ELK-Elasticsearch安装

1、安装JDK
必须安装JDK并且要求版本至少是1.8以上包含1.8的版本。

2、创建 es 用户
这里需要注意的是，es 规定 root 用户不能启动 es，所以需要创建一个用户来启动 es

# 创建用户名为 es 的用户
useradd es
# 设置 es 用户的密码
passwd es

# 切换到 es 用户下
su es

3、安装Elasticsearch

3.1、下载压缩包
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.2.tar.gz
3.2、执行解压缩
# tar -zxvf elasticsearch-6.2.2.tar.gz
3.3、启动elasticsearch
# cd elasticsearch-6.2.2/bin
# ./elasticsearch

以下日志是成功启动

[2019-03-20T16:20:46,911][INFO ][o.e.c.s.ClusterApplierService] [MoeCA8i] new_master {MoeCA8i}{MoeCA8iYR96bKyfVnwxvjw}{9ihQwgpMRfyd3Df2swYyWg}{127.0.0.1}{127.0.0.1:9300}, reason: apply cluster state (from master [master {MoeCA8i}{MoeCA8iYR96bKyfVnwxvjw}{9ihQwgpMRfyd3Df2swYyWg}{127.0.0.1}{127.0.0.1:9300} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)]])
[2019-03-20T16:20:46,962][INFO ][o.e.h.n.Netty4HttpServerTransport] [MoeCA8i] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}
[2019-03-20T16:20:46,963][INFO ][o.e.n.Node               ] [MoeCA8i] started
[2019-03-20T16:20:47,011][INFO ][o.e.g.GatewayService     ] [MoeCA8i] recovered [0] indices into cluster_state

3.4、测试访问
# curl localhost:9200

{
  "name" : "TpKF8Pj",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "ff51GJFuTKyXRm4r-8y_Aw",
  "version" : {
    "number" : "6.2.2",
    "build_hash" : "10b1edd",
    "build_date" : "2018-02-16T19:01:30.685723Z",
    "build_snapshot" : false,
    "lucene_version" : "7.2.1",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

注意：启动es后按ctrl + c会时es停止运行，最好启动时加入后台运行模式：./elasticsearch &

3.5、关闭elasticSearch
# 找到elasticsearch的进程号
# jps | grep Elasticsearch
3673 Elasticsearch

# kill -9 3673

可能遇到的错误：
问题一：
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

解决方法：
#切换到root用户修改
vim /etc/security/limits.conf

# 在最后面追加下面内容
es hard nofile 65536
es soft nofile 65536

注意：重启es用户，不然可能无法生效

问题二：
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决方法 提高vm.max_map_count 的大小
# 切换到root用户
vim /etc/sysctl.conf
# 在最后面追加下面内容
vm.max_map_count=262144
# 使用 sysctl -p 查看修改后的结果
sysctl -p

问题三：
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12)

解决方法：
# 由于elasticsearch5.0默认分配jvm空间大小为2g，修改jvm空间分配
# 如果使用虚拟机安装，内存最好不小于2G
# vim config/jvm.options
-Xms512m
-Xmx512m

在阿里云上可能出现的问题：
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

解决方法：在es配置中加入下面命令即可
bootstrap.system_call_filter: false

问题四：
ElasticSearch设置外网访问
vim /home/es/elasticsearch-6.2.2/config/elasticsearch/elasticsearch.yml

network.host: 0.0.0.0