安裝版本說明

https://www.elastic.co/cn/support/matrix#matrix_compatibility

安裝Filebeat+Elasticsearch+Kibana

https://www.elastic.co/guide/en/elastic-stack-get-started/7.16/get-started-elastic-stack.html

elastic生產(chǎn)環(huán)境安全配置

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html

es中json格式說明

https://blog.csdn.net/fjxcsdn/article/details/102753475

其他

https://www.cnblogs.com/cjsblog/archive/2018/08/08/9445792.html
https://blog.csdn.net/UbuntuTouch/article/details/105933699

Elasticsearch

curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.16.2-linux-x86_64.tar.gz
tar -xzvf elasticsearch-7.16.2-linux-x86_64.tar.gz
cd elasticsearch-7.16.2
./bin/elasticsearch

補(bǔ)充：官方從6.8 和 7.1 開始默認(rèn)提供安全插件
第一步：打開config/elasticsearch.yaml，在尾部添加下面代碼：
#使用用戶名密碼
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#使用證書配置
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
第二步：自動(dòng)生成好幾個(gè)默認(rèn)用戶和密碼
#交互式設(shè)置密碼
bin/elasticsearch-setup-passwords interactive
#自動(dòng)設(shè)置密碼
bin/elasticsearch-setup-passwords auto
第三步：切換到elastsearch的目錄下，使用下列命令生成證書
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
第四部：驗(yàn)證
#使用用戶名密碼驗(yàn)證
http://username:password@localhost:9200/
#查看索引
curl http://elastic:yOUzNlC5XX1R5xgH1aeC@localhost:6200/_cat/indices?v
#刪除索引,通配符形式
curl -XDELETE http://elastic:yOUzNlC5XX1R5xgH1aeC@localhost:6200/索引*

kibina

cd /web
curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.16.2-linux-x86_64.tar.gz
tar xzvf kibana-7.16.2-linux-x86_64.tar.gz
ln -s kibana-7.16.2-linux-x86_64 kibana
cd kibana
./bin/kibana

filebeat

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.16.2-linux-x86_64.tar.gz
tar xzvf filebeat-7.16.2-linux-x86_64.tar.gz
#查看支持的模塊
./filebeat modules list
#安裝模塊
./filebeat modules enable system nginx

filebeat.yaml

filebeat.inputs:
- type: filestream
  enabled: false
  paths:
    - /var/log/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
  host: "172.17.0.202:5601"
output.elasticsearch:
  hosts: ["172.17.0.202:6200"]
  username: "elastic"
  password: "yOUzNlC5XX1R5xgH1aeC"
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

filebeat/modules.d/nignx.yaml

- module: nginx
  access:
    enabled: true
    var.paths: ["/var/log/nginx/access.log*"]
    tags: ["access"]
  error:
    enabled: true
    var.paths: ["/var/log/nginx/error.log*"]
    tags: ["error"]
  ingress_controller:
    enabled: false

mon_es

Changed password for user apm_system
PASSWORD apm_system = Nps68SS5rGfKauvrqSGM

Changed password for user kibana_system
PASSWORD kibana_system = xFYYS8zpS6c5CxZpi6N1

Changed password for user kibana
PASSWORD kibana = xFYYS8zpS6c5CxZpi6N1

Changed password for user logstash_system
PASSWORD logstash_system = FknL2hSdVX6VampT7Aya

Changed password for user beats_system
PASSWORD beats_system = ZT5uWkfFq3bNrNkVsXKX

Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = Utrcnb4Vg6wUs7daO76e

Changed password for user elastic
PASSWORD elastic = 6CvDdDCwc3ZXPmiRgYOe

參考文檔

• elasticsearch7 集群搭建
• es 配置
• es 集群搭建