1、安装包下载
ELK5.5版本; Jdk:java version "1.8.0_121"
ELK官网下载:https://www.elastic.co/downloads
Jdk8下载:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
参考:http://www.ywnds.com/?p=9776
[root@payment-server ELK]# ll
total 173660
-rw-r--r-- 1 root root 33485703 Sep 11 09:31 elasticsearch-5.5.2.tar.gz
-rw-r--r-- 1 root root 51073441 Sep 11 09:34 kibana-5.5.2-linux-x86_64.tar.gz
-rw-r--r-- 1 root root 93247274 Sep 11 09:34 logstash-5.5.2.tar.gz
2、jdk安装
现在将升级到1.8
[root@daily-server local]# tar zxf jdk-8u121-linux-x64.gz
# ln -sv jdk-8u121-linux-x64 jdk
cp /etc/profile /etc/profile.20170330 备份原文件
Vim /etc/profile 修改 新增:
export JAVA_HOME JAVA_BIN PATH CLASSPATH
export JAVA_HOME=/usr/local/jdk1.8.0_121
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
export CLASSPATH=.$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HOME/lib/tools.jar
# source /etc/profile
[root@svnserver atlassian-confluence-5.4.4]# java -version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
可以看到java的版本已经升级成功
3、安装elasticsearch
准备环境:
1、确保jdk1.8以上的版本:
2、创建elk用户:useradd elk (在elasticsearch2.0以后的版本都不能用root账户登录了)
Passwd elk 123456
3、内核调参:
[root@fortunedr-test1 ~]# vim /etc/sysctl.conf
vm.max_map_count=655360
fs.file-max = 1000000
[root@fortunedr-test1 ~]# vim /etc/security/limits.conf
* soft nofile 655350
* hard nofile 655350
elk soft memlock unlimited
elk hard memlock unlimited
* soft nproc 4056
elk hard nproc 6000
elk soft nproc 4056
* hard nproc 6000
[root@fortunedr-test1 ~]# vim /etc/security/limits.d/90-nproc.conf
* soft nproc 2048
elk soft nproc 2048
root soft nproc unlimited
[root@fortunedr-test1 ~]# sysctl -p
[root@fortunedr-test1 ~]# ulimit -n
655350
(后边启动如果报错可能是这里配置没有生效,建议重启机器生效,曾经踩过的坑啊)
==================================================================
解压,然后修改配置文件
[root@fortunedr-test1 ~]# grep -iv "^#" /data/servers/elasticsearch-5.5.2/config/elasticsearch.yml
cluster.name: myelk
node.name: node1
node.master: true
node.data: false
action.auto_create_index: true
path.data: /var/lib/elasticsearch/data
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 10.128.206.40
http.port: 9200
transport.host: 10.128.206.40
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["10.128.206.42:9300"]
discovery.zen.minimum_master_nodes: 1
http.cors.enabled: true
http.cors.allow-origin: "*"
从节点的配置参数:
[root@fortunedr-test4 ~]# grep -iv "^#" /data/servers/elasticsearch-5.5.2/config/elasticsearch.yml
cluster.name: myelk
node.name: node2
node.master: false
node.data: true
action.auto_create_index: true
path.data: /var/lib/elasticsearch/data
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 10.128.206.42
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["10.128.206.40:9300","10.128.206.42:9300"]
discovery.zen.minimum_master_nodes: 1
http.cors.enabled: true
http.cors.allow-origin: "*"
[root@fortunedr-test4 ~]#
[root@payment-server elasticsearch-5.5.2]# vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 131072
2、配置jvm的参数:
[root@fortunedr-test1 ~]# vim /data/servers/elasticsearch-5.5.2/config/jvm.options
-Xms1g
-Xmx1g
(如果条件允许,最好2到4G)
3、创建目录:
