es 下载地址：wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.1.0-linux-x86_64.tar.gz

kibana下载地址：wget https://artifacts.elastic.co/downloads/kibana/kibana-7.1.0-linux-x86_64.tar.gz

logstash下载地址： wget https://artifacts.elastic.co/downloads/logstash/logstash-7.1.0.tar.gz

解压

tar xf elasticsearch-7.1.0-linux-x86_64.tar.gz -C /data/

　　配置

[root@es ~]# vim /etc/security/limits.conf

* soft nofile 65536
* hard nofile 65536
[root@es ~]# vim /etc/sysctl.conf
vm.max_map_count=655360

[root@es ~]# vim /etc/security/limits.d/20-nproc.conf

* soft nproc 4096
root soft nproc unlimited

　　添加环境变量

[root@es ~]# vim /etc/profile.d/es.sh

PATH=/data/elasticsearch-7.1.0/bin/:$PATH

　　创建普通用户授权并启动

useradd es
chown es:es /data -R
sysctl -p
su es
elasticsearch -d 后台启动

查看es已安装的插件

[es@zk ~]$ elasticsearch-plugin list

　es安装插件操作；国际分词插件

[es@zk ~]$ elasticsearch-plugin install analysis-icu
-> Downloading analysis-icu from elastic
[=================================================] 100%  
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/data/elasticsearch-7.1.0/lib/tools/plugin-cli/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
-> Installed analysis-icu
[es@zk ~]$ elasticsearch-plugin list
analysis-icu

　kibana的解压

tar xf kibana-7.1.0-linux-x86_64.tar.gz -C /usr/local/ 解压
cd /usr/local/kibana-7.1.0-linux-x86_64/config/
[root@es config]# vim kibana.yml

Kibana is served by a back end server. This setting specifies the port to use.

#server.port: 5601

Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.

The default is 'localhost', which usually means remote machines will not be able to connect.

To allow connections from remote users, set this parameter to a non-loopback address.

server.host: "192.168.183.8"# 修改监听的地址默认locathost
[root@es config]# vim /etc/profile.d/kibana.sh
export PATH=/usr/local/kibana-7.1.0-linux-x86_64/bin/:$PATH #添加环境变量

[root@es config]# exec bash #使其在当前shll生效

[root@es config]# kibana # 前台启动

　　测试数据下载地址：https://grouplens.org/datasets/movielens/

logstash 的安装与导入数据

tar xf logstash-7.1.0.tar.gz -C /usr/local/
cp movies.csv /usr/local/logstash-7.1.0/bin/
cp logstash.conf /usr/local/logstash-7.1.0/config/

cat logstash.conf

input {
file {
path => "/Users/yiruan/dev/elk7/logstash-7.0.1/bin/movies.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => ["id","content","genre"]
}

mutate {
split => { "genre" => "|" }
remove_field => ["path", "host","@timestamp","message"]
}

mutate {

split => \["content", "("\]  
add\_field => { "title" => "%{\[content\]\[0\]}"}  
add\_field => { "year" => "%{\[content\]\[1\]}"}  

}

mutate {

gsub => [

"year", "\\)", ""

]

}

mutate {
convert => {
"year" => "integer"
}
strip => ["title"]
remove_field => ["path", "host","@timestamp","message","content"]
}

}
output {
elasticsearch {
hosts => "http://localhost:9200"
index => "movies"
document_id => "%{id}"
}
stdout {}
}
[root@es ~]# vim /etc/profile.d/logstash.sh
export PATH=/usr/local/logstash-7.1.0/bin:$PATH 添加环境变量
[root@es ~]# exec bash
[root@es config]# ../bin/logstash -f logstash.conf 启动

　浏览器查看节点   IP：9200/_cat/nodes