• ELK初学搭建(elasticsearch)

    ELK初学搭建(elasticsearch)

    elasticsearch
    logstash
    kibana

    ELK初学搭建 elasticsearch

    1.环境准备

    centos6.8_64 mini
    IP:192.168.10.78
    tar包:
    logstash-2.4.0.tar.gz
    elasticsearch-2.4.0.tar.gz
    kibana-4.6.1-linux-x86_64.tar.gz
    JDK环境

    elasticsearch logstach kibana java
    V2.4 V2.4 V4.6.1 V1.8.0_111
    1.1环境准备
    1. [root@localhost ~]# yum install java-1.8.0-openjdk* -y 
    2. [root@localhost ~]# export JAVA_HOME=/usr/lib/jvm/java-1.8.0 
    3. [root@localhost ~]# export PATH=$JAVA_HOME/bin:$PATH 
    4. [root@localhost ~]# export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar 
    5. [root@localhost ~]# java -version 
    6. openjdk version "1.8.0_111" 
    7. OpenJDK Runtime Environment (build 1.8.0_111-b15) 
    8. OpenJDK 64-Bit Server VM (build 25.111-b15, mixed mode) 

    此时jdk环境已经正常可用。

    2.软件上传之服务器并解压到/usr/local目录下
    解压,并重新命名文件夹:

    [root@localhost ~]# xvf elasticsearch-2.4.0.tar.gz 
[root@localhost ~]# mv elasticsearch-2.4.0 /usr/local/elasticsearch

    同理 将这三个软件解压...
    3. 运行软件

    1. [root@localhost elasticsearch]# ./bin/elasticsearch 
    2. Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root. 
    3. at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:94) 
    4. at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:160) 
    5. at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286) 
    6. at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35) 
    7. Refer to the log for complete error details. 
    8. [root@localhost elasticsearch]#  

    运行报错,发现elasticsearch不允许在root下运行,解决:

    1. [root@localhost elasticsearch]# groupadd es 
    2. [root@localhost elasticsearch]# useradd -g es es 
    3. [root@localhost elasticsearch]# useradd -g es es 
    4. [root@localhost elasticsearch]# passwd es 
    5. Changing password for user es. 
    6. New password:  
    7. BAD PASSWORD: it is based on a dictionary word 
    8. Retype new password:  
    9. passwd: all authentication tokens updated successfully. 
    10. [root@localhost elasticsearch]# chown -R root . 
    11. [root@localhost elasticsearch]# chown -R es . 
    12. [root@localhost elasticsearch]# chgrp -R es . 
    13. [root@localhost elasticsearch]# ls -l 
    14. total 56 
    15. drwxr-xr-x 2 es es 4096 Nov 7 17:25 bin 
    16. drwxr-xr-x 3 es es 4096 Nov 7 19:37 config 
    17. drwxrwxr-x 3 es es 4096 Nov 7 17:34 data 
    18. drwxr-xr-x 2 es es 4096 Nov 7 17:25 lib 
    19. -rw-rw-r-- 1 es es 11358 Aug 24 00:46 LICENSE.txt 
    20. drwxrwxr-x 2 es es 4096 Nov 7 17:34 logs 
    21. drwxrwxr-x 5 es es 4096 Aug 29 17:23 modules 
    22. -rw-rw-r-- 1 es es 150 Aug 24 00:46 NOTICE.txt 
    23. drwxrwxr-x 4 es es 4096 Nov 7 17:50 plugins 
    24. -rw-rw-r-- 1 es es 8700 Aug 24 00:46 README.textile 

    此时,ES 不能通过IP访问,最好修改 config/elasticsearch.yml,配置一下 ES。
    首先,找到“network.host”行,添加一行:

    network.host: 192.168.10.78
    再找到“http.port”行,添加一行:
    http.port: 9200

    否则,ES 每次启动时,端口可能会变(端口被占用,ES 自己会改端口)~
    如果还不能正常启动 ES,并提示端口被占用,就查看一下什么程序占用 9200 端口,kill 掉,重启 ES 就行。

