https://www.elastic.co/cn/downloads/past-releases/ 下载Elasticsearch 9.2.4 Kibana 9.2.4 Logstash 9.2.4 分别下载windows版本zip并解压
安装Elasticsearch插件 中文分词器: https://github.com/infinilabs/analysis-ik/releases 在Elasticsearch 安装目录bin下面执行命令:
D:\App\elasticsearch\bin>elasticsearch-plugin install https://get.infini.cloud/elasticsearch/analysis-ik/9.2.4
warning: ignoring JAVA_HOME=D:\App\Java\jdk-11; using bundled JDK
-> Installing https://get.infini.cloud/elasticsearch/analysis-ik/9.2.4
-> Downloading https://get.infini.cloud/elasticsearch/analysis-ik/9.2.4
[=================================================] 100%??
WARNING: this plugin contains a legacy Security Policy file. Starting with version 8.18, Entitlements replace SecurityManager as the security mechanism. Plugins must migrate their policy files to the new format. For more information, please refer to https://www.elastic.co/guide/en/elasticsearch/plugins/current/creating-classic-plugins.html
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional entitlements @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* outbound_network
See https://www.elastic.co/guide/en/elasticsearch/plugins/current/creating-classic-plugins.html
for descriptions of what these entitlements allow and the associated risks.
Continue with installation? [y/N]y
-> Installed analysis-ik
-> Please restart Elasticsearch to activate any plugins installed
D:\App\elasticsearch\bin>
Logstash需要下载logstash.conf 放在根目录 配置文件地址:https://github.com/macrozheng/mall/blob/teach/document/elk/logstash.conf
“D:\App\logstash\logstash.conf”:
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
type => "debug"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4561
codec => json_lines
type => "error"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4562
codec => json_lines
type => "business"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4563
codec => json_lines
type => "record"
}
}
filter{
if [type] == "record" {
mutate {
remove_field => "port"
remove_field => "host"
remove_field => "@version"
}
json {
source => "message"
remove_field => ["message"]
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
index => "mall-%{type}-%{+YYYY.MM.dd}"
}
}
配置环境变量:
LS_JAVA_HOME=D:\App\Java\jdk-17
然后运行Elasticsearch、Kibana、Logstash 下的bat文件(eg:elasticsearch.bat Kibana、Logstash 同理)
Logstash 启动命令:
D:\App\logstash\bin>logstash -f logstash.conf
Logstash conf配置检查命令:
D:\App\logstash\bin>logstash -f logstash.conf -t
mall教程:https://www.macrozheng.com/mall/start/mall_deploy_windows.html#elasticsearch
https://blog.csdn.net/qq_33191919/article/details/138118713
elasticsearch.bat 启动后,需要记录token等信息 登录https://localhost:9200/ 输入用户名和密码,用户名:elastic 密码若没有记录可通过下面命令获取:
C:\Users\your-user>"D:/App/elasticsearch/bin/elasticsearch-reset-password.bat" -u elastic
warning: ignoring JAVA_HOME=D:\App\Java\jdk-11; using bundled JDK
This tool will reset the password of the [elastic] user to an autogenerated value.
The password will be printed in the console.
Please confirm that you would like to continue [y/N]y
Password for the [elastic] user successfully reset.
New value: _bE4vL5*XjsIDkLylUPs
登录后提示:
{
"name": "LB-AIDEV1",
"cluster_name": "elasticsearch",
"cluster_uuid": "HEsqClXvS86EQBIrvEDNaw",
"version": {
"number": "9.2.4",
"build_flavor": "default",
"build_type": "zip",
"build_hash": "dfc5c38614c29a598e132c035b66160d3d350894",
"build_date": "2026-01-08T22:07:25.170027027Z",
"build_snapshot": false,
"lucene_version": "10.3.2",
"minimum_wire_compatibility_version": "8.19.0",
"minimum_index_compatibility_version": "8.0.0"
},
"tagline": "You Know, for Search"
}
- Kibana 入组 token(首次让 Kibana 连 ES 用)
& "D:/App/elasticsearch/bin/elasticsearch-create-enrollment-token.bat" -s kibana
- 新节点入组 token(要加新 ES 节点用)
& "D:/App/elasticsearch/bin/elasticsearch-create-enrollment-token.bat" -s node
- HTTP CA 指纹(客户端不想导入证书时用指纹)
certutil -hashfile "D:/App/elasticsearch/config/certs/http_ca.crt" SHA256
PS C:\Users\your-user> & "D:/App/elasticsearch/bin/elasticsearch-create-enrollment-token.bat" -s kibana
warning: ignoring JAVA_HOME=D:\App\Java\jdk-17; using bundled JDK
eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTk4LjE4LjAuMTo5MjAwIl0sImZnciI6ImVhZDFjMDI1ZGQ5OTVkNDc0ZDZjMzg0YjI1YzdkNTBjYmFiMjM5Mjc4ZDNlYTNmNTdlMmU4ZThlMTEwYzNkZTgiLCJrZXkiOiJXVXE5QjV3QlFWYXdqMFpJRGNJVTpUU2JDMnp2Ri16TXBXSjJtSG9McFdRIn0=
PS C:\Users\your-user> & "D:/App/elasticsearch/bin/elasticsearch-create-enrollment-token.bat" -s node
warning: ignoring JAVA_HOME=D:\App\Java\jdk-17; using bundled JDK
eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTk4LjE4LjAuMTo5MjAwIl0sImZnciI6ImVhZDFjMDI1ZGQ5OTVkNDc0ZDZjMzg0YjI1YzdkNTBjYmFiMjM5Mjc4ZDNlYTNmNTdlMmU4ZThlMTEwYzNkZTgiLCJrZXkiOiJXMHJBQjV3QlFWYXdqMFpJTU1JbjpRMWQwRUFyaF85RHFlV1N3UUx0eHFRIn0=
PS C:\Users\your-user> certutil -hashfile "D:/App/elasticsearch/config/certs/http_ca.crt" SHA256
SHA256 的 D:/App/elasticsearch/config/certs/http_ca.crt 哈希:
c9b463190445d21afbec967aca43733d61ac1313c249083f5bbb260d9e486772
CertUtil: -hashfile 命令成功完成。
PS C:\Users\your-user>
Kibana地址: i Kibana has not been configured. Go to http://localhost:5601/?code=527126 to get started.
进入网页输入 eyJ2ZXIiOiI4LjE0LjAiLCJhZHIiOlsiMTk4LjE4LjAuMTo5MjAwIl0sImZnciI6ImVhZDFjMDI1ZGQ5OTVkNDc0ZDZjMzg0YjI1YzdkNTBjYmFiMjM5Mjc4ZDNlYTNmNTdlMmU4ZThlMTEwYzNkZTgiLCJrZXkiOiJXVXE5QjV3QlFWYXdqMFpJRGNJVTpUU2JDMnp2Ri16TXBXSjJtSG9McFdRIn0= 这个token