ELK学习01:Linux服务器安装elasticsearch、kibana
前提:Elastic 需要 Java 8 环境
安装elasticsearch
步骤如下:
1- 去官网下载安装包,我下载的是elasticsearch-5.6.1.tar
2-上传elasticsearch-5.6.1.tar至/opt目录下
3-解压
[root@ecs-x-large-2-linux-20200229160057 ~]# cd /opt/
[root@ecs-x-large-2-linux-20200229160057 opt]# tar -vxzf elasticsearch-5.6.1.tar.gz
4-启动服务(elasticsearch不能直接用root账号启动,见附1)
[root@ecs-x-large-2-linux-20200229160057 ~]# su - es Last login: Thu Mar 26 21:18:27 CST 2020 on pts/0 [es@ecs-x-large-2-linux-20200229160057 ~]$ /opt/elasticsearch-5.6.1/bin/elasticsearch [2020-03-26T21:20:32,355][INFO ][o.e.n.Node ] [] initializing ... [2020-03-26T21:20:32,431][INFO ][o.e.e.NodeEnvironment ] [Z0rnBuZ] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [33.8gb], net total_space [39.2gb], spins? [unknown], types [rootfs] [2020-03-26T21:20:32,431][INFO ][o.e.e.NodeEnvironment ] [Z0rnBuZ] heap size [1.9gb], compressed ordinary object pointers [true] [2020-03-26T21:20:32,433][INFO ][o.e.n.Node ] node name [Z0rnBuZ] derived from node ID [Z0rnBuZsQnCvA-A60roP8w]; set [node.name] to override [2020-03-26T21:20:32,433][INFO ][o.e.n.Node ] version[5.6.1], pid[11508], build[667b497/2017-09-14T19:22:05.189Z], OS[Linux/3.10.0-1062.1.1.el7.x86_64/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/1.8.0_242/25.242-b08] [2020-03-26T21:20:32,433][INFO ][o.e.n.Node ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/opt/elasticsearch-5.6.1] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [aggs-matrix-stats] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [ingest-common] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [lang-expression] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [lang-groovy] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [lang-mustache] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [lang-painless] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [parent-join] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [percolator] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [reindex] [2020-03-26T21:20:33,283][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [transport-netty3] [2020-03-26T21:20:33,284][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] loaded module [transport-netty4] [2020-03-26T21:20:33,284][INFO ][o.e.p.PluginsService ] [Z0rnBuZ] no plugins loaded [2020-03-26T21:20:35,011][INFO ][o.e.d.DiscoveryModule ] [Z0rnBuZ] using discovery type [zen] [2020-03-26T21:20:35,456][INFO ][o.e.n.Node ] initialized [2020-03-26T21:20:35,456][INFO ][o.e.n.Node ] [Z0rnBuZ] starting ... [2020-03-26T21:20:35,623][INFO ][o.e.t.TransportService ] [Z0rnBuZ] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300} [2020-03-26T21:20:38,699][INFO ][o.e.c.s.ClusterService ] [Z0rnBuZ] new_master {Z0rnBuZ}{Z0rnBuZsQnCvA-A60roP8w}{BZLhWVCDS3ydCIj1cYtZqg}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-elected-as-master ([0] nodes joined) [2020-03-26T21:20:38,730][INFO ][o.e.h.n.Netty4HttpServerTransport] [Z0rnBuZ] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200} [2020-03-26T21:20:38,730][INFO ][o.e.n.Node ] [Z0rnBuZ] started [2020-03-26T21:20:38,737][INFO ][o.e.g.GatewayService ] [Z0rnBuZ] recovered [0] indices into cluster_state
5-判断elasticsarch是否启动成功;(注意需要配置IP权限,见附3)
