实操-Linux环境下ELK安装配置

准备:

elasticsearch-6.3.2

logstash-6.3.2

kibana-6.3.2-windows-x86_64

jdk1.8

下载地址:

Java: http://www.oracle.com/technetwork/java/javase/downloads/index.html

Logstash: https://www.elastic.co/downloads/logstash

Elasticsearch: https://www.elastic.co/downloads/elasticsearch

Kibana: https://www.elastic.co/downloads/kibana  

帮助文档

Logstash https://www.elastic.co/guide/en/logstash/current/codec-plugins.html

Elasticsearch https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html

Kibana https://www.elastic.co/guide/en/kibana/current/index.html

 

一、安装预环境

运行以下命令安装预环境。

[root@redis02 redis-4.0.2]# yum -y install gcc make

 

二、安装Java 8

1、查看已安装的jdk

rpm -qa|grep jdk

2、卸载jdk

rpm -e --nodeps java-1.6.0-openjdk-1.6.0.0-1.66.1.13.0.el6.x86_64

3.在usr目录下建立java安装目录

cd /usr

mkdir java

3.将jdk-8u60-linux-x64.tar.gz拷贝到java目录下

cp /mnt/hgfs/linux/jdk-8u60-linux-x64.tar.gz /usr/java/

4.解压jdk到当前目录

tar -zxvf jdk-8u60-linux-x64.tar.gz

5.编辑配置文件,配置环境变量

vim /etc/profile

添加如下内容:JAVA_HOME根据实际目录来

JAVA_HOME=/usr/java/jdk1.8.0_161/

CLASSPATH=$JAVA_HOME/lib/

PATH=$PATH:$JAVA_HOME/bin

export PATH JAVA_HOME CLASSPATH

6.执行命令 :

source /etc/profile

7查看:

[root@linuxcast ~]# java -version

 

三,安装Elasticsearch

1、由于elasticsearch不用使用root账号运行,需要创建用户

useradd -m admin 

passwd admin 

设置密码

 

1.更改所有者:

chown -R 用户 目录

2.更改权限:

chmod -R 755 目录

 

2、压缩包解压

解压压缩包

 

Elasticsearch默认只允许本机访问,通过远程无法访问?

解决方案:

允许其他机器访问

修改 Elastic 安装目录的config/elasticsearch.yml文件,去掉network.host的注释,将它的值改成0.0.0.0

network.host: 0.0.0.0

 

3、启动Elasticsearch

bin下面直接运行

 

4.后台运行和停止服务

启动:

后台运行

nohup ./elasticsearch &

停止:

ps -ef|grep java

或者

netstat -nlp | grep :9200

kill -9 进程

 

5、访问Elasticsearch

 

打开浏览器,访问地址:http://ip:9200

注:默认通过远程无法访问,需要修改配置文件再启动。

如果访问正常,应该会得到以下信息:

 

四、安装kibana

1.配置elasticsearch

  • Open config/kibana.yml in an editor
  • Set elasticsearch.url to point at your Elasticsearch instance

2.启动

Run bin/kibana (or bin\kibana.bat on Windows)

后台运行

nohup ./kibana &

 

3.访问

Point your browser at http://localhost:5601

 

4.设置为其他电脑访问

如何需要外网访问,注意需要在kibana.yml 中 配置对应ip否则只能本机访问

 

5.kibana 启动和停止

启动:

后台运行

nohup ./kibana &

 

停止:

有两种方式可以找到要杀死的进程:

ps -ef|grep node

查找端口使用的进程

netstat -nlp | grep :5601

 

然后kill -9 端口

 

问题

[2018-08-06T10:25:25,831][WARN ][o.e.b.JNANatives ] unable to install syscall filter:

java.lang.UnsupportedOperationException: seccomp unavailable: requires kernel 3.5+ with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER compiled in

at org.elasticsearch.bootstrap.SystemCallFilter.linuxImpl(SystemCallFilter.java:32

解决办法:

升级linux内核

https://www.cnblogs.com/zengkefu/p/5667145.html

 

 

问题:

Elasticsearch 不允许使用root用户运行

-rwxr-xr-x 1 root root 354 7月 20 05:26 x-pack-watcher-env.bat

[root@localhost bin]# ./elasticsearch

[2018-08-06T08:18:10,377][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [ma in]

org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root

解决方法:

 

https://blog.csdn.net/u010081710/article/details/80090222

useradd -m admin 

passwd admin 

设置密码

1.更改所有者:

chown -R 用户 目录

2.更改权限:

chmod -R 755 目录

 

问题:

Elasticsearch默认只允许本机访问,通过远程无法访问?

解决方案:修改 Elastic 安装目录的config/elasticsearch.yml文件,去掉network.host的注释,将它的值改成0.0.0.0,然后重新启动 Elastic。

network.host: 0.0.0.0

上面代码中,设成0.0.0.0让任何人都可以访问。线上服务不要这样设置,要设成具体的 IP。

http://www.ruanyifeng.com/blog/2017/08/elasticsearch.html

 

启动Elasticsearch成功,但访问时出现以下错误?

p checks

[2018-08-06T09:39:57,735][ERROR][o.e.b.Bootstrap ] [M_hmqE4] node validation exception

[4] bootstrap checks failed

[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

[2]: max number of threads [1024] for user [admin] is too low, increase to at least [4096]

[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

[4]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

 

https://blog.csdn.net/feinifi/article/details/73633235?utm_source=itdadao&utm_medium=referral

错误

[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536] https://www.cnblogs.com/yidiandhappy/p/7714481.html

#切换到root用户修改

vim /etc/security/limits.conf * soft nproc 65536 * hard nproc 65536 * soft nofile 65536 * hard nofile 65536

错误

[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

 

https://blog.csdn.net/jiankunking/article/details/65448030

编辑 limits.conf 在第一行加上如下内容

vim /etc/sysctl.conf vm.max_map_count = 655360

执行 sysctl -p

sysctl -p

 

错误

[2]: max number of threads [1024] for user [admin] is too low, increase to at least [4096]

 

vim /etc/security/limits.d/90-nproc.conf

* soft nproc 4097

 

 

问题:

[admin@localhost bin]$ ./elasticsearch

which: no java in (/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/java/jdk1.8.0_161//bin:/home/admin/bin)

could not find java; set JAVA_HOME or ensure java is in PATH

新添加的用户,环境变量无效。

给用户添加环境变量

vim ~/.bash_profile 

 

JAVA_HOME=/usr/java/jdk1.8.0_161/

CLASSPATH=$JAVA_HOME/lib/

PATH=$PATH:$JAVA_HOME/bin

export PATH JAVA_HOME CLASSPATH

 

保存文件并退出,执行 source ~/.bash_profile 使其生效,这种方法只对当前登陆用户生效

 

参考:

https://blog.csdn.net/zhanaolu4821/article/details/80580526

https://www.cnblogs.com/mcgrady/p/8625250.html

https://blog.csdn.net/ty_0930/article/details/70184705

https://blog.csdn.net/u010871982/article/details/78650259

 

 

问题:

https://www.baidu.com/link?url=SHxkOOsM5oJNV8e-EL3F7zjYOO_IxjenWJtxe2T_9HvCPczSlP9m9V5aVJ2ZTeMCt6tuL3D8NB2Zzl22Wtt7m_&wd=&eqid=b9be8e89000264a1000000065b68199c

https://www.jianshu.com/p/365db8b181cc

 

你可能感兴趣的:(ELK)