• Elasticsearch5.2.2安装

    安装环境:

    操作系统:centos 6.8
jdk版本:jdk1.8.0_121
应用版本:Elasticsearch 5.2.2

    1.Elasticsearch5.2.2安装

    (1)下载地址:

    wget -P /usr/local/src https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.2.tar.gz

    (2)jdk安装
    jdk包文件自行官网下载:

    下载的软件存放目录为/usr/local/src/

    解压:tar -zxvf jdk-8u121-linux-x64.tar.gz -C /usr/local/
进入目录:cd /usr/local/
做软连接:ln -s jdk1.8.0_121 java

    添加环境变量

    #vim /etc/profile
最后添加:
export JAVA_HOME=/usr/local/java
export JAVA_BIN=$JAVA_HOME/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

使profile生效
#source /etc/profile

    检测jdk是否安装成功.

    java -version

    (3)安装Elasticsearch

    [root@localhost src]#tar -zxvf elasticsearch-5.22.tar.gz -C /usr/local/
[root@elk-node1 local]# ln -s elasticsearch-5.22 elasticsearch

    2、用户组和用户创建,elasticsearch不能使用root启动,因此需要创建其他用户来启动

    创建用户组

    groupadd elsearch
useradd -g elsearch elsearch
chown -R elsearch:elsearch  elasticsearch*

    3、设置系统的相关参数,如果不设置参数将会存在相关的问题导致不能启动

    配置系统最大文件数

    vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536

    修改最大线程数的配置

    vim /etc/security/limits.d/90-nproc.conf	
*          soft    nproc     65536
root       soft    nproc     unlimited

    内存太小需要修改

    vim /usr/local/elasticsearch/config/jvm.options
将-Xmx2g改成-Xmx512m
将-Xms2g改成-Xms512m
-Xms512m
-Xmx512m

    调整虚拟内存最大map数量,默认是65536,调整最大的文件数量

    vim /etc/sysctl.conf

    在文件最底下增加:vm.max_map_count=262144和fs.file-max=65536
使生效并查看值:sysctl -p
最好也执行一下这条语句,确保修改成功
echo "262144" >  /proc/sys/vm/max_map_count

    (4)启动elasticsearch

    修改配置文件:vim /usr/local/elasticsearch/config/elasticsearch.yml
配置下面参数
network.host: 本机IP地址
http.port: 9200
需要注意,如果您的系统是centos 6.5需要再末尾增加:bootstrap.system_call_filter: false。不增加的情况下启动会报异常,原因是操作系统不兼容

    启动程序

    切换到设置的用户:su - elsearch
启动:/usr/local/elasticsearch/bin/elasticsearch -d

    (5.)验证有没有启动成功:curl http://IP:9200,返回下面信息说明启动成功

    #结合 `-i 参数来显示HTTP 头信息

    [root@localhost]# curl -i -XGET '192.168.100.70:9200/'
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 324

{
  "name" : "node-1",
  "cluster_name" : "elk-cluster",
  "cluster_uuid" : "bMJ2JfagSHSe2oQsGRxXkw",
  "version" : {
    "number" : "5.2.2",
    "build_hash" : "f9d9b74",
    "build_date" : "2017-02-24T17:26:45.835Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.1"
  },
  "tagline" : "You Know, for Search"
}

    官网地址:
    https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html

    https://www.elastic.co/guide/en/logstash/5.2/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-hosts

    logstash-kibana下载地址:

    wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.2.2-linux-x86_64.tar.gz

    kibana可视化配置文档:

    http://www.apache.wiki/pages/viewpage.action?pageId=2163133

    ELK5.2.2 X-pack 安装: 

    elasticsearch:
    如果elasticsearch是集群,每个节点都安装x-pack.

    [root@ELK-node1 elasticsearch]# bin/elasticsearch-plugin install x-pack
[root@ELK-node2 elasticsearch]# bin/elasticsearch-plugin install x-pack

    修改配置文件,在末尾加上如下行:

    vim elasticsearch.yml

action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*

    logstash安装x-pack,如果logstash是多台也都得安装:

    [root@ELK-node1 logstash]# bin/logstash-plugin install x-pack 

    [root@ELK-node1 config]# vim logstash.yml 

    xpack.monitoring.elasticsearch.url: "http://es-ip:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "changeme"  

    在logstash配置文件logstash.conf中要指定认证用户名和密码:如

    if [type] == "nginx-access" {
    elasticsearch {
      hosts => [ "192.168.100.70:9200","192.168.100.71:9200" ]
      index => "logstash-xxx-log-%{+YYYY.MM.dd}"
      user => logstash_internal
      password => changeme
    }
  }  

    kibana安装x-pack:

    [root@ELK-node2 kibana]# bin/kibana-plugin install x-pack

    重启ELK各个服务:

    登录kibna: http://ip:5601

    默认登录用户名密码:

      elastic
      changeme

    如果kibana可以登录,但logstash日志还是有如下报错信息:

    [WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. 
{:url=>#<URI::HTTP:0x3c6582db URL:http://127.0.0.1:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::
BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}

    则再创建如下用户(可以直接在kibana控制台的Dev Tools中执行如下命令):

    POST _xpack/security/role/logstash_writer
{
  "cluster": ["manage_index_templates", "monitor"],
  "indices": [
    {
      "names": [ "logstash-*" ], 
      "privileges": ["write","delete","create_index"]
    }
  ]
}



POST _xpack/security/user/logstash_internal
{
  "password" : "changeme",
  "roles" : [ "logstash_writer"],
  "full_name" : "Internal Logstash User"
}

    使用_cat查看Elasticsearch状态 

    [root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat
=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates

    统计:

    [root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/count?v
epoch      timestamp count
1517975582 11:53:02  5794388

    查看监控状态:

    [root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/health?v
epoch      timestamp cluster   status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1517975847 11:57:27  escluster green           5         5    344 172    0    0        0             0                  -                100.0%

    查看集群master节点状态

    [root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/master?v
id                     host        ip          node
uKwubwwrTF-C1FWNQiLVWg 10.100.3.59 10.100.3.59 es01

    搜索es集群索引日志信息:

    curl -XGET 'http://127.0.0.1:9200/*-2017-10-*'

    删除索引:

    curl -XDELETE 'http://10.200.3.90:9200/logstash-www1.beta.etongdai.org_access.log-2018.04.*'

    参考文档: http://blog.csdn.net/ybtsdst/article/details/51907020

    参考文档:
        http://doc.okbase.net/davidgu/archive/262011.html
        http://www.th7.cn/system/lin/201611/187507.shtml
        https://www.elastic.co/guide/en/x-pack/current/index.html
        https://stackoverflow.com/questions/43281264/how-enable-anonymous-access-in-elasticsearch-5-3
  • 相关阅读:
    JavaScript之判断参数的数值的详细类型
    JavaScript之不规则Table转化为可定点索引td节点的网格矩阵【插件】
    JavaScript之从浏览器一键获取教务处个人课程信息【插件】
    Linux之搭建远程数据库MySQL[Ubuntu:全过程]
    数据库之MySQL ERROR 1698 (28000) 错误:Access denied for user 'root'@'localhost'" error【摘抄】
    Linux之常用命令【service】
    Linux之激活超级用户
    计算机网络之互联网|因特网|万维网|HTTP|HTML之间的关系辨析
    [转] Linux Shell 文本处理工具集锦
    可读写的缓冲设计表现
  • 原文地址:https://www.cnblogs.com/saneri/p/6912593.html
Copyright © 2020-2023  润新知