ELK初学搭建(elasticsearch)

it2022-05-08 10

ELK初学搭建(elasticsearch)

elasticsearch logstash kibana

ELK初学搭建 elasticsearch

1.环境准备

centos6.8_64 mini IP:192.168.10.78 tar包： logstash-2.4.0.tar.gz elasticsearch-2.4.0.tar.gz kibana-4.6.1-linux-x86_64.tar.gz JDK环境

elasticsearchlogstachkibanajavaV2.4V2.4V4.6.1V1.8.0_111

1.1环境准备

[root@localhost ~]# yum install java-1.8.0-openjdk* -y

[root@localhost ~]# export JAVA_HOME=/usr/lib/jvm/java-1.8.0

[root@localhost ~]# export PATH=$JAVA_HOME/bin:$PATH

[root@localhost ~]# export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar

[root@localhost ~]# java -version

openjdk version "1.8.0_111"

OpenJDK Runtime Environment (build 1.8.0_111-b15)

OpenJDK 64-Bit Server VM (build 25.111-b15, mixed mode)

此时jdk环境已经正常可用。

2.软件上传之服务器并解压到/usr/local目录下解压，并重新命名文件夹：

[root@localhost ~]# xvf elasticsearch-2.4.0.tar.gz [root@localhost ~]# mv elasticsearch-2.4.0 /usr/local/elasticsearch

同理将这三个软件解压...3. 运行软件

[root@localhost elasticsearch]# ./bin/elasticsearch

Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root.

at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:94)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:160)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)

Refer to the log for complete error details.

[root@localhost elasticsearch]#

运行报错，发现elasticsearch不允许在root下运行，解决：

[root@localhost elasticsearch]# groupadd es

[root@localhost elasticsearch]# useradd -g es es

[root@localhost elasticsearch]# passwd es

Changing password for user es.

New password:

BAD PASSWORD: it is based on a dictionary word

Retype new password:

passwd: all authentication tokens updated successfully.

[root@localhost elasticsearch]# chown -R root .

[root@localhost elasticsearch]# chown -R es .

[root@localhost elasticsearch]# chgrp -R es .

[root@localhost elasticsearch]# ls -l

total 56

drwxr-xr-x 2 es es 4096 Nov 7 17:25 bin

drwxr-xr-x 3 es es 4096 Nov 7 19:37 config

drwxrwxr-x 3 es es 4096 Nov 7 17:34 data

drwxr-xr-x 2 es es 4096 Nov 7 17:25 lib

-rw-rw-r-- 1 es es 11358 Aug 24 00:46 LICENSE.txt

drwxrwxr-x 2 es es 4096 Nov 7 17:34 logs

drwxrwxr-x 5 es es 4096 Aug 29 17:23 modules

-rw-rw-r-- 1 es es 150 Aug 24 00:46 NOTICE.txt

drwxrwxr-x 4 es es 4096 Nov 7 17:50 plugins

-rw-rw-r-- 1 es es 8700 Aug 24 00:46 README.textile

此时，ES 不能通过IP访问，最好修改 config/elasticsearch.yml，配置一下 ES。首先，找到“network.host”行，添加一行：

network.host: 192.168.10.78 再找到“http.port”行，添加一行： http.port: 9200

否则，ES 每次启动时，端口可能会变（端口被占用，ES 自己会改端口）~ 如果还不能正常启动 ES，并提示端口被占用，就查看一下什么程序占用 9200 端口，kill 掉，重启 ES 就行。

就能通过IP，或浏览器访问。切换至es用户先运行elasticsearch

[root@localhost ~]# su es

[es@localhost root]$ cd /usr/local/elasticsearch/

[es@localhost elasticsearch]$ ls

bin config data lib LICENSE.txt logs modules NOTICE.txt plugins README.textile

[es@localhost elasticsearch]$ ./bin/elasticsearch

[2016-11-07 21:50:45,580][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed

[2016-11-07 21:50:45,824][INFO ][node ] [Man-Eater] version[2.4.0], pid[1880], build[ce9f0c7/2016-08-29T09:14:17Z]

[2016-11-07 21:50:45,824][INFO ][node ] [Man-Eater] initializing ...

