Day02 快速安装ELK

接下来我们会直接在mac环境上，使用brew来安装elk，下面就始安装系统。

Install Elasticsearch

Elasticsearch像是资料库一样，能把收集到的log储存和查询。

brew install elastic/tap/elasticsearch-full

==> Caveats
Data:    /usr/local/var/lib/elasticsearch/elasticsearch_huang/
Logs:    /usr/local/var/log/elasticsearch/elasticsearch_huang.log
Plugins: /usr/local/var/elasticsearch/plugins/
Config:  /usr/local/etc/elasticsearch/

To have launchd start elastic/tap/elasticsearch-full now and restart at login:
  brew services start elastic/tap/elasticsearch-full
Or, if you don't want/need a background service you can just run:
  elasticsearch

安装完成後，执行指令启动elasticsearch

brew services start elastic/tap/elasticsearch-full

查看服务状态，确认是否正常执行

tail -f /usr/local/var/log/elasticsearch/elasticsearch_huang.log

用浏览器检查讯息 http://localhost:9200/?pretty

{
  "name" : "CY-HUANG",
  "cluster_name" : "elasticsearch_huang",
  "cluster_uuid" : "05loK4i4TVmTdRBUHEpi5g",
  "version" : {
    "number" : "7.14.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "66b55ebfa59c92c15db3f69a335d500018b3331e",
    "build_date" : "2021-08-26T09:01:05.390870785Z",
    "build_snapshot" : false,
    "lucene_version" : "8.9.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}

Install kibana

Kibana可以用来查询Elasticsearch中的资料，并且对资料进行图形化。

brew install elastic/tap/kibana-full

==> Caveats
Config: /usr/local/etc/kibana/
If you wish to preserve your plugins upon upgrade, make a copy of
/usr/local/opt/kibana-full/plugins before upgrading, and copy it into the
new keg location after upgrading.

To have launchd start elastic/tap/kibana-full now and restart at login:
  brew services start elastic/tap/kibana-full
Or, if you don't want/need a background service you can just run:
  kibanaa

设定/usr/local/etc/kibana/kibana.yml

server.port: 5601
server.host: "0.0.0.0"

安装完成後，执行指令启动kibana

brew services start elastic/tap/kibana-full

检查kibana http://localhost:5601/

Install logstash

Logstash 主要工作是把收集的资料进行过滤和特定处理，将处理後的资料储存到Elasticsearch。

brew install elastic/tap/logstash-full

==> Caveats
Please read the getting started guide located at:
  https://www.elastic.co/guide/en/logstash/current/getting-started-with-logstash.html

To have launchd start elastic/tap/logstash-full now and restart at login:
  brew services start elastic/tap/logstash-full
Or, if you don't want/need a background service you can just run:
  logstash

安装完成後，执行指令启动logstash

brew services start elastic/tap/logstash-full

Reference

• https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html