安装环境:
操作系统:centos 6.8
jdk版本:jdk1.8.0_121
应用版本:Elasticsearch 5.2.2
1.Elasticsearch5.2.2安装
(1)下载地址:
wget -P /usr/local/src https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.2.tar.gz
(2)jdk安装
jdk包文件自行官网下载:
下载的软件存放目录为/usr/local/src/
解压:tar -zxvf jdk-8u121-linux-x64.tar.gz -C /usr/local/
进入目录:cd /usr/local/
做软连接:ln -s jdk1.8.0_121 java
添加环境变量
#vim /etc/profile
最后添加:
export JAVA_HOME=/usr/local/java
export JAVA_BIN=$JAVA_HOME/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
使profile生效
#source /etc/profile
检测jdk是否安装成功.
java -version
(3)安装Elasticsearch
[root@localhost src]#tar -zxvf elasticsearch-5.22.tar.gz -C /usr/local/
[root@elk-node1 local]# ln -s elasticsearch-5.22 elasticsearch
2、用户组和用户创建,elasticsearch不能使用root启动,因此需要创建其他用户来启动
创建用户组
groupadd elsearch
useradd -g elsearch elsearch
chown -R elsearch:elsearch elasticsearch*
3、设置系统的相关参数,如果不设置参数将会存在相关的问题导致不能启动
配置系统最大文件数
vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
修改最大线程数的配置
vim /etc/security/limits.d/90-nproc.conf
* soft nproc 65536
root soft nproc unlimited
内存太小需要修改
vim /usr/local/elasticsearch/config/jvm.options
将-Xmx2g改成-Xmx512m
将-Xms2g改成-Xms512m
-Xms512m
-Xmx512m
调整虚拟内存最大map数量,默认是65536,调整最大的文件数量
vim /etc/sysctl.conf
在文件最底下增加:vm.max_map_count=262144和fs.file-max=65536
使生效并查看值:sysctl -p
最好也执行一下这条语句,确保修改成功
echo "262144" > /proc/sys/vm/max_map_count
(4)启动elasticsearch
修改配置文件:vim /usr/local/elasticsearch/config/elasticsearch.yml
配置下面参数
network.host: 本机IP地址
http.port: 9200
需要注意,如果您的系统是centos 6.5需要再末尾增加:bootstrap.system_call_filter: false。不增加的情况下启动会报异常,原因是操作系统不兼容
启动程序
切换到设置的用户:su - elsearch
启动:/usr/local/elasticsearch/bin/elasticsearch -d
(5.)验证有没有启动成功:curl http://IP:9200,返回下面信息说明启动成功
#结合 `-i 参数来显示HTTP 头信息
[root@localhost]# curl -i -XGET '192.168.100.70:9200/'
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 324
{
"name" : "node-1",
"cluster_name" : "elk-cluster",
"cluster_uuid" : "bMJ2JfagSHSe2oQsGRxXkw",
"version" : {
"number" : "5.2.2",
"build_hash" : "f9d9b74",
"build_date" : "2017-02-24T17:26:45.835Z",
"build_snapshot" : false,
"lucene_version" : "6.4.1"
},
"tagline" : "You Know, for Search"
}
官网地址:
https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html
https://www.elastic.co/guide/en/logstash/5.2/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-hosts
logstash-kibana下载地址:
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.2.2-linux-x86_64.tar.gz
kibana可视化配置文档:
http://www.apache.wiki/pages/viewpage.action?pageId=2163133
ELK5.2.2 X-pack 安装:
elasticsearch:
如果elasticsearch是集群,每个节点都安装x-pack.
[root@ELK-node1 elasticsearch]# bin/elasticsearch-plugin install x-pack
[root@ELK-node2 elasticsearch]# bin/elasticsearch-plugin install x-pack
修改配置文件,在末尾加上如下行:
vim elasticsearch.yml
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*
logstash安装x-pack,如果logstash是多台也都得安装:
[root@ELK-node1 logstash]# bin/logstash-plugin install x-pack
[root@ELK-node1 config]# vim logstash.yml
xpack.monitoring.elasticsearch.url: "http://es-ip:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "changeme"
在logstash配置文件logstash.conf中要指定认证用户名和密码:如
if [type] == "nginx-access" {
elasticsearch {
hosts => [ "192.168.100.70:9200","192.168.100.71:9200" ]
index => "logstash-xxx-log-%{+YYYY.MM.dd}"
user => logstash_internal
password => changeme
}
}
kibana安装x-pack:
[root@ELK-node2 kibana]# bin/kibana-plugin install x-pack
重启ELK各个服务:
登录kibna: http://ip:5601
默认登录用户名密码:
elastic
changeme
如果kibana可以登录,但logstash日志还是有如下报错信息:
[WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error.
{:url=># , :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::
BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}
则再创建如下用户(可以直接在kibana控制台的Dev Tools中执行如下命令):
POST _xpack/security/role/logstash_writer
{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": [ "logstash-*" ],
"privileges": ["write","delete","create_index"]
}
]
}
POST _xpack/security/user/logstash_internal
{
"password" : "changeme",
"roles" : [ "logstash_writer"],
"full_name" : "Internal Logstash User"
}
使用_cat查看Elasticsearch状态
[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat =^.^= /_cat/allocation /_cat/shards /_cat/shards/{index} /_cat/master /_cat/nodes /_cat/tasks /_cat/indices /_cat/indices/{index} /_cat/segments /_cat/segments/{index} /_cat/count /_cat/count/{index} /_cat/recovery /_cat/recovery/{index} /_cat/health /_cat/pending_tasks /_cat/aliases /_cat/aliases/{alias} /_cat/thread_pool /_cat/thread_pool/{thread_pools} /_cat/plugins /_cat/fielddata /_cat/fielddata/{fields} /_cat/nodeattrs /_cat/repositories /_cat/snapshots/{repository} /_cat/templates
统计:
[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/count?v epoch timestamp count 1517975582 11:53:02 5794388
查看监控状态:
[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/health?v epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent 1517975847 11:57:27 escluster green 5 5 344 172 0 0 0 0 - 100.0%
查看集群master节点状态
[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/master?v id host ip node uKwubwwrTF-C1FWNQiLVWg 10.100.3.59 10.100.3.59 es01
搜索es集群索引日志信息:
curl -XGET 'http://127.0.0.1:9200/*-2017-10-*'
删除索引:
curl -XDELETE 'http://10.200.3.90:9200/logstash-www1.beta.etongdai.org_access.log-2018.04.*'
参考文档: http://blog.csdn.net/ybtsdst/article/details/51907020
参考文档:
http://doc.okbase.net/davidgu/archive/262011.html
http://www.th7.cn/system/lin/201611/187507.shtml
https://www.elastic.co/guide/en/x-pack/current/index.html
https://stackoverflow.com/questions/43281264/how-enable-anonymous-access-in-elasticsearch-5-3