logs
            命令行 mkdir -p /iscsi/elk/logstash  
            命令行 mkdir -p /iscsi/elk/logstash/config
            命令行 mkdir -p /iscsi/elk/logstash/logs
            命令行 mkdir -p /iscsi/elk/logstash/pipeline
        文件夹提权:
            命令行 chmod 777 -R /iscsi/elk/*
        创建用户和组:
            1查看用户: 命令行 cat /etc/passwd
            2查看组: 命令行 cat /etc/group
            3修改原来uid为1000的用户: 命令行 usermod -u 1001 tonywoo
            4新建elasticsearch 用户: 命令行   useradd -u 1000 -g root elasticsearch     ??useradd -u 1000 -g tonywoo elasticsearch
            6新建组: 命令行 groupadd elasticsearch
            5修改elasticsearch 用户密码: 命令行 passwd elasticsearch
        设置目录权限:
            1设置目录拥有者: 命令行 chown -R elasticsearch:root /iscsi/elk/elasticsearch/
            2设置目录拥有组: 命令行 chgrp -R 0 /iscsi/elk/elasticsearch
            3备注: /iscsi/elk/elasticsearch 下的子目录的拥有者都要设置为 elasticsearch 这个用户
        内存设置:
            - 1查看用户内存权限: 命令行 sysctl -a|grep vm.max_map_count
            - 2设置用户内存权限: 命令行 vim /etc/sysctl.conf
            - 3禁止内存与硬盘交换: vm.swappiness=1
            - 4配置最大映射数量: vm.max_map_count=262144
            - 5使配置生效: 退出vim,命令行 sysctl -p
        修改打开文件数:
            - 1进入文件: 命令行 vim /etc/security/limits.conf
            - 2追加内容:
                `
                    # elasticsearch是用户,也可以使用*代替所有用户)
                    elasticsearch soft nofile 65536
                    elasticsearch hard nofile 65536
                    #内存锁定交换
                    soft memlock unlimited
                    hard memlock unlimited
                  `
        查看docker网络: 命令行 docker network list
    开始:
        新建docker-compose文件: 命令行 touch /iscsi/elk/docker-compose-elk.yml
        修改docker-compose文件如下: 
            `
                version: '3.7'
                services:
                elasticsearch:
                    image: elasticsearch:8.9.0
                    container_name: elasticsearch
                    hostname: elasticsearch
                    restart: "no"
                    volumes:
                        - /etc/localtime:/etc/localtime
                        #- /iscsi/elk/elasticsearch/data:/usr/share/elasticsearch/data:rw
                        #- /iscsi/elk/elasticsearch/config:/usr/share/elasticsearch/config:rw
                        #- /iscsi/elk/elasticsearch/logs:/usr/share/elasticsearch/logs:rw
                        #- /iscsi/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins:rw
                    environment:
                        - TZ="Asia/Shanghai"
                        - ES_JAVA_OPTS=-Xms512m -Xmx512m
                        - discovery.type=single-node
                    ports:
                        - "9200:9200"
                        - "9300:9300"
                    networks:
                        elastic:
                            ipv4_address: 172.99.0.2
                            aliases:
                                - elasticsearch
                kibana:
                    image: kibana:8.9.0
                    container_name: kibana
                    hostname: kibana
                    restart: "no"
                    volumes:
                        - /etc/localtime:/etc/localtime
                        #- /iscsi/elk/kibana/data:/usr/share/kibana/data:rw
                        #- /iscsi/elk/kibana/config:/usr/share/kibana/config:rw
                        #- /iscsi/elk/kibana/logs:/usr/share/kibana/logs:rw
                    ports:
                        - 5601:5601
                    depends_on:
                        - elasticsearch
                    networks:
                    elastic:
                        ipv4_address: 172.99.0.3
                        aliases:
                            - kibana
                        
                logstash:
                    image: logstash:8.9.0
                    container_name: logstash
                    hostname: logstash
                    restart: "no"
                    volumes:
                        - /etc/localtime:/etc/localtime
                        #- /iscsi/elk/logstash/config:/usr/share/logstash/config:rw
                        #- /iscsi/elk/logstash/logs:/usr/share/logstash/logs:rw
                        #- /iscsi/elk/logstash/pipeline:/usr/share/logstash/pipeline:rw
                    ports:
                        - 5044:5044
                        - 9066:9066
                        - 21068:21068
                        - "5000:5000/tcp"
                        - "5000:5000/udp"      
                    depends_on:
                        - elasticsearch
                    networks:
                    elastic:
                        ipv4_address: 172.99.0.4
                        aliases:
                            - logstash   
                ##自定义网络
            networks:
                elastic:
                    ipam:
                        driver: default
                        config:
                            - subnet: 172.99.0.0/16

