yum -y install java-1.8.0
java -version
2、安装Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.3.2.tar.gz
tar -zxvf elasticsearch-5.3.2.tar.gz
./elasticsearch
Elasticsearch5.3 安装问题集锦
elasticsearch 5.3 安装过程中遇到了一些问题,通过查找资料几乎都解决掉了,这里简单记录一下 ,供以后查阅参考,也希望可以帮助遇到同样问题的你。
问题一:警告提示
[2017-04-28T16:27:21,712][WARN ][o.e.b.JNANatives ] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: requires kernel 3.5+ with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER compiled in
at org.elasticsearch.bootstrap.Seccomp.linuxImpl(Seccomp.java:349) ~[elasticsearch-5.3.2.jar:5.3.2]
at org.elasticsearch.bootstrap.Seccomp.init(Seccomp.java:630) ~[elasticsearch-5.3.2.jar:5.3.2]
报了一大串错误,其实只是一个警告。
解决:使用新的linux版本,就不会出现此类问题了。
第一步,先看目前的内核版本
uname -r
在我的系统上输出:
2.6.32-431.el6.centos.plus.x86_64
第二步,导入public key
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
第三步,安装ELRepo
rpm -Uvh http://www.elrepo.org/elrepo-release-6-6.el6.elrepo.noarch.rpm
第四步,安装内核
在yum的ELRepo源中,有mainline(4.6)、long-term(3.10)这2个内核版本,考虑到long-term更稳定,会长期更新,所以选择这个版本。
查看ELRepo源中内核:http://elrepo.org/linux/kernel/el6/x86_64/RPMS/
安装命令: yum --enablerepo=elrepo-kernel install kernel-lt -y
第五步,编辑grub.conf,修改Grub引导顺序
vim /etc/grub.conf 确认刚安装好的内核在哪个位置,然后设置default值(从0开始),一般新安装的内核在第一个位置,所以设置default=0。
第六步,重启,查看内核版本号
uname -r 在我的系统上输出:
3.10.105-1.el6.elrepo.x86_64
问题二:ERROR: bootstrap checks failed
max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]
max number of threads [1024] for user [lishang] likely too low, increase to at least [2048]
解决:切换到root用户,编辑limits.conf 添加类似如下内容
vi /etc/security/limits.conf
添加如下内容:
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
问题三:max number of threads [1024] for user [lish] likely too low, increase to at least [2048]
解决:切换到root用户,进入limits.d目录下修改配置文件。
vi /etc/security/limits.d/90-nproc.conf
修改如下内容:
* soft nproc 1024
#修改为
* soft nproc 2048
问题四:max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
解决:切换到root用户修改配置sysctl.conf
vi /etc/sysctl.conf
添加下面配置:
vm.max_map_count=655360
并执行命令:
sysctl -p
然后,重新启动elasticsearch,即可启动成功。
nohup ./elasticsearch&
elasticSearch建议用一个专用的用户进行操作,如果要解决root用户启动的不报错
vi bin/elasticsearch
#允许root用户启动,修改启动文件,添加下面一行
ES_JAVA_OPTS="-Des.insecure.allow.root=true"
#修改
vi config/elasticsearch.yml
network.host: 10.0.80.202访问 http://10.0.80.202:9200/
{
"name" : "4bC3YJB",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "H6udFRQCSKGPhgYLoOGp1g",
"version" : {
"number" : "5.3.2",
"build_hash" : "3068195",
"build_date" : "2017-04-24T16:15:59.481Z",
"build_snapshot" : false,
"lucene_version" : "6.4.2"
},
"tagline" : "You Know, for Search"
}
需要了解elasticsearch日志存放在哪里,定期清理日志
清理Elasticsearch索引
索引放久了需要清理,清理所以可以使用Elasticsearch的API。
例如我需要删除某个索引2016年5月份的所有索引,可以使用下面的命令:
curl -XDELETE 'http://19:9200/logstash-2017.05.*'
集群配置
vi config/elasticsearch.yml
#配置集群名称 三台服务器保持一致
cluster.name: cluster-5.3.2
#配置单一节点名称,每个节点唯一标识
node.name: node-1
#设置绑定的ip地址
network.host: 10.0.80.202
#端口
http.port: 9200
#集群节点ip或者主机
discovery.zen.ping.unicast.hosts: ["10.0.80.200", "10.0.80.201","10.0.80.202"]
#设置这个参数来保证集群中的节点可以知道其它N个有master资格的节点。默认为1,对于大的集群来说,可以设置大一点的值(2-4)
discovery.zen.minimum_master_nodes:3
#下面两行配置为haad插件配置,三台服务器一致。
http.cors.enabled: true
http.cors.allow-origin: "*"
yum -y install java-1.8.0
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.3.2.tar.gz
tar -zxvf logstash-5.3.2.tar.gz
vi config/logstash-agent.conf
input {
file {
type => "tomcat-access"
path => "/user/software/apache-tomcat-8.5.14/logs/localhost.2017-04-28.log"
}
file {
type => "nginx-access"
path => "/usr/local/nginx/logs/access.log"
}
}
filter {
if [type] == "nginx-access"{
grok {
match => ["message", "%{COMBINEDAPACHELOG}"]
}
kv {
source => "request"
field_split => "&?"
value_split => "="
}
urldecode {
all_fields => true
}
date {
locale => "cn"
match => [ "timestamp" , "dd/MMM/YYYY:HH:mm:ss Z" ]
}
geoip {
source => "source_ip"
}
}
}
output {
stdout {
}
redis {
host => "10.0.80.201"
port => "6379"
data_type => "list"
key => "logstash:redis"
}
}
#查看安装插件
./bin//logstash-plugin list
#启动logstash
./bin//logstash -f ../config/logstash-agent.conf --config.reload.automatic
在另外服务器上操作
tar -zxvf logstash-5.3.2.tar.gz
vi config/logstash-index.conf
input {
redis {
host => "10.0.80.201"
port => "6379"
data_type => "list"
key => "logstash:redis"
codec => json
type => "redis-input"
}
}
output {
elasticsearch {
hosts => "10.0.80.202:9200"
index => "logstash-%{+YYYY.MM.dd}-%{type}"
}
}
./bin//logstash -f ../config/logstash-index.conf --debug
4、安装Kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.3.2-linux-x86_64.tar.gz
tar -zxvf kibana-5.3.2-linux-x86_64.tar.gz
server.port: 5601
server.host: "10.0.80.199"
elasticsearch.url: http://10.0.80.202:9200
kibana.index: ".kibana"
#启动Kibana并进行测试访问
nohup ./bin/kibana&
访问 http://10.0.80.199:5601
5、redis服务器安装,参考前面集群安装
6、filebeat安装配置
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.3.2-linux-x86_64.tar.gz
vi filebeat.yml
- input_type: log
# Paths that should be crawled and fetched. Glob based paths.
paths:
#- /var/log/*.log
#- c:\programdata\elasticsearch\logs\*
- "/usr/software/apache-tomcat-8.5.14/logs/catalina.out"
encoding:utf-8
type:tomcat-logs
host: 10.0.80.200
output.redis:
enabled: true
hosts: ["10.0.80.202:6379"]
port: 6379
datatype: list
save_topology: true
index: "logstash:redis"
#启动
nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &11
后面有时间在研究下Filebeat、logstash插件及其他插件整合使用、elasticsearch集群