[root@fortunedr-test1 ~]# mkdir -pv /var/log/elasticsearch/
[root@fortunedr-test1 ~]# mkdir -pv /var/log/elasticsearch/
4、查看权限:
[root@fortunedr-test1 ~]# chown -R elk:elk /data/servers/elasticsearch-5.5.2/
[root@fortunedr-test1 ~]# chown -R elk:elk /var/log/elasticsearch/
[root@fortunedr-test1 ~]# chown -R elk:elk /var/lib/elasticsearch/
然后在另外一台机器做同样的配置:
然后su elk
[elk@fortunedr-test1 elasticsearch-5.5.2]$ ./bin/elasticsearch -d 即可启动成功:
如果报错请参考:
http://blog.csdn.net/qq942477618/article/details/53414983
[root@fortunedr-test1 ~]# netstat -tunlp | grep 9200
tcp 0 0 ::ffff:10.128.206.40:9200 :::* LISTEN 1902/java
安装插件:参考:http://blog.csdn.net/u013368491/article/details/69922195
参考:
下载插件包:
git clone https://github.com/hlstudio/bigdesk
git clone git://github.com/mobz/elasticsearch-head.git
bigdesk-master.zip 和elasticsearch-head-master.zip
安装nginx 解压这两个包到nginx的站点目录下/usr/share/nginx/html 并mv改名,方便记忆
[elk@fortunedr-test1 html]$ pwd
/usr/share/nginx/html
-rw-r--r--. 1 root root 3650 Feb 9 2011 404.html
-rw-r--r--. 1 root root 3693 Feb 9 2011 50x.html
drwxr-xr-x. 13 root root 4096 Nov 13 2015 anemometer
-rw-r--r--. 1 root root 3503 Mar 17 2012 atomic_bg.png
-rw-r--r--. 1 root root 18402 Mar 17 2012 atomicorp_logo.png
drwxr-xr-x. 3 elk elk 4096 Nov 19 2016 bigdesk
-rw-r--r--. 1 root root 339 Mar 17 2012 gradient_bg.png
drwxr-xr-x. 6 elk elk 4096 Sep 15 09:32 head
-rw-r--r--. 1 root root 2608 Mar 17 2012 index.html
-rw-r--r--. 1 root root 23 Nov 13 2015 info.php
-rw-r--r--. 1 elk elk 921421 Sep 15 12:28 master
-rw-r--r--. 1 root root 370 Mar 17 2012 nginx-logo.png
[elk@fortunedr-test1 html]$
启动bigdesk插件:
cd bigdisk/_site
[root@fortunedr-test1 _site]# python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...
d1-szhang.hq.ta-mp.com - - [15/Sep/2017 13:07:09] "GET / HTTP/1.1" 200 -
d1-szhang.hq.ta-mp.com - - [15/Sep/2017 13:07:09] "GET /css/reset.css HTTP/1.1" 200 -....
Screen插件:
[root@fortunedr-test1 _site]# yum install screen -y
[root@fortunedr-test1 _site]# screen -S bigdisk 进入一个新的终端(ctrl+a +d 退回原来的终端,creen -ls查看当前的的创建的终端和状态)
Logstash配置:
安装同上,解压配置,然后写过滤规则,这里可参照官网写
关于patten在线调试:http://grokdebug.herokuapp.com/
在线查看正则https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns
Kibana安装:
参考:http://www.cnblogs.com/wxw16/p/6150681.html
http://blog.csdn.net/u013368491/article/details/69936033
解压 ,然后配置指定主机位置:
[root@fortunedr-test1 config]# vim /data/servers/kibana-5.5.2-linux-x86_64/config/kibana.yml
server.port: 5601
server.host: "10.128.206.40"
[root@fortunedr-test1 kibana-5.5.2-linux-x86_64]# ./bin/kibana (现在es中还没有索引,所以是red)
Kibana插件: https://artifacts.elastic.co/downloads/kibana-plugins/x-pack/x-pack-5.5.2.zip
[root@fortunedr-test1 bin]# ./kibana-plugin install x-pack
Kibana配置:
[root@fortunedr-test1 config]# grep -iv "^#" kibana.yml
server.port: 5601
server.host: "0.0.0.0"
server.maxPayloadBytes: 1048576
elasticsearch.url: "http://10.128.206.40:9200"
kibana.index: ".kibana"
elasticsearch.pingTimeout: 15000
elasticsearch.requestTimeout: 300000
启动kibanna
[root@elk-server ~]# /data/servers/kibana-5.5.2-linux-x86_64/bin/kibana