            `
            上面带有#号 的后面要解除
        首次启动: /iscsi/elk下执行 命令行 docker-compose -f docker-compose-elk.yml up -d
        复制容器内目录到宿主机:
            命令行 docker cp elasticsearch:/usr/share/elasticsearch/config /iscsi/elk/elasticsearch/
            命令行 docker cp kibana:/usr/share/kibana/config /iscsi/elk/kibana/
            命令行 docker cp logstash:/usr/share/logstash/config /iscsi/elk/logstash/
            命令行 docker cp logstash:/usr/share/logstash/pipeline /iscsi/elk/logstash/
            命令行 chmod 777 -R /iscsi/elk/kibana/*
            命令行 chmod 777 -R /iscsi/elk/logstash/*
            命令行 chown -R elasticsearch:root /iscsi/elk/elasticsearch/config/
            命令行 chown -R elasticsearch:root /iscsi/elk/elasticsearch/config/certs/
        修改elasticsearch的jvm文件:
            打开 /iscsi/elk/elasticsearch/config/jvm.options添加下面两项
            命令行 vim /iscsi/elk/elasticsearch/config/jvm.options
            `
            -Xms512m
            -Xmx512m
            `
        修改logstash的jvm文件:
            打开 /iscsi/elk/logstash/config/jvm.options添加下面两项
            命令行 vim /iscsi/elk/logstash/config/jvm.options 修改如下
            #-Xms1g 改为 -Xms512m
            #-Xmx1g 改为 -Xmx512m
        放开注释: 放开docker-compose-elk.yml文件内挂载数据卷的注释
                命令行  cd /iscsi/elk
                命令行  docker-compose  -f docker-compose-elk.yml stop
                命令行  docker-compose  -f docker-compose-elk.yml rm
                命令行  docker-compose  -f docker-compose-elk.yml up -d
    配置SSL:
        设置目录拥有者:
            命令行 chown -R elasticsearch:root /iscsi/elk/elasticsearch/config/*
            命令行 chown -R elasticsearch:root /iscsi/elk/elasticsearch/config/certs/*
        进入elasticsearch容器:
            命令行 docker exec -it elasticsearch /bin/bash
        生成elastic-stack-ca.p12文件:
            命令行 ./bin/elasticsearch-certutil ca
            需要在 `Enter password for elastic-stack-ca.p12:` 哪里设置密码
        生成elastic-certificates.p12:
            命令行 ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
            `Enter password for CA(elastic-stack-ca.p12):`后输入 elastic-stack-ca.p12设置的密码
        复制文件到config文件夹:
            命令行 mv elastic-certificates.p12 config/certs/
            命令行 mv elastic-stack-ca.p12 ./config/                        
            备注 开放了docker-compose-elk.yml的注释复制文件到config宿主机文件夹会同时改变;elastic-stack-ca.p12文件后续也需要用到
        设置文件拥有权:
            退出容器
            命令行 chmod 777  /iscsi/elk/elasticsearch/*
            命令行 chmod 777  /iscsi/elk/elasticsearch/config/*
            命令行 chmod 777  /iscsi/elk/elasticsearch/config/certs/*
            命令行 chown -R elasticsearch:root /iscsi/elk/elasticsearch/*
        设置elasticsearch.yml配置文件:
            命令行 vim /iscsi/elk/elasticsearch/config/elasticsearch.yml
            修改为如下
            `
                # Enable encryption and mutual authentication between cluster nodes
                xpack.security.transport.ssl:
                enabled: true
                verification_mode: certificate
                keystore.path: certs/elastic-certificates.p12
                truststore.path: certs/elastic-certificates.p12                        
            `
        修改密码:
            如果certificate设置了密码,需要执行一下两个命令
            退回到容器根目录
            命令行 ./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
            命令行 ./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
            备注 这个密码就是 elastic-certificates.p12  文件设置的密码
        重启elasticsearch容器:
            docker restart elasticsearch
        配置elasticsearch和kibana开启https访问:
            进入elasticsearch容器:
                命令行 docker exec -it elasticsearch /bin/bash
            生成elasticsearch-ssl-http.zip:
                命令行 ./bin/elasticsearch-certutil http
                操作如下
                ## Elasticsearch HTTP Certificate Utility
                The 'http' command guides you through the process of generating certificates
                for use on the HTTP (Rest) interface for Elasticsearch.

