elasticsearch or stack 7.10.2 설치: wget

안녕하세요.

 

해당 글은 리눅스 서버에서 사용할 elastic stack 설치 과정입니다.

 

패키지 관리자를 사용하지 않고 설치합니다.

 

글의 순서

• 설치
• 설정
• 실행

 

---

1. 설치

 

kibana

wget https://artifacts.elastic.co/downloads/kibana/kibana-7.10.2-linux-x86_64.tar.gz
tar xvf kibana-7.10.2-linux-x86_64.tar.gz
mv kibana-7.10.2-linux-aarch64 kibana

 

elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-linux-aarch64.tar.gz
tar xvf elasticsearch-7.10.2-linux-aarch64.tar.gz
mv elasticsearch-7.10.2-linux-aarch64 elastic

 

logstash

wget https://artifacts.elastic.co/downloads/logstash/logstash-7.10.2-linux-aarch64.tar.gz
tar xvf logstash-7.10.2-linux-aarch64.tar.gz
mv logstash-7.10.2-linux-aarch64 logstash

 

filebeat

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.10.2-linux-x86_64.tar.gz
tar xvf filebeat-7.10.2-linux-x86_64.tar.gz
mv filebeat-7.10.2-linux-x86_64 filebeat

 

 

elastic directory

unzip 상태

 

in tar_files

 

---

 

2. 설정

elasticsearch

 

vim elasticsearch/config/elasticsearch.yml

# elasticsearch.yml

cluster.name: log-cluster
node.name: es-log-1

# -- Paths --
path.data: /var/log/elastic-data/
path.logs: /var/log/elastic-logs/

# -- network --
network.host: "0.0.0.0"
http.port: 9200

# -- discovery --
discovery.seed_hosts: ["127.0.0.1", ["::1"]]
discovery.type: "single-node"

#cluster.initial_master_nodes: ["0.0.0.0"]

# -- x-pack disable --
xpack.security.enabled: false
xpack.ml.enabled: false

# -- system filters --
bootstrap.system_call_filter: false

 

별도의 작업

sudo vm.max_map_count=262144

https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html

---

 

kibana

vim kibana/config/kibana.yml

server.port: 5601
server.host: "0.0.0.0"

elasticsearch.hosts: ["http://127.0.0.1:9200"]

 

실행 과정의 에러

... bin/node : cannot execute binary file

https://github.com/elastic/kibana/issues/3978

https://discuss.elastic.co/t/error-in-the-installing/79911/2

---

 

logstash

vim logstash/config/logstash.yml

pipeline.ordered: auto
http.host: 127.0.0.1
http.port: 9600-9700

 

vim logstash/config/pipeline.yml

- pipeline.id: first-log
  queue.type: persisted
  config.config: "~/elastic/logstash/config/logstash.conf"

 

vim logstash/config/logstash.conf

input {
  generator {}
}

filter { 
  sleep { time => 1 }
}
output {
  stdout {
    codec => dots }
  }
}

---

filebeat

vim ./filebeat/filebeat.yml

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/nginx/*.log

  tags: ["nginx"]

 

 

※ logstash, filebeat의 조금 더 세부적인 설정은 관련 글을 확인해주세요!

2021/01/14 - [ELK/Logstash] - logstash input codec fluent - 예제

2021/01/22 - [ELK/Filebeat] - filebeat multiline 설정

 

---

3. 실행

elasticsearch

./elastic/bin/elasticsearch -d   # 데몬으로 실행
pkill -f elasticsearch              # 종료

 

kibana

kibana/bin/kibana & # background 실행

 

logstash

logstash/bin/logstash &  # background 실행

 

filebeat

filebeat/filebeat -e --path.config filebeat

 

 

실행 후 index 생성 화면

 

vm.max count, kibana에 설정하는 elastic hosts 등으로 시간이 다소 소요되었지만 모든 설정을 하나씩 해보는 것도 일부 도움이 되었던 것 같습니다.

 

bash 파일을 만든다면 이런 흐름이지 않을까 싶습니다.

#!/bin/bash

./elastic/bin/elastic -d

./kibana/bin/kibana &

./logstash/bin/logstash &

./filebeat/filebeat -e --path.config filebeat/ &

 

감사합니다!