1. 创建普通用户
### linux创建用户,elastic不能用root用户启动
-- adduser方式为脚本方式,一行搞定
#添加用户
$ adduser chenbing
#设置密码
$ passwd chenbing
# 切换用户
$ su chenbing
# 进入到用户的根目录
$ cd ~
# 进入到chenbing同级目录
$ cd ..
# 切换root用户
$ su root
# 给chenbing设置权限
$ chmod 777 -R chenbing
# 然后切换用户
$ su chenbing
-- useradd方式有点繁琐
2. 下载解压
# 选择某一目录,下载
$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.16.1-linux-x86_64.tar.gz
$ wget https://artifacts.elastic.co/downloads/logstash/logstash-7.16.1-linux-x86_64.tar.gz
# 解压
$ tar -zxvf elasticsearch-7.16.1-linux-x86_64.tar.gz
$ tar -zxvf logstash-7.16.1-linux-x86_64.tar.gz
3. logstash-cbb.conf配置
# 路径:logstash-7.16.1/conf/logstash-cbb.conf
input {
stdin { }
jdbc {
# type => "test_user"
# MySQL数据库基础配置
jdbc_connection_string => "jdbc:mysql://localhost:3306/elk_test?useUnicode=true&characterEncoding=utf8&serverTimezone=UTC&useSSL=false"
jdbc_driver_library => "/home/chenbing/cbbUtil/mysql-connector-java-8.0.22.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "50000"
jdbc_user => "root"
jdbc_password => "root"
# 有设置分页的情况,注意sql不要加分号;同样,导入多表数据,只需要多写几个jdbc{},在output作判断
statement => "select * from user"
# statement_filepath => "/home/chenbing/cbbUtil/elk_test.sql"
# cron表达式,'* * * * *'表示每分钟执行一次,可参考学习:https://tool.lu/crontab/
schedule => "* * * * *"
# 指定追踪的字段,createdate是否驼峰可根据logstash控制台日志打印看到
tracking_column => "createdate"
# 追踪字段的类型,目前只有数字(numeric)和时间类型(timestamp),默认是数字类型
tracking_column_type => "timestamp"
#记录最后一次运行的结果
record_last_run => true
#上面运行结果的保存位置
last_run_metadata_path => "/home/chenbing/cbbSoft/logstash-7.16.1/jdbc-result.txt"
}
}
#filter {
# json {
# source => "message"
# remove_field => ["message"]
# }
# mutate {
# rename => { "CreateDate" => "createdate" }
# }
#}
output {
elasticsearch {
# ES的IP地址及端口
hosts => ["localhost:9200"]
# 索引名称,可自定义,对应database
index => "user"
# 需要关联的数据库中有一个id字段(table的主键),对应类型中的id
document_id => "%{userid}"
# 文档类型对应table
document_type => "_doc"
}
stdout {
# 控制台以json格式打印
codec => json_lines
# 下面这种打印格式会看起来更舒服些
# codec => rubydebug
}
}
4. 启动
### 1、启动elastic
# 进入es解压包,执行如下启动ES
# 直接当前终端启动,进入elasticsearch-7.16.1目录
$ /bin/elasticsearch
# 如要将 Elasticsearch 作为守护进程运行,请-d在命令行中指定,并使用以下-p选项将进程 ID 记录在文件中,官网方式
# 启动可能会报错,控制台日志显示是需要配置进入config/elasticsearch.yml配置,配置内容见附录
./bin/elasticsearch -d -p pid
### 2、启动logstash,进入logstash-7.16.1目录
$ bin/logstash -f config/logstash-cbb.conf
5. 关闭
### 1、两种方式关闭elastic
#### 方式一
# 查看java进程,elasticsearch前面的数字就是进程号
$ jps
$ kill -9 进程号
#### 方式二
# 第一条记录为elastic进程信息,第一列为elastic的用户,第二列为进程号
$ ps -ef | grep elastic
$ kill -9 进程号
### 2、关闭logstash,同样也可以试试上面的方法
附录
config/elasticsearch.yml配置
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#bootstrap.memory_lock: true
#ES_JAVA_OPTS: "-Xms512m -Xmx1024m"
#MAX_LOCKED_MEMORY: unlimited
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
discovery.seed_hosts: ["0.0.0.0", "[::1]"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
cluster.initial_master_nodes: ["node-1"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
action.destructive_requires_name: true
#
# ---------------------------------- Security ----------------------------------
#
# *** WARNING ***
#
# Elasticsearch security features are not enabled by default.
# These features are free, but require configuration changes to enable them.
# This means that users don’t have to provide credentials and can get full access
# to the cluster. Network connections are also not encrypted.
#
# To protect your data, we strongly encourage you to enable the Elasticsearch security features.
# Refer to the following documentation for instructions.
#
# https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html
运行报错vm.max_map_count [65530] is too low
# 在/etc/sysctl.conf文件最后添加一行:vm.max_map_count=262144
$ vim /etc/sysctl.conf
# 立即生效
$ /sbin/sysctl -p
办法千万种,解决最重要。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
