安装环境:

操作系统:centos 6.8
jdk版本:jdk1.8.0_121
应用版本:Elasticsearch 5.2.2

1.Elasticsearch5.2.2安装

(1)下载地址:

wget -P /usr/local/src https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.2.tar.gz

(2)jdk安装
jdk包文件自行官网下载:

下载的软件存放目录为/usr/local/src/

解压:tar -zxvf jdk-8u121-linux-x64.tar.gz -C /usr/local/
进入目录:cd /usr/local/
做软连接:ln -s jdk1.8.0_121 java

添加环境变量

#vim /etc/profile
最后添加:
export JAVA_HOME=/usr/local/java
export JAVA_BIN=$JAVA_HOME/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH 使profile生效
#source /etc/profile

检测jdk是否安装成功.

java -version

(3)安装Elasticsearch

[root@localhost src]#tar -zxvf elasticsearch-5.22.tar.gz -C /usr/local/
[root@elk-node1 local]# ln -s elasticsearch-5.22 elasticsearch

2、用户组和用户创建,elasticsearch不能使用root启动,因此需要创建其他用户来启动

创建用户组

groupadd elsearch
useradd -g elsearch elsearch
chown -R elsearch:elsearch elasticsearch*

3、设置系统的相关参数,如果不设置参数将会存在相关的问题导致不能启动

配置系统最大文件数

vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536

修改最大线程数的配置

vim /etc/security/limits.d/90-nproc.conf
* soft nproc 65536
root soft nproc unlimited

内存太小需要修改

vim /usr/local/elasticsearch/config/jvm.options
将-Xmx2g改成-Xmx512m
将-Xms2g改成-Xms512m
-Xms512m
-Xmx512m

调整虚拟内存最大map数量,默认是65536,调整最大的文件数量

vim /etc/sysctl.conf

在文件最底下增加:vm.max_map_count=262144和fs.file-max=65536
使生效并查看值:sysctl -p
最好也执行一下这条语句,确保修改成功
echo "262144" > /proc/sys/vm/max_map_count

(4)启动elasticsearch

修改配置文件:vim /usr/local/elasticsearch/config/elasticsearch.yml
配置下面参数
network.host: 本机IP地址
http.port: 9200
需要注意,如果您的系统是centos 6.5需要再末尾增加:bootstrap.system_call_filter: false。不增加的情况下启动会报异常,原因是操作系统不兼容

启动程序

切换到设置的用户:su - elsearch
启动:/usr/local/elasticsearch/bin/elasticsearch -d

(5.)验证有没有启动成功:curl http://IP:9200,返回下面信息说明启动成功

#结合 `-i 参数来显示HTTP 头信息

[root@localhost]# curl -i -XGET '192.168.100.70:9200/'
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 324 {
"name" : "node-1",
"cluster_name" : "elk-cluster",
"cluster_uuid" : "bMJ2JfagSHSe2oQsGRxXkw",
"version" : {
"number" : "5.2.2",
"build_hash" : "f9d9b74",
"build_date" : "2017-02-24T17:26:45.835Z",
"build_snapshot" : false,
"lucene_version" : "6.4.1"
},
"tagline" : "You Know, for Search"
}

官网地址:
https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html

https://www.elastic.co/guide/en/logstash/5.2/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-hosts

logstash-kibana下载地址:

wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.2.2-linux-x86_64.tar.gz

kibana可视化配置文档:

http://www.apache.wiki/pages/viewpage.action?pageId=2163133

ELK5.2.2 X-pack 安装: 

elasticsearch:
如果elasticsearch是集群,每个节点都安装x-pack.

[root@ELK-node1 elasticsearch]# bin/elasticsearch-plugin install x-pack
[root@ELK-node2 elasticsearch]# bin/elasticsearch-plugin install x-pack

修改配置文件,在末尾加上如下行:

vim elasticsearch.yml

action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*

logstash安装x-pack,如果logstash是多台也都得安装:

[root@ELK-node1 logstash]# bin/logstash-plugin install x-pack 

[root@ELK-node1 config]# vim logstash.yml

xpack.monitoring.elasticsearch.url: "http://es-ip:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "changeme"  

在logstash配置文件logstash.conf中要指定认证用户名和密码:如

if [type] == "nginx-access" {
elasticsearch {
hosts => [ "192.168.100.70:9200","192.168.100.71:9200" ]
index => "logstash-xxx-log-%{+YYYY.MM.dd}"
user => logstash_internal
password => changeme
}
}  

kibana安装x-pack:

[root@ELK-node2 kibana]# bin/kibana-plugin install x-pack

重启ELK各个服务:

登录kibna: http://ip:5601

默认登录用户名密码:

  elastic
  changeme

如果kibana可以登录,但logstash日志还是有如下报错信息:

[WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error.
{:url=>#<URI::HTTP:0x3c6582db URL:http://127.0.0.1:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::
BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}

则再创建如下用户(可以直接在kibana控制台的Dev Tools中执行如下命令):

POST _xpack/security/role/logstash_writer
{
"cluster": ["manage_index_templates", "monitor"],
"indices": [
{
"names": [ "logstash-*" ],
"privileges": ["write","delete","create_index"]
}
]
} POST _xpack/security/user/logstash_internal
{
"password" : "changeme",
"roles" : [ "logstash_writer"],
"full_name" : "Internal Logstash User"
}

使用_cat查看Elasticsearch状态 

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat
=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates

统计:

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/count?v
epoch timestamp count
::

查看监控状态:

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/health?v
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
:: escluster green - 100.0%

查看集群master节点状态

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/master?v
id host ip node
uKwubwwrTF-C1FWNQiLVWg 10.100.3.59 10.100.3.59 es01

搜索es集群索引日志信息:

curl -XGET 'http://127.0.0.1:9200/*-2017-10-*'

删除索引:

curl -XDELETE 'http://10.200.3.90:9200/logstash-www1.beta.etongdai.org_access.log-2018.04.*'

参考文档: http://blog.csdn.net/ybtsdst/article/details/51907020

参考文档:
    http://doc.okbase.net/davidgu/archive/262011.html
    http://www.th7.cn/system/lin/201611/187507.shtml
    https://www.elastic.co/guide/en/x-pack/current/index.html
    https://stackoverflow.com/questions/43281264/how-enable-anonymous-access-in-elasticsearch-5-3

05-11 19:54
查看更多