ELK学习01：ELK安装

ELK学习01：Linux服务器安装elasticsearch、kibana

前提：Elastic 需要 Java 8 环境

安装elasticsearch

步骤如下：

1- 去官网下载安装包，我下载的是elasticsearch-5.6.1.tar

2-上传elasticsearch-5.6.1.tar至/opt目录下

3-解压

[root@ecs-x-large-2-linux-20200229160057 ~]# cd /opt/
[root@ecs-x-large-2-linux-20200229160057 opt]# tar -vxzf elasticsearch-5.6.1.tar.gz 

4-启动服务(elasticsearch不能直接用root账号启动，见附1)

[root@ecs-x-large-2-linux-20200229160057 ~]# su - es
Last login: Thu Mar 26 21:18:27 CST 2020 on pts/0
[es@ecs-x-large-2-linux-20200229160057 ~]$  /opt/elasticsearch-5.6.1/bin/elasticsearch
[2020-03-26T21:20:32,355][INFO ][o.e.n.Node               ] [] initializing ...
[2020-03-26T21:20:32,431][INFO ][o.e.e.NodeEnvironment    ] [Z0rnBuZ] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [33.8gb], net total_space [39.2gb], spins? [unknown], types [rootfs]
[2020-03-26T21:20:32,431][INFO ][o.e.e.NodeEnvironment    ] [Z0rnBuZ] heap size [1.9gb], compressed ordinary object pointers [true]
[2020-03-26T21:20:32,433][INFO ][o.e.n.Node               ] node name [Z0rnBuZ] derived from node ID [Z0rnBuZsQnCvA-A60roP8w]; set [node.name] to override
[2020-03-26T21:20:32,433][INFO ][o.e.n.Node               ] version[5.6.1], pid[11508], build[667b497/2017-09-14T19:22:05.189Z], OS[Linux/3.10.0-1062.1.1.el7.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_242/25.242-b08]
[2020-03-26T21:20:32,433][INFO ][o.e.n.Node               ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/opt/elasticsearch-5.6.1]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [aggs-matrix-stats]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [ingest-common]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [lang-expression]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [lang-groovy]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [lang-mustache]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [lang-painless]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [parent-join]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [percolator]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [reindex]
[2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [transport-netty3]
[2020-03-26T21:20:33,284][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] loaded module [transport-netty4]
[2020-03-26T21:20:33,284][INFO ][o.e.p.PluginsService     ] [Z0rnBuZ] no plugins loaded
[2020-03-26T21:20:35,011][INFO ][o.e.d.DiscoveryModule    ] [Z0rnBuZ] using discovery type [zen]
[2020-03-26T21:20:35,456][INFO ][o.e.n.Node               ] initialized
[2020-03-26T21:20:35,456][INFO ][o.e.n.Node               ] [Z0rnBuZ] starting ...
[2020-03-26T21:20:35,623][INFO ][o.e.t.TransportService   ] [Z0rnBuZ] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2020-03-26T21:20:38,699][INFO ][o.e.c.s.ClusterService   ] [Z0rnBuZ] new_master {Z0rnBuZ}{Z0rnBuZsQnCvA-A60roP8w}{BZLhWVCDS3ydCIj1cYtZqg}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2020-03-26T21:20:38,730][INFO ][o.e.h.n.Netty4HttpServerTransport] [Z0rnBuZ] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2020-03-26T21:20:38,730][INFO ][o.e.n.Node               ] [Z0rnBuZ] started
[2020-03-26T21:20:38,737][INFO ][o.e.g.GatewayService     ] [Z0rnBuZ] recovered [0] indices into cluster_state

5-判断elasticsarch是否启动成功；(注意需要配置IP权限，见附3)

[root@ecs-x-large-2-linux-20200229160057 ~]# curl http://IP:9200/
{
  "name" : "Z0rnBuZ",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "DI4pL9G8Qxm3hETHCRAeNg",
  "version" : {
    "number" : "5.6.1",
    "build_hash" : "667b497",
    "build_date" : "2017-09-14T19:22:05.189Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.1"
  },
  "tagline" : "You Know, for Search"
}
[root@ecs-x-large-2-linux-20200229160057 ~]# 

附1：启动报错1

##原因是elaticsearch默认不能用root用户启动；其中一个方案就是创建新用户，并授权；账号：es；密码：es
[root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# ./bin/elasticsearch
[2020-03-26T17:04:30,751][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:123) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) ~[elasticsearch-5.6.1.jar:5.6.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:106) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:195) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:342) ~[elasticsearch-5.6.1.jar:5.6.1]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:132) ~[elasticsearch-5.6.1.jar:5.6.1]
    ... 6 more
[root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# 

##创建新用户，并授权；账号：es；密码：es
[root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# ./bin/elasticsearch -Des.insecure.allow.root=true^C
[root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# adduser es
[root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# passwd es
Changing password for user es.
New password: 
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# chmod 777 /opt/elasticsearch-5.6.1/
[root@ecs-x-large-2-linux-20200229160057 ~]# chown -R es:es /opt/elasticsearch-5.6.1/

附2：启动报错2

##报错日志
##原因：默认 elasticsearch 是单机访问模式，就是只能自己访问自己。但是我们之后一定会设置成允许应用服务器通过网络方式访问。这时，elasticsearch 就会因为嫌弃单机版的低端默认配置而报错，甚至无法启动。
ERROR: [2] bootstrap checks failed
[1]: max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决方案：执行如下操作
[root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]#sudo sysctl -w vm.max_map_count=262144
#之后重新启动又报如下错误
ERROR: [1] bootstrap checks failed
[1]: max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]
解决方案：
#将如下/etc/security/limits.conf如下参数
root soft nofile 65535
root hard nofile 65535
* soft nofile 65535
* hard nofile 65535
#改成
root soft nofile 131072
root hard nofile 131072
* soft nofile 131072
* hard nofile 131072
##然后退出账号，重新登陆

附3：设置全部IP可以访问elasticsearch

 ##修改elasticsearch.yml 
vim /opt/elasticsearch-5.6.1/config/elasticsearch.yml 

 ##将
#network.host: 192.168.0.1
 ##修改为
network.host: 0.0.0.0

附4：安装中文分词插件(如果是用rpm安装elasticsearch，则安装目录在/usr/share/elasticsearch/bin)

　　在elasticsearch-5.6.1in目录下执行以下命令：elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v5.6.1/elasticsearch-analysis-ik5.6.1.zip

 安装Kibana

步骤如下

1-去官网下载kibana。我下载的是kibana-5.6.4-linux-x86_64.tar

2-安装、将下在好的zip文件上传到opt目录下，并使用tar -zxvf 方式解压

3-修改配置文件

##修改配置文件server.host和elasticsearch.url
[root@ecs-x-large-2-linux-20200229160057 config]# vim /opt/kibana-5.6.4-linux-x86_64/config/kibana.yml 

# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://121.37.182.39:9200"

4-启动

##启动kibana-使用nohup & 方式启动
[root@ecs-x-large-2-linux-20200229160057 config]# cd /opt/kibana-5.6.4-linux-x86_64/bin
[root@ecs-x-large-2-linux-20200229160057 bin]# nohup ./kibana &
[1] 14010
[root@ecs-x-large-2-linux-20200229160057 bin]# nohup: ignoring input and appending output to ‘nohup.out’

5-测试启动

END