[root@ecs-x-large-2-linux-20200229160057 ~]# curl http://IP:9200/ { "name" : "Z0rnBuZ", "cluster_name" : "elasticsearch", "cluster_uuid" : "DI4pL9G8Qxm3hETHCRAeNg", "version" : { "number" : "5.6.1", "build_hash" : "667b497", "build_date" : "2017-09-14T19:22:05.189Z", "build_snapshot" : false, "lucene_version" : "6.6.1" }, "tagline" : "You Know, for Search" } [root@ecs-x-large-2-linux-20200229160057 ~]#
附1:启动报错1
##原因是elaticsearch默认不能用root用户启动;其中一个方案就是创建新用户,并授权;账号:es;密码:es [root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# ./bin/elasticsearch [2020-03-26T17:04:30,751][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:123) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) ~[elasticsearch-5.6.1.jar:5.6.1] Caused by: java.lang.RuntimeException: can not run elasticsearch as root at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:106) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:195) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:342) ~[elasticsearch-5.6.1.jar:5.6.1] at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:132) ~[elasticsearch-5.6.1.jar:5.6.1] ... 6 more [root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# ##创建新用户,并授权;账号:es;密码:es [root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# ./bin/elasticsearch -Des.insecure.allow.root=true^C [root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# adduser es [root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# passwd es Changing password for user es. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. [root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]# chmod 777 /opt/elasticsearch-5.6.1/ [root@ecs-x-large-2-linux-20200229160057 ~]# chown -R es:es /opt/elasticsearch-5.6.1/
附2:启动报错2
##报错日志 ##原因:默认 elasticsearch 是单机访问模式,就是只能自己访问自己。但是我们之后一定会设置成允许应用服务器通过网络方式访问。这时,elasticsearch 就会因为嫌弃单机版的低端默认配置而报错,甚至无法启动。 ERROR: [2] bootstrap checks failed [1]: max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536] [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 解决方案:执行如下操作 [root@ecs-x-large-2-linux-20200229160057 elasticsearch-5.6.1]#sudo sysctl -w vm.max_map_count=262144 #之后重新启动又报如下错误 ERROR: [1] bootstrap checks failed [1]: max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536] 解决方案: #将如下/etc/security/limits.conf如下参数 root soft nofile 65535 root hard nofile 65535 * soft nofile 65535 * hard nofile 65535 #改成 root soft nofile 131072 root hard nofile 131072 * soft nofile 131072 * hard nofile 131072 ##然后退出账号,重新登陆
附3:设置全部IP可以访问elasticsearch
##修改elasticsearch.yml vim /opt/elasticsearch-5.6.1/config/elasticsearch.yml ##将 #network.host: 192.168.0.1 ##修改为 network.host: 0.0.0.0
附4:安装中文分词插件(如果是用rpm安装elasticsearch,则安装目录在/usr/share/elasticsearch/bin)
在elasticsearch-5.6.1\bin目录下执行以下命令:elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v5.6.1/elasticsearch-analysis-ik5.6.1.zip
安装Kibana
步骤如下
1-去官网下载kibana。我下载的是kibana-5.6.4-linux-x86_64.tar
2-安装、将下在好的zip文件上传到opt目录下,并使用tar -zxvf 方式解压
3-修改配置文件
##修改配置文件server.host和elasticsearch.url [root@ecs-x-large-2-linux-20200229160057 config]# vim /opt/kibana-5.6.4-linux-x86_64/config/kibana.yml # To allow connections from remote users, set this parameter to a non-loopback address. server.host: "0.0.0.0" # The URL of the Elasticsearch instance to use for all your queries. elasticsearch.url: "http://121.37.182.39:9200"
4-启动
##启动kibana-使用nohup & 方式启动 [root@ecs-x-large-2-linux-20200229160057 config]# cd /opt/kibana-5.6.4-linux-x86_64/bin [root@ecs-x-large-2-linux-20200229160057 bin]# nohup ./kibana & [1] 14010 [root@ecs-x-large-2-linux-20200229160057 bin]# nohup: ignoring input and appending output to ‘nohup.out’
5-测试启动
END