                This tool will ask you a number of questions in order to generate the right
                set of files for your needs.

                ## Do you wish to generate a Certificate Signing Request (CSR)?

                A CSR is used when you want your certificate to be created by an existing
                Certificate Authority (CA) that you do not control (that is, you don't have
                access to the keys for that CA). 

                If you are in a corporate environment with a central security team, then you
                may have an existing Corporate CA that can generate your certificate for you.
                Infrastructure within your organisation may already be configured to trust this
                CA, so it may be easier for clients to connect to Elasticsearch if you use a
                CSR and send that request to the team that controls your CA.

                If you choose not to generate a CSR, this tool will generate a new certificate
                for you. That certificate will be signed by a CA under your control. This is a
                quick and easy way to secure your cluster with TLS, but you will need to
                configure all your clients to trust that custom CA.

                ## 生成CSR 输入n
                Generate a CSR? [y/N]n

                ## Do you have an existing Certificate Authority (CA) key-pair that you wish to use to sign your certificate?

                If you have an existing CA certificate and key, then you can use that CA to
                sign your new http certificate. This allows you to use the same CA across
                multiple Elasticsearch clusters which can make it easier to configure clients,
                and may be easier for you to manage.

                If you do not have an existing CA, one will be generated for you.

                ## 是否使用存在的ca 输入y(在基础配置时生成了)
                Use an existing CA? [y/N]y

                ## What is the path to your CA?

                Please enter the full pathname to the Certificate Authority that you wish to
                use for signing your new http certificate. This can be in PKCS#12 (.p12), JKS
                (.jks) or PEM (.crt, .key, .pem) format.
                ## 输入ca文件的地址
                CA Path: /usr/share/elasticsearch/config/elastic-stack-ca.p12
                Reading a PKCS12 keystore requires a password.
                It is possible for the keystore's password to be blank,
                in which case you can simply press <ENTER> at the prompt
                ## 输入文件设置的密码
                Password for elastic-stack-ca.p12:

                ## How long should your certificates be valid?

                Every certificate has an expiry date. When the expiry date is reached clients
                will stop trusting your certificate and TLS connections will fail.

                Best practice suggests that you should either:
                (a) set this to a short duration (90 - 120 days) and have automatic processes
                to generate a new certificate before the old one expires, or
                (b) set it to a longer duration (3 - 5 years) and then perform a manual update
                a few months before it expires.

                You may enter the validity period in years (e.g. 3Y), months (e.g. 18M), or days (e.g. 90D)

                ## 设置过期时间
                For how long should your certificate be valid? [5y] 10y

                ## Do you wish to generate one certificate per node?

                If you have multiple nodes in your cluster, then you may choose to generate a
                separate certificate for each of these nodes. Each certificate will have its
                own private key, and will be issued for a specific hostname or IP address.

                Alternatively, you may wish to generate a single certificate that is valid
                across all the hostnames or addresses in your cluster.

                If all of your nodes will be accessed through a single domain
                (e.g. node01.es.example.com, node02.es.example.com, etc) then you may find it
                simpler to generate one certificate with a wildcard hostname (*.es.example.com)
                and use that across all of your nodes.

                However, if you do not have a common domain name, and you expect to add
                additional nodes to your cluster in the future, then you should generate a
                certificate per node so that you can more easily generate new certificates when
                you provision new nodes.

                ## 是否为每一个节点生成证书 输入n
                Generate a certificate per node? [y/N]n

                ## Which hostnames will be used to connect to your nodes?

                These hostnames will be added as "DNS" names in the "Subject Alternative Name"
                (SAN) field in your certificate.

                You should list every hostname and variant that people will use to connect to
                your cluster over http.
                Do not list IP addresses here, you will be asked to enter them later.

                If you wish to use a wildcard certificate (for example *.es.example.com) you
                can enter that here.

                ## 节点的hostname,设置为elasticsearch,敲两次回车
                Enter all the hostnames that you need, one per line.
                When you are done, press <ENTER> once more to move on to the next step.

                elasticsearch

                You entered the following hostnames.