[2016-11-07 21:50:46,521][INFO ][plugins ] [Man-Eater] modules [reindex, lang-expression, lang-groovy], plugins [head, kopf], sites [head, kopf]

[2016-11-07 21:50:46,548][INFO ][env ] [Man-Eater] using [1] data paths, mounts [[/ (/dev/mapper/VolGroup-lv_root)]], net usable_space [5gb], net total_space [8.2gb], spins? [possibly], types [ext4]

[2016-11-07 21:50:46,548][INFO ][env ] [Man-Eater] heap size [1007.3mb], compressed ordinary object pointers [true]

[2016-11-07 21:50:46,548][WARN ][env ] [Man-Eater] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]

[2016-11-07 21:50:49,052][INFO ][node ] [Man-Eater] initialized

[2016-11-07 21:50:49,053][INFO ][node ] [Man-Eater] starting ...

[2016-11-07 21:50:49,124][INFO ][transport ] [Man-Eater] publish_address {192.168.10.78:9300}, bound_addresses {192.168.10.78:9300}

[2016-11-07 21:50:49,130][INFO ][discovery ] [Man-Eater] elasticsearch/kAMEcJDUQ_2jK0jm7fVWeQ

[2016-11-07 21:50:52,210][INFO ][cluster.service ] [Man-Eater] new_master {Man-Eater}{kAMEcJDUQ_2jK0jm7fVWeQ}{192.168.10.78}{192.168.10.78:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)

[2016-11-07 21:50:52,289][INFO ][http ] [Man-Eater] publish_address {192.168.10.78:9200}, bound_addresses {192.168.10.78:9200}

[2016-11-07 21:50:52,290][INFO ][node ] [Man-Eater] started

[2016-11-07 21:50:52,385][INFO ][gateway ] [Man-Eater] recovered [2] indices into cluster_state

[2016-11-07 21:50:53,045][INFO ][cluster.routing.allocation] [Man-Eater] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[logstash-%{type}-2016.11.07][1], [.kibana][0]] ...]).

此时，在另一个终端，访问 elasticsearch：

[root@localhost ~]# curl -X GET http://192.168.10.78:9200

{

"name" : "Egghead",

"cluster_name" : "elasticsearch",

"version" : {

"number" : "2.4.0",

"build_hash" : "ce9f0c7394dee074091dd1bc4e9469251181fc55",

"build_timestamp" : "2016-08-29T09:14:17Z",

"build_snapshot" : false,

"lucene_version" : "5.5.2"

}

"tagline" : "You Know, for Search"

}

到这一不，ES 已经安装成功。可用浏览器测试是都正常即可。

Head 插件

Head 是一个用来监控 ES 状态的客户端插件，可以为初学用户提供很多便利，例如，使用 Head 提供的 HTTP 客户端，通过 HTTP 方式来操作 ES。 ES 支持在线和本地安装 Head。本地安装时，从 Github 上下载 Head 插件，然后上传到你的 ES 服务器，比如，Elasticsearch/plugins 目录。下面是在线安装：

[root@localhost elasticsearch]# ./bin/plugin install mobz/elasticsearch-head

-> Installing mobz/elasticsearch-head...

Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ...

Downloading ...................................................................................................................................................................................................................................................................................................................................................................................................................................DONE

Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ...

NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)

Installed head into /usr/local/elasticsearch/plugins/head

用浏览器访问 http://192.168.10.78:9200/_plugin/head

logstash-%{type}-2016.11.07是我自己创建的，后续介绍。至此Elasticsearch Head 就成功安装了。 Marvel 图形化监控插件收费，安装方法同上，本免费党不测试了哈哈~

安装 kopf 网络插件

[root@localhost elasticsearch]# ./bin/plugin install mobz/elasticsearch-kopf -> Installing lmenezes/elasticsearch-kopf... Trying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip... Downloading ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE Installed lmenezes/elasticsearch-kopf into /usr/local/elasticsearch/plugins/kopf

kopf.png

至此elasticsearch准备就绪，下一章安装losstach.

转载于:https://www.cnblogs.com/luckyall/p/6061943.html

相关资源：垃圾分类数据集及代码

专利

最新回复(0)