下载安装包:https://www.elastic.co/downloads
我下载的是:elasticsearch-7.8.0-linux-x86_64.tar.gz 、kibana-7.8.0-linux-x86_64.tar.gz、logstash-7.8.0.tar.gz
分别拷贝到机器上:
先安装tomcat
yum install tomcat
安装完成后,java -version看下是否安装成功
首先安装elsticsearch:
安装完成后,创建启用服务的用户:
1、groupadd elsearch
2、useradd elsearch -g elsearch -p elasticsearch
3、将文件拷贝到elsearch 用户下,然后修改文件属主为elsearch
chown -R elsearch:elsearch +文件夹名字
配置基础配置文件:
elasticsearch-7.8.0/config文件下下,找到elasticsearch.yml
配置如下:
编辑vim jvm.options
当前机器的情况进行调整
elsearch用启动,
./elasticsearch-7.8.0/bin/elasticsearch &
启动时报错:
2020-06-19T11:21:49,740][INFO ][o.e.b.BootstrapChecks ] [logserver.localdomain] bound or publishing to a non-loopback address, enforcing bootstrap checks
ERROR: [3] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[3]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
下面是分别解决这3个问题:
[1]解决办法:
Vim etc/security/limits.conf ,在文件最后添加:
* soft nofile 65536
* hard nofile 65536
[2]解决办法:
vi /etc/sysctl.conf 文件末尾添加以下配置
vm.max_map_count=655360,添加完成后执行sysctl -p
[3]解决办法:修改elasticsearch-7.8.0/config/elasticsearch.yml 文件
添加如下配置:
跨域可用于es-head
再次启动elasticsearch ,页面已经能打开了
elasticsearch的配置如下:
cluster.name: "my-es"
#集群名字(集群内机器所有集群名字必须一致)
node.name: "node-1"
#节点名字(集群内所有机器节点名不同)
node.master: true
path.data: "/var/eslog/"
path.logs: "/var/eslog/"
#日志存储路径
network.host: "0.0.0.0"
http.port: 9200
transport.tcp.port: 9300
#集群内传输端口
discovery.zen.ping.unicast.hosts: ["10.0.6.152:9300","10.0.6.153:9300","10.0.6.188:9300"]
#集群内主机
discovery.zen.minimum_master_nodes: 1
#主节点数
cluster.initial_master_nodes: ["node-1"]
#默认主节点
http.cors.enabled: true
http.cors.allow-origin: "*"
启动logstash的时候,需要指定配置文件,我的是syslog,配置如下:
、
input {
syslog {
port => "5140"
}
}
output {
elasticsearch {
hosts => ["10.0.6.152:9200"]
index => "logstash-%{+YYYY.MM.dd HH}"
}
}
logstash.yml的配置如下:
http.enabled: true
http.host: "0.0.0.0"
http.port: 9600-9700
kibana配置:
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://127.0.0.1:9200"]
kibana.index: ".kibana"
可以通过安装es-head-master 进行集群监控:
启动es-head
npm run start &
还在学习过程中,后面会继续更新。