ELK-2.0简明安装

软件:

linux x64下测试通过
elasticsearch-2.1.0.tar.gz
https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.1.0/elasticsearch-2.1.0.tar.gz

kibana-4.3.0-linux-x64.tar.gz
64位linux:https://download.elastic.co/kibana/kibana/kibana-4.3.0-linux-x64.tar.gz
32位linux:https://download.elastic.co/kibana/kibana/kibana-4.3.0-linux-x86.tar.gz
windows:https://download.elastic.co/kibana/kibana/kibana-4.3.0-windows.zip
MAC:https://download.elastic.co/kibana/kibana/kibana-4.3.0-darwin-x64.tar.gz

packetbeat-1.0.0-x86_64.tar.gz
64位linux:https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-x86_64.tar.gz
32位linux:https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-i686.tar.gz
windows:https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-windows.zip
MAC:https://download.elastic.co/beats/packetbeat/packetbeat-1.0.0-darwin.tgz

packetbeat-dashboards-1.0.0-beta2.tar.gz
https://download.elastic.co/beats/packetbeat/packetbeat-dashboards-1.0.0-beta2.tar.gz

配置文件:

下载:elasticsearch.yml
下载:kibana.yml
下载:packetbeat.yml

解压

1
2
3
4
5
6
7
tar xf elasticsearch-2.1.0.tar.gz
mv elasticsearch-2.1.0 /usr/local/
tar xf kibana-4.3.0-linux-x64.tar.gz
mv kibana-4.3.0-linux-x64 /usr/local/
tar xf packetbeat-1.0.0-x86_64.tar.gz
mv packetbeat-1.0.0-x86_64 /usr/local/
tar xf packetbeat-dashboards-1.0.0-beta2.tar.gz

复制配置文件

1
2
3
\cp -f elasticsearch.yml /usr/local/elasticsearch-2.1.0/config/elasticsearch.yml
\cp -f kibana.yml /usr/local/kibana-4.3.0-linux-x64/config/kibana.yml
\cp -f packetbeat.yml /usr/local/packetbeat-1.0.0-x86_64/packetbeat.yml

启动

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 增加用户
useradd es
chown -R es.es /usr/local/elasticsearch-2.1.0/
su es -l -c '/usr/local/elasticsearch-2.1.0/bin/elasticsearch -d'

# 创建ES schema
curl -XPUT 'http://localhost:9200/_template/packetbeat' -d@/usr/local/packetbeat-1.0.0-x86_64/packetbeat.template.json

# 安装插件
/usr/local/elasticsearch-2.1.0/bin/plugin install lukas-vlcek/bigdesk
/usr/local/elasticsearch-2.1.0/bin/plugin install mobz/elasticsearch-head

# 启动kibana
nohup /usr/local/kibana-4.3.0-linux-x64/bin/kibana >/dev/null &

# 安装dashboard
./packetbeat-dashboards-1.0.0-beta2/load.sh

#启动packetbeat
nohup /usr/local/packetbeat-1.0.0-x86_64/packetbeat -c /usr/local/packetbeat-1.0.0-x86_64/packetbeat.yml >/dev/null &

设置kibana

1
访问localhost:5601,设置索引packetbeat-*