                - elasticsearch

                ## 配置是否正确
                Is this correct [Y/n]y

                ## Which IP addresses will be used to connect to your nodes?

                If your clients will ever connect to your nodes by numeric IP address, then you
                can list these as valid IP "Subject Alternative Name" (SAN) fields in your
                certificate.

                If you do not have fixed IP addresses, or not wish to support direct IP access
                to your cluster then you can just press <ENTER> to skip this step.

                ## 节点的ip(可以在宿主机通过命令docker inspect elasticsearch查看),设置为172.99.0.2,敲两次回车
                Enter all the IP addresses that you need, one per line.
                When you are done, press <ENTER> once more to move on to the next step.

                172.99.0.2

                You entered the following IP addresses.

                - 172.99.0.2
                ## 配置是否正确
                Is this correct [Y/n]y

                ## Other certificate options

                The generated certificate will have the following additional configuration
                values. These values have been selected based on a combination of the
                information you have provided above and secure defaults. You should not need to
                change these values unless you have specific requirements.

                Key Name: elasticsearch
                Subject DN: CN=elasticsearch
                Key Size: 2048

                ## 是否更改任意项
                Do you wish to change any of these options? [y/N]n

                ## What password do you want for your private key(s)?

                Your private key(s) will be stored in a PKCS#12 keystore file named "http.p12".
                This type of keystore is always password protected, but it is possible to use a
                blank password.

                If you wish to use a blank password, simply press <enter> at the prompt below.
                ## 输入生成文件的密码(可不设置,设置需要在后面进行配置)
                Provide a password for the "http.p12" file:  [<ENTER> for none]
                ## 再次输入生成文件的密码
                Repeat password to confirm: 

                ## Where should we save the generated files?

                A number of files will be generated including your private key(s),
                public certificate(s), and sample configuration options for Elastic Stack products.

                These files will be included in a single zip archive.

                ## 生成压缩文件的地址和名称,直接敲回车即可
                What filename should be used for the output zip file? [/usr/share/elasticsearch/elasticsearch-ssl-http.zip] 
        移动elasticsearch-ssl-http.zip压缩包:
            命令行 mv elasticsearch-ssl-http.zip ./config/ 
        解压文件:
            退出容器
            命令行 unzip /iscsi/elk/elasticsearch/config/elasticsearch-ssl-http.zip
            解压后会在原目录下新增两个目录分别是 elasticsearch 和 kibana
            命令行 mv /iscsi/elk/elasticsearch/config/elasticsearch/http.p12 /iscsi/elk/elasticsearch/config/certs/
        复制elasticsearch-ca.pem到kibana的config文件夹内:
            命令行 cp /iscsi/elk/elasticsearch/config/kibana/elasticsearch-ca.pem /iscsi/elk/kibana/config/
        删除文件夹:
            命令行 rm -rf /iscsi/elk/elasticsearch/certs/kibana
        文件提权:
            命令行 chmod 777 /iscsi/elk/elasticsearch/config/certs/http.p12 
        设置http密码:
            命令行 docker exec -it elasticsearch /bin/bash
            命令行 ./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password
            退出容器
        重启elasticsearch容器:                    
            命令行 docker restart elasticsearch
        设置elastic用户的密码:
            进入容器: 命令行 docker exec -it elasticsearch /bin/bash
            设置密码: ./bin/elasticsearch-reset-password -u elastic -i
        设置kibana_system密码:
            命令行 ./bin/elasticsearch-reset-password -u kibana_system -i
        生成kibana用https访问的公钥和私钥:
            命令行 ./bin/elasticsearch-certutil csr -name kibana-server
            备注 生成csr-bundle.zip文件夹
        复制csr-bundle.zip到kibana:
            退出容器
            命令行 docker cp elasticsearch:/usr/share/elasticsearch/csr-bundle.zip /iscsi/elk/kibana/
        解压csr-bundle.zip:
            命令行 cd /iscsi/elk/kibana/
            命令行 unzip /iscsi/elk/kibana/csr-bundle.zip
            备注 解压后会生成 kibana-server 文件夹
        移动文件到kibana的配置目录:
            命令行 mv /iscsi/elk/kibana/kibana-server/* /iscsi/elk/kibana/config/
            命令行 rm -rf /iscsi/elk/kibana/kibana-server
        生成kibana-server.crt文件:
            命令行 cd /iscsi/elk/kibana/config
            命令行 openssl  x509 -req -days 3650 -in kibana-server.csr -signkey kibana-server.key -out kibana-server.crt
        文件提权:
            命令行 chmod 777 elasticsearch-ca.pem kibana-server.csr kibana-server.key kibana-server.crt
        修改kibana.yml文件:
            命令行 vim /iscsi/elk/kibana/config/kibana.yml
            最终文件为
            `
                #
                # ** THIS IS AN AUTO-GENERATED FILE **
                #

