【centos】安装ELK之ElasticSearch
部署环境:
- centos 6.X
- jdk 1.7
- elasticsearch 2.3.1 https://www.elastic.co/downloads/elasticsearch
- logstash 2.3.1 https://www.elastic.co/downloads/logstash
- Kibana 4.5.0 https://www.elastic.co/downloads/kibana
下载资源:
Elasticsearch:https://www.elastic.co/downloads 比如下载的是tar.gz包;根据自己习惯,可以下载rpm,或者zip 都可以。
需要提前注意的是,对端口的火墙策略;
# vim /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 9200 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT # service iptables restart
还就是安装JDK
略
将其解压到/usr/local 下的elasticsearch文件夹下,然后Run bin/elasticsearch on Unix orbin\elasticsearch.bat on Windows
但是,如果是用root权限运行,会提示“java.lang.RuntimeException: don't run elasticsearch as root.” 原因是这是出于系统安全考虑设置的条件。由于ElasticSearch可以接收用户输入的脚本并且执行,为了系统安全考虑, 建议创建一个单独的用户用来运行ElasticSearch
[root@candaotool bin]# ./elasticsearch Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root. at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:93) at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:144) at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270) at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35) Refer to the log for complete error details.
-
创建elsearch用户组及elsearch用户
groupadd elsearch useradd elsearch -g elsearch -p elasticsearch -
更改elasticsearch文件夹及内部文件的所属用户及组为elsearch:elsearch
cd /opt chown -R elsearch:elsearch elasticsearch
-
切换到elsearch用户再启动
-
su elsearch cd elasticsearch/bin ./elasticsearch
运行输出:
-
[elasticsearch@candaotool bin]$ ./elasticsearch [2016-04-14 16:22:19,887][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel,
CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed [2016-04-14 16:22:20,200][INFO ][node ] [Jack O'Lantern] version[2.3.1], pid[2805], build[bd98092/2016-04-04T12:25:05Z] [2016-04-14 16:22:20,201][INFO ][node ] [Jack O'Lantern] initializing ... [2016-04-14 16:22:20,806][INFO ][plugins ] [Jack O'Lantern] modules [lang-groovy, reindex, lang-expression], plugins [], sites [] -
ElasticSearch后端启动命令
./elasticsearch -d
-
检验服务是否正常,如果想通过IP地址访问,那么需要修改config/elasticsearch.yml文件中的network.host: 192.168.87.8,这样就可以通过http://192.168.87.8:9200访问了。后续kibana中也可以顺利配置这个IP和端口了。
-
curl -X GET http://localhost:9200
[elasticsearch@candaotool bin]$ curl -X GET http://localhost:9200 { "name" : "Spectral", "cluster_name" : "elasticsearch", "version" : { "number" : "2.3.1", "build_hash" : "bd980929010aef404e7cb0843e61d0665269fc39", "build_timestamp" : "2016-04-04T12:25:05Z", "build_snapshot" : false, "lucene_version" : "5.5.0" }, "tagline" : "You Know, for Search" }
到此,表示服务正常运行!
如果搭建ES(2.X版本以后)集群的话,需要手动修改一下elasticsearch.yml文件:
# --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # # discovery.zen.ping.unicast.hosts: ["host1", "host2"] # # Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1): # # discovery.zen.minimum_master_nodes: 3 # # For more information, see the documentation at: # <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html>
- 资源参考:
-
https://www.elastic.co/download
https://www.elastic.co/downloads/elasticsearch
http://my.oschina.net/topeagle/blog/591451
http://stackoverflow.com/questions/34920801/how-to-run-elasticsearch-2-1-1-as-root-user-in-linux-machine - http://kibana.logstash.es/content/kibana/v4/setup.html
- https://www.elastic.co/guide/en/kibana/current/setup.html 提到了安装为服务的方法
-
