ELK 安裝教學|ELK 8.14.1 版建置 Cluster 一次到位

elasticsearch logo

cluster diagram

不同於單節點,Elasticsearch Cluster 是以多個節點同步達到集群化,確保資料的高可用性。以下示範 Ubuntu 上三個節點的安裝步驟。

elk cluster shard

確認安裝環境

Linux - Ubuntu 22.04
Memory: 8G
OpenJDK: 17
Elasticsearch: 8.14.1

前置作業

$ apt update
$ apt install openjdk-17-jre-headless
$ java -version

Java installation verification

下載最新版本 ELK 8.14.1 安裝包

$ sudo wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.14.1-amd64.deb
$ sudo wget https://artifacts.elastic.co/downloads/logstash/logstash-8.14.1-amd64.deb
$ sudo wget https://artifacts.elastic.co/downloads/kibana/kibana-8.14.1-amd64.deb

$ sudo dpkg -i elasticsearch-8.14.1-amd64.deb
$ sudo dpkg -i kibana-8.14.1-amd64.deb
$ sudo dpkg -i logstash-8.14.1-amd64.deb

Elasticsearch 設定

$ sudo vi /etc/elasticsearch/elasticsearch.yml
cluster.name: ELK8-cluster
node.name: ${HOSTNAME}
path.data: /data/es
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 0.0.0.0
discovery.seed_hosts: ["10.99.1.69", "10.99.1.89", "10.99.1.124"]
cluster.initial_master_nodes: ["10.99.1.69", "10.99.1.89", "10.99.1.124"]
xpack.security.enabled: false
http.host: 0.0.0.0

執行與驗證

$ sudo systemctl start elasticsearch
$ sudo systemctl enable elasticsearch
$ sudo systemctl status elasticsearch
$ sudo systemctl stop elasticsearch

$ curl -k "http://10.99.1.69:9200/_cat/nodes?v"

cluster status

Kibana 設定

$ sudo chown -R kibana: /etc/kibana
$ sudo vi /etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
xpack.security.enabled: false

$ sudo systemctl start kibana
$ sudo systemctl enable kibana
$ sudo systemctl status kibana

$ curl -X GET "http://localhost:5601"

kibana dashboard

有任何問題,或是想看新主題?
聯絡我們

快速跳轉目錄

✦ 集先鋒 Bimap – 企業建置高速穩定的海量日誌分析平台✦

集中不同的結構化資料和非結構化日誌,並進行關聯性的大數據整合,客製化儀表版、自訂事件告警、機器學習等等,以滿足各種大數據的應用場景和解決方案。