环境:
OS:Centos 6.6
elasticsearch-5.6.3.tar.gz
jdk-8u151-linux-x64.tar.gz
kibana-5.6.3-linux-x86_64.tar.gz
logstash-5.6.3.tar.gz
node-v6.11.4-linux-x64.tar.xz
一、准备环境:
1、创建用户,并给安装目录设置权限
[root@1inux ~]# groupadd elk [root@1inux ~]# useradd -g elk elk [root@1inux ~]# mkdir /elk [root@1inux ~]# chown -R elk:elk /elk
修改系统某些参数值:【如不修改启动时会报错】
[root@1inux ~]# vim /etc/security/limits.conf //添加一下内容 --------------------------- * soft nofile 65536 * hard nofile 65536 * soft nproc 2048 * hard nproc 4096 ---------------------------- [root@bogon elk]# vim /etc/security/limits.d/90-nproc.conf //添加如下内容 * soft nproc 2048 [root@1inux ~]# vim /etc/sysctl.conf // 添加以下内容 ------------------ fs.file-max=65536 vm.max_map_count=655360 ---------------------- [root@1inux ~]# sysctl -p // 查看vm.max_map_count 值是否修改成功 修改进程数: [root@1inux ~]# ulimit -u 2048
安装Java
[root@1inux elk]# mkdir /usr/local/Java
[root@1inux elk]# tar -zxvf jdk-8u151-linux-x64.tar.gz -C /usr/local/Java
添加环境变量:
[root@1inux jdk1.8.0_151]# vim /etc/profile
添加如下:
export JAVA_HOME=/usr/local/Java/jdk1.8.0_151 export PATH=$PATH:$JAVA_HOME/bin exportCLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar:$CLASSPAT
重新加载
[root@1inux jdk1.8.0_151]# source /etc/profile
查看是否安装成功:
[root@1inux jdk1.8.0_151]# java -version java version "1.8.0_151" Java(TM) SE Runtime Environment (build 1.8.0_151-b12) Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode)
二:安装ELK
1、安装elasticsearch
# tar -zxvf elasticsearch-5.6.3.tar.gz 修改配置文件: vim ./elasticsearch-5.6.3/config/elasticsearch.yml //设置监听IP及监听端口: network.host: 0.0.0.0 // 设置监听IP http.port: 9200 //设置监听端口
注:elasticsearch不能使用root用户启动
启动elasticsearch //第一次启动有点慢:
[elk@1inux root]$ cd /elk/elasticsearch-5.6.3/bin [elk@1inux bin]$ ./elasticsearch 然后查看端口: [root@1inux ~]# ss -tnl | grep 9200 LISTEN 0 128 ::ffff:192.168.159.130:9200 :::* [root@1inux ~]#
1.1安装部署head
编辑elasticsearch配置文件做如下修改:
# vim /elk/elasticsearch-5.6.3/config/elasticsearch.yml node.name: node-1inux //修改集群名字 cluster.name: my-1inux //修改节点名字 //增加新的参数,这样head插件可以访问es http.cors.enabled: true http.cors.allow-origin: "*"
1)安装git
[root@1inux /]# yum -y install git
下载代码:
[root@1inux elk]# git clone git://github.com/mobz/elasticsearch-head.git
修改head目录权限:
[root@1inux elk]# chown -R elk:elk elasticsearch-head
2)下载安装node
https://nodejs.org/en/download/
然后下载xz进行解压
# yum -y install xz [root@1inux elk]# xz -d node-v6.11.4-linux-x64.tar.xz [root@1inux elk]# tar -xvf node-v6.11.4-linux-x64.tar
添加node的环境变量
[root@1inux node-v6.11.4-linux-x64]# vim /etc/profile 添加如下: export NODE_HOME=/elk/node-v6.11.4-linux-x64 export PATH=$PATH:$NODE_HOME/bin 重新加载 [root@1inux node-v6.11.4-linux-x64]# source /etc/profile
查看是否生效:
[root@1inux node-v6.11.4-linux-x64]# echo $NODE_HOME /elk/node-v6.11.4-linux-x64 [root@1inux node-v6.11.4-linux-x64]# node -v v6.11.4 [root@1inux node-v6.11.4-linux-x64]# npm -v 3.10.10
切换国内镜像源: npm config set registry https://registry.npm.taobao.org npm config set disturl https://npm.taobao.org/dist
3)安装grunt
[root@1inux node_modules]# npm install -g grunt [root@1inux node-v6.11.4-linux-x64]# npm install grunt-cli -g
查看是否安装成功:
[root@1inux node-v6.11.4-linux-x64]# grunt -version grunt-cli v1.2.0
修改服务器监听地址
[root@1inux elk]# vim /elk/elasticsearch-head/Gruntfile.js hostname: '*',
修改链接地址:
[root@1inux elk]# vim /elk/elasticsearch-head/_site/app.js
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "
修改为:
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.159.130:9200";
运行head
在head目录中执行 [root@1inux elasticsearch-head]# npm install 启动: [root@1inux elasticsearch-head]# grunt server
2、安装kibana
[root@1inux elk]# tar -zxvf kibana-5.6.3-linux-x86_64.tar.gz
解压后编辑配置文件; [root@1inux bin]# vim ../config/kibana.yml //修改为 elasticsearch 的访问地址及端口如下 #server.host: "localhost" server.host: "192.168.159.130" #elasticsearch.url: "http://localhost:9200" elasticsearch.url: "
然后保存启动如下;
[root@1inux bin]# ./kibana log [15:45:26.952] [info][status][plugin:[email protected]] Status changed from uninitialized to green - Ready log [15:45:27.067] [info][status][plugin:[email protected]] Status changed from uninitialized to yellow - Waiting for Elasticsearch log [15:45:27.118] [info][status][plugin:[email protected]] Status changed from uninitialized to green - Ready log [15:45:27.136] [info][status][plugin:[email protected]] Status changed from uninitialized to green - Ready log [15:45:27.566] [info][status][plugin:[email protected]] Status changed from uninitialized to green - Ready log [15:45:27.697] [info][listening] Server running at http://localhost:5601 log [15:45:27.699] [info][status][ui settings] Status changed from uninitialized to yellow - Elasticsearch plugin is yellow
3、安装 logstash-5.6.3.tar.gz
[root@1inux elk]# tar -zxvf logstash-5.6.3.tar.gz 解压后编辑配置文件,然后就可以使用了
编写文件
编辑文件 # vim /config/test.conf
input {
file {
type => "nginx_log"
path => "/var/log/nginx/access.log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => "192.168.159.130"
index => "1inux"
}
stdout{codec => rubydebug}
}
启动:
root@1inux bin]# ./logstash -f ../config/test.conf
报错:
1、
[root@bogon elk]# ./elasticsearch-5.6.3/bin/elasticsearch [2017-10-25T06:29:04,996][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
解决方案:使用elk用户启动
问题二、
ERROR: [4] bootstrap checks failed [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536] [2]: max number of threads [1024] for user [elk] is too low, increase to at least [2048] [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 参考上面系统修改
问题三、
编辑elasticsearch配置文件 [4]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk 在 bootstrap.memory_lock 下面 添加: bootstrap.system_call_filter: false