ELK入门

参考

https://www.elastic.co/cn/products/

[root@server1 6.6]# ls
apm-server-6.6.1-x86_64.rpm    kibana-6.6.1-x86_64.rpm
auditbeat-6.6.1-x86_64.rpm     Kibana_Hanization-master.zip
elasticsearch-6.6.1.rpm        logstash-6.6.1.rpm
elasticsearch-head-master.zip  metricbeat-6.6.1-x86_64.rpm
filebeat-6.6.1-x86_64.rpm      nodejs-9.11.2-1nodesource.x86_64.rpm
heartbeat-6.6.1-x86_64.rpm     packetbeat-6.6.1-x86_64.rpm
journalbeat-6.6.1-x86_64.rpm   rh-nodejs8-npm-5.3.0-8.6.0.1.el7.x86_64.rpm

 

server1

yum install jdk-8u171-linux-x64.rpm  -y

 yum install elasticsearch-6.6.1.rpm -y

 

 

[root@server1 6.6]# cd /etc/elasticsearch/

[root@server1 elasticsearch]# vim elasticsearch.yml

cluster.name: my-es
node.name: server1

bootstrap.memory_lock: true

network.host: 172.25.11.1

http.port: 9200

[root@server1 elasticsearch]# grep -v ^#  elasticsearch.yml
cluster.name: my-es
node.name: server1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: true
network.host: 172.25.11.1
http.port: 9200

 

因为之前打开了锁定内存，所以需要修改内存

[root@server1 elasticsearch]# vim /etc/security/limits.conf

末尾加入

elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited

elasticsearch - nofile 65536

elasticsearch - nproc 4096

 

[root@server1 elasticsearch]# systemctl restart elasticsearch

vim   /usr/lib/systemd/system/elasticsearch.service

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
LimitMEMLOCK=infinity

 

 

systemctl daemon-reload

systemctl restart elasticsearch

[root@server1 elasticsearch]# netstat -tnapl |grep 92
tcp6       0      0 172.25.11.1:9200        :::*                    LISTEN      2009/java           
tcp6       0      0 172.25.11.1:9200        172.25.11.250:34446     ESTABLISHED 2009/java

sysctl -a | grep vm.max_map_count

[root@server1 elasticsearch]# sysctl -a | grep vm.max_map_count
vm.max_map_count = 262144

 

[root@server1 elasticsearch]# curl -XGET http://172.25.11.1:9200/_cat/health?v
epoch      timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1555121341 02:09:01  my-es   green           1         1      0   0    0    0        0             0                  -                100.0%

 

[root@server1 elasticsearch]# curl -XGET http://172.25.11.1:9200/_cat/nodes?v
ip          heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
172.25.11.1           12          95   1    0.00    0.02     0.11 mdi       *      server1

[root@server1 elasticsearch]# curl -XGET http://172.25.11.1:9200/_cat/nodes
172.25.11.1 12 95 0 0.00 0.02 0.11 mdi * server1

 

使用  （githup下载的）

[root@server1 6.6]# yum install -y nodejs-9.11.2-1nodesource.x86_64.rpm

 

bunzip2 phantomjs-2.1.1-linux-x86_64.tar.bz2

tar xf phantomjs-2.1.1-linux-x86_64.tar

cd phantomjs-2.1.1-linux-x86_64

npm install --registry=https://registry.npm.taobao.org

 

unzip  elasticsearch-head-master.zip

cd elasticsearch-head-master

虚拟机需要联网

[root@server1 elasticsearch-head-master]# vim /etc/elasticsearch/elasticsearch.yml

http.cors.enabled: true
http.cors.allow-origin: '*'

 

systemctl restart elasticsearch

[root@server1 elasticsearch-head-master]# npm install --registry=https://registry.npm.taobao.org

npm run start &

 

server2  3  都需要2G以上内存

yum install jdk-8u171-linux-x64.rpm -y

yum install -y elasticsearch-6.6.1.rpm

/usr/lib/systemd/system/elasticsearch.service

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
LimitMEMLOCK=infinity

 

vim /etc/elasticsearch/elasticsearch.yml

discovery.zen.ping.unicast.hosts: ["server1", "server2", "server3"]

scp -rp /etc/elasticsearch/elasticsearch.yml  server2:/etc/elasticsearch/elasticsearch.yml

scp -rp /etc/elasticsearch/elasticsearch.yml  server3:/etc/elasticsearch/elasticsearch.yml

再修改server2 3  的   node   host

node.name: server2

network.host: 172.25.11.2

 

 

systemctl daemon-reload

systemctl start elasticsearch