    就能通过IP,或浏览器访问。
    切换至es用户先运行elasticsearch

    1. [root@localhost ~]# su es 
    2. [es@localhost root]$ cd /usr/local/elasticsearch/ 
    3. [es@localhost elasticsearch]$ ls 
    4. bin config data lib LICENSE.txt logs modules NOTICE.txt plugins README.textile 
    5. [es@localhost elasticsearch]$ ./bin/elasticsearch 
    6. [2016-11-07 21:50:45,580][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed 
    7. [2016-11-07 21:50:45,824][INFO ][node ] [Man-Eater] version[2.4.0], pid[1880], build[ce9f0c7/2016-08-29T09:14:17Z] 
    8. [2016-11-07 21:50:45,824][INFO ][node ] [Man-Eater] initializing ... 
    9. [2016-11-07 21:50:46,521][INFO ][plugins ] [Man-Eater] modules [reindex, lang-expression, lang-groovy], plugins [head, kopf], sites [head, kopf] 
    10. [2016-11-07 21:50:46,548][INFO ][env ] [Man-Eater] using [1] data paths, mounts [[/ (/dev/mapper/VolGroup-lv_root)]], net usable_space [5gb], net total_space [8.2gb], spins? [possibly], types [ext4] 
    11. [2016-11-07 21:50:46,548][INFO ][env ] [Man-Eater] heap size [1007.3mb], compressed ordinary object pointers [true
    12. [2016-11-07 21:50:46,548][WARN ][env ] [Man-Eater] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536
    13. [2016-11-07 21:50:49,052][INFO ][node ] [Man-Eater] initialized 
    14. [2016-11-07 21:50:49,053][INFO ][node ] [Man-Eater] starting ... 
    15. [2016-11-07 21:50:49,124][INFO ][transport ] [Man-Eater] publish_address {192.168.10.78:9300}, bound_addresses {192.168.10.78:9300
    16. [2016-11-07 21:50:49,130][INFO ][discovery ] [Man-Eater] elasticsearch/kAMEcJDUQ_2jK0jm7fVWeQ 
    17. [2016-11-07 21:50:52,210][INFO ][cluster.service ] [Man-Eater] new_master {Man-Eater}{kAMEcJDUQ_2jK0jm7fVWeQ}{192.168.10.78}{192.168.10.78:9300}, reason: zen-disco-join(elected_as_master, [0] joins received) 
    18. [2016-11-07 21:50:52,289][INFO ][http ] [Man-Eater] publish_address {192.168.10.78:9200}, bound_addresses {192.168.10.78:9200
    19. [2016-11-07 21:50:52,290][INFO ][node ] [Man-Eater] started 
    20. [2016-11-07 21:50:52,385][INFO ][gateway ] [Man-Eater] recovered [2] indices into cluster_state 
    21. [2016-11-07 21:50:53,045][INFO ][cluster.routing.allocation] [Man-Eater] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[logstash-%{type}-2016.11.07][1], [.kibana][0]] ...]). 

    此时,在另一个终端,访问 elasticsearch:

    1. [root@localhost ~]# curl -X GET http://192.168.10.78:9200 
    3. "name" : "Egghead"
    4. "cluster_name" : "elasticsearch"
    5. "version" : { 
    6. "number" : "2.4.0"
    7. "build_hash" : "ce9f0c7394dee074091dd1bc4e9469251181fc55"
    8. "build_timestamp" : "2016-08-29T09:14:17Z"
    9. "build_snapshot" : false
    10. "lucene_version" : "5.5.2" 
    12. "tagline" : "You Know, for Search" 

    到这一不,ES 已经安装成功。可用浏览器测试是都正常即可。

    Head 插件

    Head 是一个用来监控 ES 状态的客户端插件,可以为初学用户提供很多便利,例如,使用 Head 提供的 HTTP 客户端,通过 HTTP 方式来操作 ES。
    ES 支持在线和本地安装 Head。本地安装时,从 Github 上下载 Head 插件,然后上传到你的 ES 服务器,比如,Elasticsearch/plugins 目录。
    下面是在线安装:

    1. [root@localhost elasticsearch]# ./bin/plugin install mobz/elasticsearch-head 
    2. -> Installing mobz/elasticsearch-head... 
    3. Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ... 
    4. Downloading ...................................................................................................................................................................................................................................................................................................................................................................................................................................DONE 
    5. Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ... 
    6. NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify) 
    7. Installed head into /usr/local/elasticsearch/plugins/head 

    用浏览器访问 http://192.168.10.78:9200/_plugin/head
    enter description here

    logstash-%{type}-2016.11.07是我自己创建的,后续介绍。
    至此Elasticsearch Head 就成功安装了。
    Marvel 图形化监控插件收费,安装方法同上,本免费党不测试了 哈哈~

    安装 kopf 网络插件

    [root@localhost elasticsearch]# ./bin/plugin install mobz/elasticsearch-kopf
-> Installing lmenezes/elasticsearch-kopf...
Trying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip...
Downloading ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Installed lmenezes/elasticsearch-kopf into /usr/local/elasticsearch/plugins/kopf

    enter description here

    kopf.png

    至此elasticsearch准备就绪,下一章安装losstach.
  • 相关阅读:
    第一周C语言作业
    C语言I博客园作业08
    C语言I博客作业07
    C语言I博客作业06
    C语言I博客作业05
    C语言I博客作业04
    C语言II博客作业04
    C语言II博客作业03
    C语言II博客作业02
    C语言II博客作业01
  • 原文地址:https://www.cnblogs.com/luckyall/p/6061943.html
Copyright © 2020-2023  润新知