1，ELK 7.6 安装 Elasticsearch 7.6

• Elasticsearch
  Elasticsearch 是一个分布式、可扩展、实时的搜索与数据分析引擎。

• Logstash
  Logstash 是开源的服务器端数据处理管道，能够同时从多个来源采集数据，转换数据，然后将数据发送到您最喜欢的“存储库”中。

• Kibana
  通过 Kibana，您可以对自己的 Elasticsearch 进行可视化，还可以在 Elastic Stack 中进行导航，这样您便可以进行各种操作了，从跟踪查询负载，到理解请求如何流经您的整个应用，都能轻松完成。

• elasticsearch 7 内置了JDK

1.1，安装方式一

• 安装网速很慢（不推荐）

# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
OK
# sudo apt-get install apt-transport-https
# echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
deb https://artifacts.elastic.co/packages/7.x/apt stable main
# sudo apt-get update && sudo apt-get install elasticsearch

1.2，安装方式二

• 安装包安装（网速慢）

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.0-amd64.deb

• 安装包elasticsearch-7.6.0-amd64.deb

# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.6.0-amd64.deb.sha512
# shasum -a 512 -c elasticsearch-7.6.0-amd64.deb.sha512
elasticsearch-7.6.0-amd64.deb: OK
# sudo dpkg -i elasticsearch-7.6.0-amd64.deb

• 运行elasticsearch

# systemctl daemon-reload
# systemctl enable elasticsearch.service
# systemctl start elasticsearch.service
# systemctl status elasticsearch.service

• 查看日志

# journalctl --unit elasticsearch

• 测试是否成功启动

# curl 127.0.0.1:9200
{
  "name" : "主机名",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "4orMCeLSRfiAYC9Nt3tRkw",
  "version" : {
    "number" : "7.6.0",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "7f634e9f44834fbc12724506cc1da681b0c3b1e3",
    "build_date" : "2020-02-06T00:09:00.449973Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

• 查看当前节点信息

# curl 127.0.0.1:9200/_cat/nodes?v
ip        heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
127.0.0.1           12         100  83   34.51   33.98    33.89 dilm      *      主机名

2，ELK配置

• vim /etc/elasticsearch/elasticsearch.yml
• 设置访问

network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1", "node-2"]

• 重启elasticsearch

# systemctl restart elasticsearch.service
# systemctl status elasticsearch.service

• 浏览器访问

http://IP:9200

• 修改数据和日志存储目录

#path.data: /var/lib/elasticsearch
path.data: /home/elasticsearch
#path.logs: /var/log/elasticsearch
path.logs: /home/elasticsearch_log

• 更改目录elasticsearch重启报错

  Process: 10818 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)

• 更改目录权限设置为777

# chmod 777 elasticsearch elasticsearchlog

3，ELK使用

• 查看Index

# curl 'localhost:9200/_mapping?pretty=true'
{ }

参考：

1. 从零开始搭建ELK+GPE监控预警系统
2. Elasticsearch文档
3. Logstash官网
4. Kibana官网
5. Debian软件包安装Elasticsearch
6. Install Elasticsearch with Debian Package
7. Ubuntu服务器安装elasticsearch7.x — 学习与部署ELK系统（一）
8. Elasticsearch 的安装与启动
9. 解决Elasticsearch访问的问题（楼主亲测）
10. Elasticsearch 7 快速上手
    
11. elasticsearch changing path.logs and/or path.data - fails to start