Ubuntu安装ELK
安装Elasticsearch
1)下载
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.8.0-linux-x86_64.tar.gz
2)解压
cd /home/elasticsearch
tar -zxvf elasticsearch-7.8.0-linux-x86_64.tar.gz
3)创建data目录
cd /home/elasticsearch
mkdir data
4)修改config/elasticsearch.yml
cd /home/elasticsearch/elasticsearch-7.8.0/config
vi elasticsearch.yml
修改内容
#集群名称
cluster.name: es-rms
#节点名称
node.name: node-1
#数据和日志的存储目录
path.data: /home/elasticsearch/data
path.logs: /home/elasticsearch/elasticsearch-7.8.0/logs
#设置绑定的ip,设置为0.0.0.0以后就可以让任何计算机节点访问到了
network.host: 0.0.0.0
#端口
http.port: 9200
#设置在集群中的所有节点名称,这个节点名称就是之前所修改的,当然你也可以采用默认的也行,目前是单机,放入一个节点即可
cluster.initial_master_nodes: ["node-1"]
5)启动
cd /home/elasticsearch/elasticsearch-7.8.0/bin
./elasticsearch
#后台启动
./elasticsearch -d
出现如下错误
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000c5330000, 986513408, 0) failed; error='Cannot allocate memory' (errno=12)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 986513408 bytes for committing reserved memory.
# An error report file with more information is saved as:
# logs/hs_err_pid22863.log
1G内存太小,elasticsearch使用java的jvm默认是使用1G的内存,修改一下内存,直接把内存改到512m
cd /home/elasticsearch/elasticsearch-7.8.0/config
vi jvm.options
------修改内容
-Xms512m
#-Xms1g
-Xmx512m
#-Xmx1g
出现如下错误
[2019-06-21T16:20:03,039][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-7.1.1.jar:7.1.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.1.1.jar:7.1.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.1.1.jar:7.1.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:102) ~[elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:169) ~[elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:325) ~[elasticsearch-7.1.1.jar:7.1.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) ~[elasticsearch-7.1.1.jar:7.1.1]
... 6 more
elasticsearch不能使用root用户操作,需要添加一个其他的用户
#创建用户组
groupadd elastic
#添加用户es
adduser es
#修改用户组
usermod -g elastic es
#修改用户密码
# passwd es
Changing password for user es.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
#添加文件权限,使es用户可操作文件
chown -R es:elastic /home/elasticsearch
修改/etc/security/limits.conf文件,在末尾加上
es soft nofile 65536
es hard nofile 65536
es soft nproc 4096
es hard nproc 4096
修改/etc/sysctl.conf文件,在末尾加上
vm.max_map_count = 262144
#注:使用在docker容器中安装时,启动容器需要添加--privileged参数,否则无法修改该值
使修改生效
sysctl -p
登录es用户后启动
su - es
/home/elasticsearch/elasticsearch-7.8.0/bin/elasticsearch
6)验证访问
curl 'http://localhost:9200/?pretty'
#返回结果
{
"name" : "node-1",
"cluster_name" : "es-rms",
"cluster_uuid" : "EuXotObWRmWnrYcf3rWXfg",
"version" : {
"number" : "7.8.0",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "757314695644ea9a1dc2fecd26d1a43856725e65",
"build_date" : "2020-06-14T19:35:50.234439Z",
"build_snapshot" : false,
"lucene_version" : "8.5.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
#安装curl命令
apt-get install curl
安装kibana
1)下载
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.8.0-linux-x86_64.tar.gz
- 解压
cd /home/kibana
tar -zvxf kibana-7.8.0-linux-x86_64.tar.gz
- 修改配置
cd /home/kibana/kibana-7.8.0-linux-x86_64/config
vi kibana.yml
---------修改内容
#端口号
server.port: 5601
#服务地址
server.host: "110.10.0.14"
#代理路径
server.basePath: "/kibana"
#elasticsearch服务地址
elasticsearch.hosts: ["http://110.10.0.14:9200"]
4)启动
cd /home/kibana/kibana-7.8.0-linux-x86_64/bin
./kibana
出现如下错误
Kibana should not be run as root. Use --allow-root to continue
需要在非root用户下启动,创建新用户
#创建用户组
groupadd elastic
#添加用户es
adduser es
#修改用户组
usermod -g elastic es
#修改用户密码
# passwd es
Changing password for user es.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
#添加文件权限,使es用户可操作文件
chown -R es:elastic /home/kibana
登录es用户后启动kibana
出现如下错误
log [09:50:02.302] [error][reporting] The Reporting plugin encountered issues launching Chromium in a self-test. You may have trouble generating reports.
log [09:50:02.302] [error][reporting] Error: Failed to launch chrome!
需要安装chromium
apt-get install chromium-browser
启动kibana
出现如下错误
[0623/100217.756157:WARNING:resource_bundle.cc(358)] locale_file_path.empty() for locale
[0623/100217.771950:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
需要启动chromium沙盒模式
#修改kibana.yml文件
cd /home/kibana/kibana-7.8.0-linux-x86_64/config
vi kibana.yml
#在最后行添加,启动沙盒
xpack.reporting.capture.browser.chromium.disableSandbox: true
安装logstash
- 下载
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.8.0.tar.gz
- 解压
cd /home/logstash
tar -zxvf logstash-7.8.0.tar.gz
- 编写控制文件 **.conf
input {
tcp {
host => "110.10.0.14"
port => 9501
mode => "server"
tags => ["tags"]
codec => plain{charset=>"UTF-8"}
}
}
output {
elasticsearch {
action => "index"
index => "rms-log"
hosts => ["110.10.0.14:9200"]
}
}
- 启动
/home/logstash/logstash-7.8.0/bin -f /home/logstash/rms.conf
后台启动
cd /home/logstash
#编写start-rms.sh
nohup logstash-7.8.0/bin/logstash -f rms.conf > /dev/null 2>&1 &