【ELK】1 ElasticSearch安裝
ELK搭建可參考文件:http://www.ywnds.com/?p=9776
ELK環境搭建,因當前公司使用ES版本5.2.2,故本次以此版本記錄。
ELK日誌視覺化,是集合Elasticsearch、Logstash、Kibana及其相關元件,組成實時日誌處理系統。
日誌的實時分析,有助於隨時掌握服務的執行狀況、統計PV/UV、發現異常流量、分析使用者行為、檢視站內熱門關鍵詞等。
官網下載 :https://www.elastic.co/downloads/past-releases/
下載內容 :
elasticsearch-5.2.2.tar.gz
一、安裝elasticsearch
下載對應版本es elasticsearch-5.2.2.tar.gz
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.2.tar.gz
解壓tar檔案
# tar -zxvf elasticsearch-5.2.2.tar.gz
移動至/usr/local/目錄下
# mv elasticsearch-5.2.2 /usr/local/elasticsearch
因ES不能使用 root 許可權啟動,需新建立一個使用者,便於管理啟動ES
新增分組
# groupadd elsearch
新增使用者及使用者密碼
# useradd elsearch -g elsearch -p elasticsearch
授權新使用者訪問目錄
#cd /usr/local
#chown -R elsearch:elsearch elasticsearch
切換使用者登入
# su elsearch
修改配置檔案,方便外網訪問
# cd /usr/local/elasticsearch/config
# vi elasticsearch.yml
network.host: 0.0.0.0 開放外網訪問
http.port: 9200 指定埠9200
二、啟動ES
# cd /usr/local/elasticsearch/bin
# ./elasticsearch (單純使用./elasticsearch啟動,ctrl+C 會導致ES直接關閉,可使用啟動命令 ./elasticsearch -d ,表示後臺執行)
2、驗證ES啟動,訪問地址 http://ip:9200/ http://127.0.0.1:9200/
出現下面內容,表示成功
{
"name": "vzdOjz6",
"cluster_name": "elasticsearch",
"cluster_uuid": "KEroQHhPROObcpLGBv9nFg",
"version": {
"number": "5.2.2",
"build_hash": "f9d9b74",
"build_date": "2017-02-24T17:26:45.835Z",
"build_snapshot": false,
"lucene_version": "6.4.1"
},
"tagline": "You Know, for Search"
}
二、安裝x-pack
X-Pack是一個Elastic Stack的擴充套件,將安全,警報,監視,報告和圖形功能包含在一個易於安裝的軟體包中
# cd /usr/local/elasticsearch/bin
# ./elasticsearch-plugin install x-pack
ps:注意,安裝x-pack重啟後,訪問http://ip:9200/ 需要賬號、密碼
預設賬號:elastic 預設密碼:changeme
[email protected] bin]# ./elasticsearch-plugin install x-pack
-> Downloading x-pack from elastic
[=================================================] 100%
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
* java.util.PropertyPermission sun.nio.ch.bugLevel write
* javax.net.ssl.SSLPermission setHostnameVerifier
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
-> Installed x-pack
[[email protected] bin]#
三、啟動失敗問題彙總:
參考地址 https://blog.csdn.net/qq_21387171/article/details/53577115
1) java.lang.RuntimeException: can not run elasticsearch as root
需單獨建立ES使用者,用ES使用者啟動ES
報錯示例:
[[email protected] bin]# ./elasticsearch
[2018-07-25T14:20:46,394][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:125) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.cli.SettingCommand.execute(SettingCommand.java:54) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.cli.Command.main(Command.java:88) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:89) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:82) ~[elasticsearch-5.2.2.jar:5.2.2]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:105) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:203) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-5.2.2.jar:5.2.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-5.2.2.jar:5.2.2]
... 6 more
[[email protected] bin]#
2)max file descriptors 過小
max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]
maxfile descriptors為最大檔案描述符,設定其大於65536即可。
解決方法是修改/etc/security/limits.conf檔案,新增“* - nofile65536 * - memlock unlimited”,“*”表示給所有使用者起作用,
# vi /etc/security/limits.conf
* - nofile 65536
* - memlock unlimited
3)max_map_count過小
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
max_map_count檔案包含限制一個程序可以擁有的VMA(虛擬記憶體區域)的數量,系統預設是65530,修改成262144。
解決方法是修改/etc/sysctl.conf配置檔案,新增 vm.max_map_count=262144 ,記得需要重啟機器才起作用,修改後配置如下圖所示:
# vi /etc/sysctl.conf
末尾追加如下程式碼 vm.max_map_count=262144
# sysctl -p 從指定的檔案載入系統引數,如不指定即從/etc/sysctl.conf中載入