一、设置ELK集群账号密码
-
切换到es用户
-
主节点生成证书
cd /home/es/elasticsearch-7.6.2/bin ./elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass "" -
将主节点证书发给其他两个节点
-
修改配置文件,启用x-pack:cat /home/es/elasticsearch-7.6.2/config/elasticsearch.yml
xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 -
三台服务器重启elasticsearch:./elasticsearch -d
-
设置密码,可以都设置成一样的:./elasticsearch-setup-passwords interactive -->ffcsict123
-
测试登录:http://192.168.248.10:9200/,账号/密码:elastic/ffcsict123
-
修改kibana配置,末尾添加:vi /home/es/kibana-7.6.2-linux-x86_64/config/kibana.yml
elasticsearch.username: "elastic" elasticsearch.password: "ffcsict123" -
修改logstash配置:vi /home/es/logstash-7.6.2/config/logstash.yml
xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.username: elastic xpack.monitoring.elasticsearch.password: ffcsict123 xpack.monitoring.elasticsearch.hosts: ["http://127.0.0.1:9200"] -
修改logstash日志配置
output { if [fields][filetype] == "testlog-log" { elasticsearch { hosts => ["http://192.168.248.10:9200","http://192.168.248.11:9200","http://192.168.248.12:9200"] index => "testlog-%{+YYYY.MM.dd}" user => "elastic" password => "ffcsict123" } } else if [fields][filetype] == "jar-log"{ elasticsearch { hosts => ["http://192.168.248.10:9200","http://192.168.248.11:9200","http://192.168.248.12:9200"] index => "jar-%{+YYYY.MM.dd}" user => "elastic" password => "ffcsict123" } }else { elasticsearch { hosts => ["http://192.168.248.10:9200","http://192.168.248.11:9200","http://192.168.248.12:9200"] index => "hdfs-%{+YYYY.MM.dd}" user => "elastic" password => "ffcsict123" } } } -
启动logstash:nohup /home/es/logstash-7.6.2/bin/logstash -f /home/es/logstash-7.6.2/config/logstash-sample.conf &
-
启动kibana:nohup /home/es/kibana-7.6.2-linux-x86_64/bin/kibana &
-
启动filebeat:nohup /home/es/filebeat-7.6.2-linux-x86_64/filebeat -e -c /home/es/filebeat-7.6.2-linux-x86_64/filebeat.yml &
-
访问kibana
-
修改logstash的jar-log类型对应的日志路径的日志,然后刷新kibana,如果日志正常显示则说明成功
filebeat.inputs: - type: log enabled: true paths: - /home/es/testlog-log/*.log fields: filetype: testlog-log - type: log enabled: true paths: - /home/es/jar-log/*.log fields: filetype: jar-log
二、java api设置账号密码连接
/**
* 获取es连接
*
* @return
*/
public static RestHighLevelClient getEsHighInit() {
// 创建凭据提供程序
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,new UsernamePasswordCredentials(esUsername, esPassword));
RestClientBuilder http = RestClient.builder(new HttpHost(ip, Integer.parseInt(port), "http"))
.setRequestConfigCallback(new RestClientBuilder.RequestConfigCallback() {
@Override
public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder requestConfigBuilder) {
requestConfigBuilder.setConnectTimeout(700000);
requestConfigBuilder.setSocketTimeout(600000);
requestConfigBuilder.setConnectionRequestTimeout(100000);
return requestConfigBuilder;
}
}).setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
return httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
}
});;
return new RestHighLevelClient(http);
}
