这里es使用的是7.10.2版本的es，物料包下载地址如下

#注意安装的插件需和es版本保持一致
#es
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-linux-x86_64.tar.gz
#kibana
https://artifacts.elastic.co/downloads/kibana/kibana-7.10.2-linux-x86_64.tar.gz
#ik插件
https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.10.2/elasticsearch-analysis-ik-7.10.2.zip

1：es不能在root用户下启动，必须创建新的用户，用来启动e

useradd es -s /bin/bash

2：进入 /home/es 目录下，上传下载好的安装包，解压

cd /home/es
#传包不方便的话直接wget下载以下安装包即可
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.2-linux-x86_64.tar.gz
#顺便下载下kibana安装包
https://artifacts.elastic.co/downloads/kibana/kibana-7.10.2-linux-x86_64.tar.gz

tar xzf elasticsearch-7.10.2-linux-x86_64.tar.gz
tar xzf kibana-7.10.2-linux-x86_64.tar.gz

3：对es、kibana目录授权

chown -R es:es elasticsearch-7.10.2
chown -R es:es kibana-7.10.2-linux-x86_64

4：创建数据、日志目录

mkdir -p /data/logs/es
mkdir -p /data/es/{data,work,plugins,scripts}

5：修改es、kibana配置文件

#es配置文件
vim /home/es/elasticsearch-7.10.2/config/elasticsearch.yml
node.name: node-1
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"] 

#kibana配置文件
vim /home/es/kibana-7.10.2-linux-x86_64/config/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
kibana.index: ".kibana"
elasticsearch.username: "elastic"
elasticsearch.password: "123456"

6：启动es、kibana

#切换用户es
su es
#启动es（-d : 后台运行，不加则为运行并输入日志）
/home/es/elasticsearch-7.10.2/bin/elasticsearch -d
启动kibana
nohup /home/es/kibana-7.10.2-linux-x86_64/bin/kibana &

7：设置用户名密码

#配置文件添加下面内容，重启es
vim /home/es/elasticsearch-7.10.2/config/elasticsearch.yml
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

#执行设置用户名和密码的命令,这里需要为4个用户分别设置密码，elastic, kibana, logstash_system,beats_system
/home/es/elasticsearch-7.10.2/bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [elastic]: 
Reenter password for [elastic]: 
Enter password for [apm_system]: 
Reenter password for [apm_system]: 
Enter password for [kibana]: 
Reenter password for [kibana]: 
Enter password for [logstash_system]: 
Reenter password for [logstash_system]: 
Enter password for [beats_system]: 
Reenter password for [beats_system]: 
Enter password for [remote_monitoring_user]: 
Reenter password for [remote_monitoring_user]: 
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

8：常见问题

8.1：max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

#通过命令查看
ulimit -Hn
ulimit -Sn
vim /etc/security/limits.conf
#添加以下配置信息
* soft nofile 65536
* hard nofile 65536

8.2：启动后报错：max number of threads [3818] for user [es] is too low, increase to at least [4096]

vim /etc/security/limits.conf
#添加以下配置信息
* soft nproc 4096
* hard nproc 4096

8.3：启动后报错：max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

#修改/etc/sysctl.conf文件
vim /etc/sysctl.conf
#增加配置
vm.max_map_count=262144
#执行命令sysctl -p生效
sysctl -p

安装ik插件

#进入es-plugins
cd /home/es/elasticsearch-7.10.2/plugins
#创建名为ik的文件夹
mkdir ik
#进入ik
cd ik/
#文件传入该目录下，并解压
unzip elasticsearch-analysis-ik-7.10.2.zip

重启es后验证插件是否安装成功

/home/es/elasticsearch-7.10.2/bin/elasticsearch-plugin list