前置条件
java11,CentOS7.6 64位,elk7.8
一.Elasticsearch环境搭建
-
将如下内容添加到 vim
$HOME/.bash_profile
文件最后ES=/usr/local/elk/elasticsearch-7.8.0 # 替换为自己的路径 PATH=$ES/bin:$PATH export ES PATH
-
使环境变量生效
source $HOME/.bash_profile
-
Elasticsearch默认的jvm设置会申请1G的堆空间,对于小内存的服务器而言可能会因为内存不足无法启动,可通过
$ES/config/jvm.options
文件里的-Xms -Xmx
两个参数设置堆空间大小(第22行左右)-Xms和-Xmx两个参数必须保持一致。若参数值不一致,则ES无法正常启动
-
可通过修改
$ES/config/elasticsearch.yml
修改绑定ip和端口network.host: 0.0.0.0 # 绑定IP,根据实际情况进行修改,第55行左右 http.port: 9000 # 绑定端口,默认为9200,第59行左右
启动 、bin/elasticsearch
验证 curl http://localhost:9000
1.会报root账户问题2
解决:
需要建立es用户
elasticsearch添加用户和用户组并授权
groupadd es
useradd es -g es -p es
chown -R es:es /usr/local/elk/elasticsearch (授权)
su es
(如下踩坑遇到错误)
1.启动会报错
ES启动报错:ava.io.FileNotFoundException: /usr/local/elk/elasticsearchlogs/wen_server.json (权限不够
是es账号授权问题
解决 chown -R es:es /usr/local/elk/elasticsearch
3.启动运行错误
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
解决:(切换root用户)
vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
注:修改完需要重启linux。
其他错误(遇到解决,没遇到算了)
4.max number of threads [3818] for user [esuser] is too low, increase to at least [4096]
vi /etc/security/limits.d/90-nproc.conf
* soft nproc 4096
* hard nproc 4096
注:上面的**[esuser]**方括号里的为启动elasticsearch服务的用户名。
5.max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
vi /etc/sysctl.conf
vm.max_map_count=262144
注:修改完执行sysctl -p命令使改动生效。
6.system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
vi elasticsearch.yml
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
注:这两行属性设置的顺序不能颠倒
7.the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
vi elasticsearch.yml
cluster.initial_master_nodes: ["node-1"]
二.Kibana环境搭建
1.vim $HOME/.bash_profile
KB=/usr/local/elk/kibana-7.8.0-linux-x86_64 # 替换为自己的路径
PATH=$KB/bin:$PATH
export KB PATH
-
使环境变量生效
source $HOME/.bash_profile
-
Kibana只能在本地访问,若想远程访问,可修改
-
vim $KB/config/kibana.yml
-
文件里的
server.host
配置,也可通过elasticsearch.hosts
指定Elasticsearch地址,server.port
指定监听端口等server.port: 5601 # 第2行左右 server.host: "0.0.0.0" # 第7行左右 elasticsearch.hosts: ["http://127.0.0.1:9000"] # 第28行左右
启动 ./kibana
报错问题解决
server log [06:55:25.686] [warning][security] Generating a random key for xpack.security.encryptionKey.
To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml
根据提示,在配置文件kibana.yml中添加【xpack.security.encryptionKey】属性:
xpack.security.encryptionKey: "something_at_least_32_characters"
启动被占用5601 ps -ef|grep node命令或netstat -anltp|grep 5601
报3000超时错误
解决
head插件的安装
帮助文章 https://www.orchome.com/489