一、下载安装包:注意版本统一
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.2.zip wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.zip wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.2-linux-x86_64.tar.gz
二、修改配置文件
vim /etc/security/limits.conf
#在末尾追加以下内容(elk为启动用户,当然也可以指定为*) #需要修改几个参数,不然启动会报错 root soft nofile 100001 root hard nofile 100002 elk soft memlock unlimited elk hard memlock unlimited elk soft nofile 100001 elk hard nofile 100002
ulimit -u 100001 ulimit -u 100002 (设置limit参数)
vim /etc/security/limits.d/90-nproc.conf
#追加 * soft nproc unlimited elk soft nproc unlimited
vim /etc/sysctl.conf
vm.swappiness=0 vm.max_map_count=655360 sysctl -p #生效配置
三、elasticsearch.yml配置
unzip elasticsearch-6.3.2 cd elasticsearch-6.3.2/config/ vim elasticsearch.yml
cluster.name: ELK-Cluster #ELK的集群名称,名称相同即属于是同一个集群 node.name: elk-node1 #本机在集群内的节点名称 path.data: /elk/data #数据保存目录 path.logs: /elk/logs #日志保存目 #bootstrap.memory_lock: true #服务启动的时候锁定足够的内存,防止数据写入swap network.host: 0.0.0.0 #监听IP http.port: 9200 #discovery.zen.ping.unicast.hosts: ["192.168.56.11", "192.168.56.12"] #集群 bootstrap.memory_lock: false bootstrap.system_call_filter: false
启动elk(非root用户):
/home/elk/elasticsearch-6.3.2/bin/elasticsearch -d
查看端口:
[elk@xiaoyuer ~]$ netstat -lntup|egrep '9200|9300' tcp 0 0 0.0.0.0:9200 0.0.0.0:* LISTEN 26022/java tcp 0 0 0.0.0.0:9300 0.0.0.0:* LISTEN 26022/java
注意:在这里安装报错:
#ERROR: bootstrap checks failed #在elasticsearch.yml添加 bootstrap.memory_lock: false bootstrap.system_call_filter: false