首页 > 系统相关 >windows下elk安装配置-elasticsearch/kibana/filebeat

windows下elk安装配置-elasticsearch/kibana/filebeat

时间:2023-04-03 18:01:52浏览次数:45  
标签:elk filebeat Elastic 8.6 windows Deploy kibana elasticsearch password

以8.6.2为例,下载地址
elasticsearch:https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.6.2-windows-x86_64.zip
kibana:https://artifacts.elastic.co/downloads/kibana/kibana-8.6.2-windows-x86_64.zip
filebeat:https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.6.2-windows-x86_64.zip
分别解压至
D:\Deploy\Elastic\search\8.6.2\
D:\Deploy\Elastic\kibana\8.6.2\
D:\Deploy\Elastic\filebeat\8.6.2\

 

elasticsearch 安装配置

1.新增环境变量 ElasticSearch 已由 JAVA_HOME 转用 ES_JAVA_HOME。
  变量名:ES_JAVA_HOME
  变量值:D:\Deploy\Elastic\search\8.6.2\jdk

2.修改配置 D:\Deploy\Elastic\search\8.6.2\bin\elasticsearch-env 8.6.2及以后版本不需要,之前版本未测试
  

if [ ! -z "$JAVA_HOME" ]; then
JAVA="$JAVA_HOME/bin/java"
JAVA_TYPE="JAVA_HOME"
改为
if [ ! -z "$ES_JAVA_HOME" ]; then
JAVA="$ES_JAVA_HOME/bin/java"
JAVA_TYPE="ES_JAVA_HOME"

 

3.修改配置 D:\Deploy\Elastic\search\8.6.2\config\elasticsearch.yml
  

#设置快照存储地址
path.repo: ["D:\\Deploy\\Elastic\\search\\8.6.2\\backup"]

#数据存放路径(可不设置,默认就是如下地址)
path.data: D:/Deploy/Elastic/search/8.6.2/datas
#日志存放路径
path.logs: D:/Deploy/Elastic/search/8.6.2/logs

#节点名称
node.name: node-1
#节点列表
discovery.seed_hosts: ["127.0.0.1"]
#初始化时master节点的选举列表
cluster.initial_master_nodes: ["node-1"]

#集群名称
cluster.name: es-main
#对外提供服务的端口
http.port: 9200
#内部服务端口
transport.port: 9300

#启动地址,如果不配置,只能本地访问
network.host: 127.0.0.1
#跨域支持
http.cors.enabled: true
#跨域访问允许的域名地址
http.cors.allow-origin: "*"

 

4.修改 JVM 内存(按需) D:\Deploy\Elastic\search\8.6.2\config\jvm.options
  #需在将 ElasticSearch 安装为服务前设置,否则安装服务后再改,重启也不会生效。
  #-Xms和-Xmx属性值需相同,否则在启动服务的时出错,导致启动 ElasticSearch 服务失败。
  

#设置最小内存
-Xms2g
#设置最大内存
-Xmx2g

 

# 5.安装 ElasticSearch 服务
  sc stop elasticsearch-service-x64 && sc delete elasticsearch-service-x64
  cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-service.bat install
  执行输出如下:
    

C:\Users\Administrator>cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-service.bat install
Installing service : elasticsearch-service-x64
Using ES_JAVA_HOME : D:\Deploy\Elastic\search\8.6.2\jdk
[2023-04-03 10:48:38] [info] ( prunsrv.c:2002) [30124] Apache Commons Daemon procrun (1.3.1.0 64-bit) started.
[2023-04-03 10:48:38] [debug] ( prunsrv.c:772 ) [30124] Installing service...
[2023-04-03 10:48:38] [info] ( prunsrv.c:829 ) [30124] Installing service 'elasticsearch-service-x64' name 'Elasticsearch 8.6.2 (elasticsearch-service-x64)'.
[2023-04-03 10:48:38] [debug] ( prunsrv.c:857 ) [30124] Setting service description 'Elasticsearch 8.6.2 Windows Service - https://elastic.co'.
[2023-04-03 10:48:38] [debug] ( prunsrv.c:862 ) [30124] Setting service user 'LocalSystem'.
[2023-04-03 10:48:38] [info] ( prunsrv.c:879 ) [30124] Service 'elasticsearch-service-x64' installed.
[2023-04-03 10:48:38] [info] ( prunsrv.c:2086) [30124] Apache Commons Daemon procrun finished.
The service 'elasticsearch-service-x64' has been installed

 