                # Default Kibana configuration for docker target
                server.host: "0.0.0.0"
                server.shutdownTimeout: "5s"
                elasticsearch.hosts: [ "https:/172.99.0.2:9200" ]
                monitoring.ui.container.elasticsearch.enabled: true
                elasticsearch.ssl.certificateAuthorities: ["/usr/share/kibana/config/elasticsearch-ca.pem"]
                elasticsearch.username: "kibana_system"
                elasticsearch.password: "tonglian@126.com"

                server.ssl.certificate: "/usr/share/kibana/config/kibana-server.crt"
                server.ssl.key: "/usr/share/kibana/config/kibana-server.key"
                server.ssl.enabled: true
                # 设置中文访问
                i18n.locale: "zh-CN"                        
            `
        重启kiban:
            命令行 docker restart kibana
        配置logstash:
            设置logstash_system密码:
                命令行 docker exec -it elasticsearch /bin/bash
                命令行 ./bin/elasticsearch-reset-password -u logstash_system -i
            生成logstash.pem文件:
                退出容器
                命令行 openssl pkcs12 -in elasticsearch/config/certs/elastic-certificates.p12 -cacerts -nokeys -chain  -out logstash.pem
            移动logstash.pem文件到logstash配置文件目录下:
                命令行 mv /iscsi/elk/elasticsearch/config/certs/logstash.pem /iscsi/elk/logstash/config/
            提权logstash.pem:
                命令行 chmod 777 /iscsi/elk/logstash/config/logstash.pem
            配置logstash.yml文件:
                命令行 vim /iscsi/elk/logstash/config/logstash.yml
                最终文件
                `
                    http.host: "0.0.0.0"
                    xpack.monitoring.elasticsearch.hosts: [ "https://172.99.0.2:9200" ]
                    #你的ca.pem 的所在路径
                    xpack.monitoring.elasticsearch.ssl.certificate_authority: "/usr/share/logstash/config/logstash.pem"
                    xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
                    # 探嗅 es节点,设置为 false
                    xpack.monitoring.elasticsearch.sniffing: false
                    xpack.monitoring.elasticsearch.username: "logstash_system"
                    xpack.monitoring.elasticsearch.password: "tonglian@126.com"                            
                `
            配置logstash.conf文件:
                命令行 vim /iscsi/elk/logstash/pipeline/logstash.conf
                最终文件
                `
                    input {
                        tcp {
                            port => 21068
                            codec => json_lines
                        }
                    }

                    output {
                        elasticsearch {
                            hosts => ["https://172.99.0.2:9200"]
                            index => "tonywoo-%{+YYYY.MM.dd}"
                            user => "elastic"
                            password => "tonglian@126.com"
                            ssl_enabled => true
                            ssl_certificate_authorities => ["/usr/share/logstash/config/logstash.pem"]
                        }
                    }                            
                `
            重启logstash:
                docker restart logstash
        设置自动启动:
        `
            cat > /etc/systemd/system/docker-compose-elk.service << EOF

            [Unit]
            Description=Docker Compose Application Service
            Requires=docker.service
            After=docker.service

            [Service]
            Type=oneshot
            RemainAfterExit=yes
            WorkingDirectory=/iscsi/elk/
            ExecStart=/iscsi/elk/docker-compose -f docker-compose-elk.yml up -d
            ExecStop=/iscsi/elk/docker-compose -f docker-compose-elk.yml up down
            TimeoutStartSec=0

            [Install]
            WantedBy=multi-user.target                        
        `
        回车
        命令行 ctrl+d

到了这里,关于Elasticsearch 8.x ELK 搭建并配置 SSL的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • ELK的搭建—Elasticsearch-8.11.3的安装及集群的搭建

    应用场景:信息检索,旅游网站,滴滴车离我多远 1. Elasticsearch的rpm包下载 es官方下载网址:https://www.elastic.co/cn/downloads/elasticsearch 2. 安装Elasticsearch服务 3. 设置系统资源及内存大小分配 4. Elasticsearch的配置修改 1. 安装Elasticsearch主节点server1 注意:此处步骤看目录的第一大点所

