入门学习ELK,本文简单记录了我在centos6.8安装过程。
安装包:elasticsearch-6.2.2.tar.gz
安装位置:/usr/local/software
一、解压:tar -zxvf elasticsearch-6.2.2.tar.gz
二、配置文件讲解
jvm.options 虚拟机参数配置文件 配置heap内存一样 elasticsearch.yml 主配置文件 cluster.name 集群名称,同一个网段自动加入 node.name 节点名称 http.port http端口 默认情况下,Elastic 只允许本机访问,如果需要远程访问,可以修改 Elastic 安装目录的 |
我暂时没修改任何配置
三、启动
注意:root用户无法启动Elasticsearch
add一个elk用户:
将elasticsearch-6.2.2权限放开:chmod 777 -R elasticsearch-6.2.2
切换其他用户:su elk
进入bin目录启动:./elasticsearch
或者守护进程启动:nohup ./bin/elasticsearch &
此时虽然有警告但也算成功启动了。
在虚拟机内访问
在笔记本访问
--------------------------------------------------------------------------
为解决此问题,需要修改elasticsearch.yml
network.host: 0.0.0.0
然后启动(注意非root用户)
报错,如下:
ERROR: [4] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2]: max number of threads [1024] for user [elk] is too low, increase to at least [4096]
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[4]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
我搜索了相关报错找到了这两篇博客如下。
https://blog.csdn.net/abcd_d_/article/details/53018927
https://www.cnblogs.com/xxoome/p/6663993.html
再叙述博客相关知识:
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
解决方法:
#切换到root用户修改 vim /etc/security/limits.conf # 在最后面追加下面内容 elk hard nofile 65536 elk soft nofile 65536
# 注意elk 是用户
[2]: max number of threads [1024] for user [elk] is too low, increase to at least [4096]
解决方法:
#切换到root用户修改
进入limits.d下的配置文件:vi /etc/security/limits.d/90-nproc.conf ,修改配置如下:
* soft nproc
4096
root soft nproc unlimited
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决方法:
#切换到root用户修改
修改sysctl文件:vi /etc/sysctl.conf ,增加下面配置项
- 增加改行配置:vm.max_map_count=655360
- 保存退出后,执行:
- sysctl -p
[4]: system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
解决方法:
在elasticsearch.yml中加入下面命令即可
bootstrap.system_call_filter: false
启动ElasticSearch之后,笔记本就可以ip:9200访问了