安装版本说明

https://www.elastic.co/cn/support/matrix#matrix_compatibility

安装Filebeat+Elasticsearch+Kibana

https://www.elastic.co/guide/en/elastic-stack-get-started/7.16/get-started-elastic-stack.html

elastic生产环境安全配置

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html

es中json格式说明

https://blog.csdn.net/fjxcsdn/article/details/102753475

其他

https://www.cnblogs.com/cjsblog/archive/2018/08/08/9445792.html
https://blog.csdn.net/UbuntuTouch/article/details/105933699

Elasticsearch

curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.16.2-linux-x86_64.tar.gz
tar -xzvf elasticsearch-7.16.2-linux-x86_64.tar.gz
cd elasticsearch-7.16.2
./bin/elasticsearch

补充：官方从6.8 和 7.1 开始默认提供安全插件
第一步：打开config/elasticsearch.yaml，在尾部添加下面代码：
#使用用户名密码
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
#使用证书配置
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
第二步：自动生成好几个默认用户和密码
#交互式设置密码
bin/elasticsearch-setup-passwords interactive
#自动设置密码
bin/elasticsearch-setup-passwords auto
第三步：切换到elastsearch的目录下，使用下列命令生成证书
bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""
第四部：验证
#使用用户名密码验证
http://username:password@localhost:9200/
#查看索引
curl http://elastic:yOUzNlC5XX1R5xgH1aeC@localhost:6200/_cat/indices?v
#删除索引,通配符形式
curl -XDELETE http://elastic:yOUzNlC5XX1R5xgH1aeC@localhost:6200/索引*

kibina

cd /web
curl -L -O https://artifacts.elastic.co/downloads/kibana/kibana-7.16.2-linux-x86_64.tar.gz
tar xzvf kibana-7.16.2-linux-x86_64.tar.gz
ln -s kibana-7.16.2-linux-x86_64 kibana
cd kibana
./bin/kibana

filebeat

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.16.2-linux-x86_64.tar.gz
tar xzvf filebeat-7.16.2-linux-x86_64.tar.gz
#查看支持的模块
./filebeat modules list
#安装模块
./filebeat modules enable system nginx

filebeat.yaml

filebeat.inputs:
- type: filestream
  enabled: false
  paths:
    - /var/log/*.log
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
  host: "172.17.0.202:5601"
output.elasticsearch:
  hosts: ["172.17.0.202:6200"]
  username: "elastic"
  password: "yOUzNlC5XX1R5xgH1aeC"
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

filebeat/modules.d/nignx.yaml

- module: nginx
  access:
    enabled: true
    var.paths: ["/var/log/nginx/access.log*"]
    tags: ["access"]
  error:
    enabled: true
    var.paths: ["/var/log/nginx/error.log*"]
    tags: ["error"]
  ingress_controller:
    enabled: false

参考文档

• elasticsearch7 集群搭建
• es 配置
• es 集群搭建