    2024年02月02日
    浏览(40)
  • Elasticsearch基本操作+集成SpringBoot+ELK日志平台搭建

    Elasticsearch是一种开源的搜索和分析引擎,最初由开源搜索引擎Lucene的作者于2010年创建。它提供了一个可伸缩、高性能的搜索和数据分析平台,可用于多种用途,包括 文本搜索、应用程序性能监控、业务分析、日志聚合 等。 Elasticsearch使用分布式架构,可以处理大量数据并实

    2024年02月06日
    浏览(65)
  • centos7 搭建ELK(elasticsearch、logstash、kibana)

    1、下载安装包 使用华为镜像站下载速度很快,华为镜像站: https://mirrors.huaweicloud.com/home ,下载时需要保证版本一致 2、安装elasticsearch 解压到当前目录 安装,将Elasticsearch移动到/opt目录之中 创建Elasticsearch用户 es 规定 root 用户不能启动 es,所以需要新建一个其他用户来启动

    2024年02月13日
    浏览(45)
  • 【ELK】Elasticsearch 8.7单节点配置、安装和运行

    时间来到了2023年4月,今天和大家一起研究下在虚拟机安装Elasticsearch 8.7.0单节点。 首先,就是一个很熟悉的报错 嗯,许久不碰es了,忘了不能使用root用户运行了。赶紧创建一个普通用户…… 关于elasticsearch.yml的配置,8.7.0版本默认启用了xpack.security认证。 再次启动,又出现两

    2024年02月11日
    浏览(36)
  • 使用 Docker Compose V2 快速搭建日志分析平台 ELK (Elasticsearch、Logstash 和 Kibana)

    ELK 是指 Elasticsearch、Logstash 和 Kibana 这三个开源软件的组合。 Elasticsearch 是一个分布式的搜索和分析引擎,用于日志的存储,搜索,分析,查询。 Logstash 是一个数据收集、转换和传输工具,用于收集过滤和转换数据,然后将其发送到 Elasticsearch 或其他目标存储中。 Kibana 是一个数

    2024年01月20日
    浏览(54)
  • 配置https ssl elasticsearch,springboot项目中连接elasticsearch https

    参考之前的文章 创建self-signed证书 下面展示一些 内联代码片 。 启动springboot项目应该可以连接上elasticsearch了。

    2024年02月11日
    浏览(40)
  • elasticsearch+kibana集群安装部署并配置ssl连接

    三台机器192.168.1.21、22、23主机名分别是es1、es2、es3 准备工作:关闭防火墙,关闭SeLinux,将elasticsearch和jdk的压缩包传到机器上,此处jdk-8u333-linux-x64.tar.gz,elasticsearch-7.6.2-linux-x86_64.tar.gz,kibana-7.6.2-linux-x86_64.tar.gz 安装Java环境 安装es 配置es 目录权限修改 更改内存限制 其他两台

    2024年02月12日
    浏览(46)
  • Elasticsearch8 集群搭建(二)配置篇:(2)系统配置

    此篇记录Elasticsearch8的一些 系统配置。 1、更改文件描述符的限制 Elasticsearch使用了大量的文件描述符,它用于表示系统打开的文件的标识符。文件描述符是非负整数,它在操作系统层面被用来唯一标识一个打开的文件、套接字或其他 I/O 资源。每个进程都有一组文件描述符,

    2024年01月19日
    浏览(46)
  • Elasticsearch7搭建集群并配置节点证书

    Elasticsearch7搭建集群并配置节点证书 | 帅大叔的博客 单机版比较简单,试下集群版的,资源有限,本文例子:一台主机以不同端口启动搭建集群。 环境说明: Centos7 Elasticsearch7.9.0 准备搭建3个节点 一、下载ES安装包 去官网下载 下载地址: Download Elasticsearch | Elastic 历史版本:

    2024年02月12日
    浏览(55)
  • ElasticSearch 学习 ==ELK== 进阶

    (1)文档局部更新 我们也说过文档是不可变的——它们不能被更改,只能被替换。 update API必须遵循相同的规则。表面看来,我们似乎是局部更新了文档的位置,内部却是像我们之前说的一样简单的使用 update API处理相同的检索*- 修改 -*重建索引流程,我们也减少了其他进程

    2024年02月05日
    浏览(45)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包