https://www.docker.elastic.co/
https://github.com/anbai-inc/Kibana_Hanization
在Linux服务器上安装Docker以后,Pull相关的官方Docker镜像:
docker pull docker.elastic.co/elasticsearch/elasticsearch:5.5.1
docker pull docker.elastic.co/kibana/kibana:5.5.1
docker pull docker.elastic.co/logstash/logstash:5.5.1
启动Elastic Search容器:
docker run -p 9200:9200 -e "http.host=0.0.0.0" -e "transport.host=127.0.0.1" \
--name my-elastic -d docker.elastic.co/elasticsearch/elasticsearch:5.5.1
cluster.name: elasticsearch
node.name: node-1
network.host: elasticsearch #修改一下ES的监听地址,这样别的机器才可以访问
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
http.cors.enabled: true
http.cors.allow-origin: "*"
安装中文分词插件:
./bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v5.5.1/elasticsearch-analysis-ik-5.5.1.zip
重置elasticsearch的超级管理员密码:
(1) 停止elasticsearch服务
(2) 确保你的配置文件中支持本地账户认证支持,如果你使用的是xpack的默认配置则无需做特殊修改;如果你配置了其他认证方式则需要确保配置本地认证方式在ES_HOME/config/elasticsearch.yml中;
(3) 使用命令ES_HOME/bin/x-pack/users创建一个基于本地问价认证的超级管理员
bin/x-pack/users useradd my_admin -p my_password -r superuser
(4) 启动elasticsearch服务
(5) 通过api重置elastic超级管理员的密码
curl -u my_admin -XPUT 'http://localhost:9200/_xpack/security/user/elastic/_password?pretty' -H 'Content-Type: application/json' -d'
{
"password" : "new_password"
}
'
(6) 校验下密码是否重置成功
curl -u elastic 'http://localhost:9200/_xpack/security/_authenticate?pretty'
(7) 如果你确定后续不再使用本地认证则可将elasticsearch.yml文件中的本地文件认证方式删除掉;
启动elasticsearch-head容器: https://github.com/mobz/elasticsearch-head
docker run -p 9100:9100 mobz/elasticsearch-head:5
启动Kibana容器:
docker run -p 5601:5601 -e "ELASTICSEARCH_URL=http://localhost:9200" --name my-kibana \
--network host -d docker.elastic.co/kibana/kibana:5.5.1
默认登录密码
user:elastic
password: changeme
修改密码
curl -XPUT 'localhost:9200/_xpack/security/user/elastic/_password?pretty' -d' { "password": "elasticpassword" }'
添加新用户
curl -XPOST 'localhost:9200/_xpack/security/user/jacknich?pretty' -d'
{
"password" : "j@rV1s",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
},
"enabled": true
}'
删除用户
curl -XDELETE 'localhost:9200/_xpack/security/user/jacknich?pretty'
创建logstash/logstash.yml,配置xpack对于logstash的监控:
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
xpack.monitoring.elasticsearch.url: http://localhost:9200
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: changeme
创建logstash/conf.d/logstash.conf,配置logstash的输入输出:
input {
file {
path => "/tmp/access_log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
user => "elastic"
password => "changeme"
}
}
启动Logstash容器:
docker run -v /home/ubuntu/logstash/conf.d:/usr/share/logstash/pipeline/:ro -v /tmp:/tmp:ro \
-v /home/ubuntu/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro --name my-logstash \
--network host -d docker.elastic.co/logstash/logstash:5.5.1
测试一下,在/tmp/access.log中添加两行信息:
echo "Hello World!" >> /tmp/access_log
echo "Hello ELK!" >> /tmp/access_log
打开kibana的链接http://yourhost:5601,使用用户名/密码: elastic/changeme登录。在”Configure an index pattern”页面点击Create按钮。点击菜单Monitor即可查看ELK节点的状态
Kibana Monitor
在Kibana点击Discover菜单,可以看到相关的日志信息:
Kibana汉化
whereis kibana # 查找kibana安装路径
cd /data/soft/src/elk/Kibana_Hanization-master
python main.py /usr/share/kibana/
参考网址:
https://blog.csdn.net/gongxsh00/article/details/77001603
https://www.cnblogs.com/EasonJim/p/8323211.html
http://www.360doc.com/content/15/0512/09/1073512_469853970.shtml
https://www.cnblogs.com/hanyifeng/p/5860731.html
https://blog.csdn.net/zwq912318834/article/details/78657787