6.启动 ElasticSearch 服务
  sc start elasticsearch-service-x64

7.配置 SSL 证书(可选)
  7.1.执行命令:cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-certutil ca
  7.2.输入证书地址:D:\Deploy\Elastic\search\8.6.2\certs\elastic-stack-ca.p12
  7.3.输入证书密码:password
  #集群证书
  7.4.输入证书命令:cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-certutil cert --ca D:\Deploy\Elastic\search\8.6.2\certs\elastic-stack-ca.p12
  7.5.输入证书密码:password(步骤3设置的密码)
  7.6.输入集群证书地址:D:\Deploy\Elastic\search\8.6.2\certs\elastic-stack-ca.p12
  7.7.输入集群证书密码:password
    7.7.1.1输入命令:cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
    7.7.1.2输入密码:password(步骤7设置的密码)
    7.7.2.1输入命令:cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
    7.7.2.2输入密码:password(步骤7设置的密码)
  7.8.将生成的证书拷贝到 D:\Deploy\Elastic\search\8.6.2\config\certs
  7.9.在 D:\Deploy\Elastic\search\8.6.2\config\elasticsearch.yml 文件中增加配置:
    

#开启xpack
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true
#证书配置
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

 

8.重启服务
  sc stop elasticsearch-service-x64 && sc start elasticsearch-service-x64

9.设置账户密码
  执行命令:cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-setup-passwords interactive
  输入每个账户的密码和确认密码:password

  执行输出如下:
    

D:\Deploy\Elastic\search\8.6.2\bin>cd /D D:\Deploy\Elastic\search\8.6.2\bin && elasticsearch-setup-passwords interactive
******************************************************************************
Note: The 'elasticsearch-setup-passwords' tool has been deprecated. This       command will be removed in a future release.
******************************************************************************

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y


Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Passwords do not match.
Try again.
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

 

10.访问elasticsearch:http://127.0.0.1:9200,输入账户和密码(elastic/password(步骤9设置的密码)),输出如下

{
"name" : "node-1",
"cluster_name" : "es-main",
"cluster_uuid" : "DbPc6HE5Rs6s9isnyO9tJw",
"version" : {
"number" : "8.6.2",
"build_flavor" : "default",
"build_type" : "zip",
"build_hash" : "2d58d0f136141f03239816a4e360a8d17b6d8f29",
"build_date" : "2023-02-13T09:35:20.314882762Z",
"build_snapshot" : false,
"lucene_version" : "9.4.2",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}

 

 

kibana 安装配置

1.更改配置 D:\Deploy\Elastic\kibana\8.6.2\config\kibana.yml 文件,在文件末尾增加如下配

#设置中文显示
i18n.locale: "zh-CN"

#设置访问用户
#elasticsearch.username: "elastic" #用此账号打不开:[FATAL][root] Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead. Learn more: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html
elasticsearch.username: "kibana" #访问时若提示”Kibana 服务器尚未准备就绪。“等会再访问即可
#设置访问密码
elasticsearch.password: "password" #elasticsearch步骤9设置的密码

#ElasticSearch连接地址
elasticsearch.hosts: ["http://127.0.0.1:9200"]

#IP访问地址和端口号
server.host: "0.0.0.0"
server.port: 5601
#server.publicBaseUrl: "http://127.0.0.1:5601/"

 

 

2.安装 kibana 服务(用nssm.exe,路径D:\Deploy\Elastic\kibana\8.6.2\bin\kibana.bat)
  sc stop elastic.kibana && sc delete elastic.kibana
  cd /D D:\Deploy\tools\nssm-2.2.4\win64 && nssm install elastic.kibana

3.启动 kibana 服务
  sc start elastic.kibana

4.访问kibana:http://127.0.0.1:5601,输入账户和密码(elastic/password(elasticsearch步骤9设置的密码))

 

 

filebeat 安装配置

 1.更改配置filebeat.yml

filebeat.inputs:
- type: log
enabled: true
paths:
- D:\Deploy\logs\*
#- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*

output.elasticsearch:
hosts: ["127.0.0.1:9200"]
username: "beats_system"
password: "password" #elasticsearch步骤9设置的密码
#/var/log/*.log:获取/var/log目录下所有以.log结尾的文件。
#/var/log/*/*.log:获取/var/log的子文件夹下所有的以.log结尾的文件。不会从/var/log文件夹本身抓取,不可能递归地抓取指定目录的子目录下文件。

 

2.直接启动filebeat
  cd /d D:\Deploy\Elastic\filebeat\8.6.2 && filebeat -c filebeat.yml -e

