第1章 环境准备
1.1 系统环境
[root@LZH ~]# cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core) [root@LZH ~]# uname -r 3.10.0-514.2.2.el7.x86_64 [root@LZH ~]# uname -m x86_64
1.2 修改主机名
1.2.1 方法1
[root@LZH ~]# hostnamectl set-hostname LZH
1.2.2 方法2
[root@LZH ~]# hostname LZH ==》临时生效 [root@LZH ~]# vim /etc/sysconfig/network ==》永久生效 # Created by anaconda NETWORKING_IPV6=no PEERNTP=no HOSTNAME=LZH 一般两者配合使用!!
1.3 关闭安全机制
################################关闭防火墙##################################### [root@LZH ~]# systemctl stop firewalld ==》临时关闭 [root@LZH ~]# systemctl disable firewalld ==》永久关闭 ##################################关闭SELINUX################################ [root@LZH ~]# setenforce 0 [root@LZH ~]# sed -i "s#SELINUX=enable#SELINUX=disabled#" /etc/sysconfig/selinux 1.4 下载软件包
1.4.1 elasticsearch
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.1.tar.gz
1.4.2 kibana
https://artifacts.elastic.co/downloads/kibana/kibana-5.4.1-linux-x86_64.tar.gz
1.4.3 logstash
https://artifacts.elastic.co/downloads/logstash/logstash-5.4.1.tar.gz
1.5 创建目录和用户
1.5.1 创建目录
[root@LZH ~]# mkdir -p /server/scripts/ ==》脚本存放目录 [root@LZH ~]# mkdir -p /application/tools ==》软件包存放目录
1.5.2 创建用户
[root@ZLH ~]# groupadd es [root@LZH ~]# useradd -g es es [root@LZH ~]# echo "123456"|passwd --stdin es ==》添加密码
1.6 安装jdk (安装jdk1.8或1.8以上的版本)
[root@LZH ~]# yum install -y java-1.8.0-openjdk
第2章 安装
2.1 安装及启动elasticsearch
2.1.1 安装elasticsearch
[root@LZH ~]# cd /application/tools/ [root@LZH tools]# tar xf elasticsearch-5.4.1.tar.g [root@LZH tools]# mv elasticsearch-5.4.1 /usr/local/elasticsearch [root@LZH tools]# cd /usr/local/elasticsearch [root@LZH elasticsearch]# mkdir -p /usr/local/elasticsearch/{data,logs} [root@LZH elasticsearch]# cp config/elasticsearch.yml{,.bak} [root@LZH elasticsearch]# ll config/ total 20 -rw-rw---- 1 root root 2854 May 30 2017 elasticsearch.yml -rw-r----- 1 root root 2854 Jul 13 09:55 elasticsearch.yml.bak -rw-rw---- 1 root root 3117 May 30 2017 jvm.options -rw-rw---- 1 root root 4456 May 30 2017 log4j2.properties [root@LZH elasticsearch]# egrep -v "^$|#" config/elasticsearch.yml.bak > config/elasticsearch.yml [root@LZH elasticsearch]# vim config/elasticsearch.yml cluster.name: lzh-elk node-name: LZH path.data: /usr/local/elasticsearch/data path.logs: /usr/local/elasticsearch/logs network.host: 59.110.228.53 http.port: 9200 discovery.zen.ping.unicast.hosts: ["LZH"] [root@LZH elasticsearch]# chown -R es.es /usr/local/elasticsearch/ [root@LZH elasticsearch]# cp /etc/sysctl.conf{,.bak} [root@LZH elasticsearch]# echo "vm.max_map_count = 655360" >> /etc/sysctl.conf [root@LZH elasticsearch]# sysctl -p [root@LZH elasticsearch]# cp /etc/security/limits.conf{,.bak} [root@LZH elasticsearch]# vim /etc/security/limits.conf ==》新增如下内容 * soft nofile 65536 * hard nofile 65536 * soft nproc 65536 * hard nproc 65536 2.1.2 启动 [root@LZH config]# su – es [es@lzh ~]$ cd /usr/local/elasticsearch/ [es@lzh elasticsearch]$ ./bin/elasticsearch & ==》后台启动 [root@LZH logs]# netstat -tnulp |grep 9200 ==》查看端口
2.3 启动报错集锦
2.3.1 以root身份启动
q 错误实例
[root@LZH elasticsearch]# ./bin/elasticsearch OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N [2018-07-13T10:53:17,809][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
q 解决方法
用非root用户启动
2.3.2 内存不足
q 错误实例
[es@LZH elasticsearch]$ ./bin/elasticsearch OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12) # # There is insufficient memory for the Java Runtime Environment to continue. # Native memory allocation (mmap) failed to map 2060255232 bytes for committing reserved memory. # An error report file with more information is saved as: # /usr/local/elasticsearch/hs_err_pid9843.log
q 解决方法
[root@LZH config]# vim jvm.options …… -Xms2g 修改为 Xms1g -Xmx2g Xmx1g …… 然后重新启动即可
2.3.2 [Failed to bind to [9300-9400]
q 错误实例
[es@lzh elasticsearch]$ ./bin/elasticsearch …… [2018-0713T10:37:12,987][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: BindTransportException[Failed to bind to [9300-9400]]; nested: BindException[Cannot assign requested address];
q 解决方法
[root@LZH config]# vim /usr/local/elasticsearch/config/elasticsearch.yml cluster.name: LZH-elk #node-name: LZH path.data: /usr/local/elasticsearch/data path.logs: /usr/local/elasticsearch/logs http.port: 9200 discovery.zen.ping.unicast.hosts: ["LZH"] 然后重新启动即可
2.2 安装及启动logstash
2.2.1 安装logstash
[root@LZH ~]# cd /application/tools/ [root@LZH tools]# tar xf logstash-5.4.1.tar.gz [root@LZH tools]# mv logstash-5.4.1 /usr/local/logstash [root@LZH logstash]# vim config/logstash.conf input { file { path => ["/var/log/*.log", "/var/log/message"] type => "system" start_position => "beginning" } } output { elasticsearch { hosts => '127.0.0.1' } stdout { codec => rubydebug } }
2.2.2 启动logstash
[root@lzh logstash]# ./bin/logstash -f config/logstash.conf &
启动成功后会出现下面的内容
2.3 安装及启动kibana
2.3.1 安装kibana
[root@lzh kibana]# tar xf kibana-5.4.1-linux-x86_64.tar.gz [root@lzh kibana]# mv kibana-5.4.1-linux-x86_64 /usr/local/kibana [root@lzh kibana]# cd /usr/local/kibana [root@lzh kibana]# cp kibana.yml{,.bak} [root@lzh kibana]# egrep -v "^$|#" kibana.yml.bak >kibana.yml [root@lzh kibana]# vim kibana.yml
2.3.2 启动
[root@lzh kibana]#./bin/kiban & [root@lzh kibana]# netstat -nulpt |grep kibana· [root@lzh kibana]# netstat -tnulp
启动成功如下