3.以服务方式运行:filebeat
  sc create elastic.filebeat binpath= "D:\\Deploy\\Elastic\\filebeat\\8.6.2\\filebeat.exe -c D:\\Deploy\\Elastic\\filebeat\\8.6.2\\filebeat.yml -e" start= auto
      或sc create elastic.filebeat binpath= ""D:\Deploy\Elastic\filebeat\8.6.2\filebeat.exe" -c "D:\Deploy\Elastic\filebeat\8.6.2\filebeat.yml" -e" start= auto
  sc start elastic.filebeat

 4.filebeat启动后,访问kibana:Analytics-Discover页,日志已经出来了

 

 

 

参考:

https://www.cnblogs.com/qubernet/p/16849818.html
https://www.cnblogs.com/vipsoft/p/14808573.html

标签:elk,filebeat,Elastic,8.6,windows,Deploy,kibana,elasticsearch,password
From: https://www.cnblogs.com/yylyhl/p/17283794.html

相关文章

  • Windows Service Wrapper(winsw.exe)
     用winsw让任何Windows程序都能运行为服务详解WindowsServiceWrapper(winsw.exe)及应用场景 ......
  • redis__windows系统下启动命令
     cmd进入redis目录下输入:redis-server.exeredis.windows.conf  windows系统开机自动开启redis服务:进入redis文件夹,输入redis-server.exe--service-installredis.windows.conf--loglevelverbose......
  • PaddleOCR 安装与简单使用(windows)
    文章转载自: https://blog.csdn.net/f2315895270/article/details/128147744前提    已经安装好Python环境   PaddleOCR官方主页:https://www.paddlepaddle.org.cn/   GitHub地址:https://github.com/PaddlePaddle/PaddleOCR   Gitee地址:https://gitee......
  • windows 10 系统 和 VMware Workstation 虚拟机网络互通设置
    windows10系统和VMwareWorkstation虚拟机网络互通设置 1,虚拟机设置网卡地址网关地址子网掩码2,VMwareWorkstation的编辑-虚拟网络编辑器,单击进入配置,为NAT类型。3,本地笔记本电脑的虚拟网卡配置地址网关掩码4,本地笔记本电脑使用secureCRT和winscp测试,连接和上传文件都OK......
  • Windows 11 如何安装 WSL2
    安装WSL2需要满足以下要求:64位版本的Windows10,包括:家庭版、专业版、企业版或教育版,版本号1903或更高版本,或者WindowsServer2019或更高版本。启用了WSL的选项。至少4GB的RAM在Windows11上安装WSL2的步骤如下:打开WindowsPowerShell作为管理员......
  • windows查看端口
     参考链接首先我们得找出占用这个端口的值。1、首先我们打开CMD,用管理员身份打开,然后输入netstat-ano,列出所有端口的情况。2、查看被占用端口对应的PID,输入命令:netstat-aon|findstr"8000",回车,记下最后一位数字,即PID,如果是2839。3、(可用可不用)继续输入tasklist|findstr"......
  • 2022-适用于 Windows 10 Version 1809 的 02 累积更新,适合基于 x64 的系统 (KB5010351
    2022-适用于Windows10Version1809的02累积更新,适合基于x64的系统(KB5010351)-错误0x800f0982系统是win10企业版LTSC版本可能安装的是精简版导致的运行疑难解答这个方案无效利用win10更新助手-因为是企业版TLSC版本所以用不了WIN10LTSC版更新失败如何解决?这......
  • 开发者需掌握的超实用VS Code for Windows快捷键
    链接|https://dev.to/devland/100-crucial-keyboard-shortcuts-for-vs-code-users-4474作者|ThomasSentre翻译|Seal软件原文作者已授权。 在软件开发的世界里时间是非常宝贵的。随着项目的堆积和发布日期的临近,任何可以节省时间和提高生产力的方法显得至关重要。VisualStud......
  • Wine 8.5 发布,Windows 应用的兼容层
    Wine8.5已发布,用于在Linux和其他平台下运行Windows游戏和应用程序。Wine8.5版本已将新的VKD3D1.7代码库引入其树中。 VKD3D1.7于上周发布,添加了额外的HLSL功能、大量内部函数、调用用户定义函数的能力,以及一系列其他改进,以改进Wine中的Direct3D12支持。......
  • windows下使用pytorch进行单机多卡分布式训练
    现在有四张卡,但是部署在windows10系统上,想尝试下在windows上使用单机多卡进行分布式训练,网上找了一圈硬是没找到相关的文章。以下是踩坑过程。首先,pytorch的版本必须是大于1.7,这里使用的环境是:pytorch==1.12+cu11.6四张4090显卡python==3.7.6使用nn.DataParallel进行分布式......