elk最新版本7.10.1搭建 elk最新版本7.10.1搭建

參照:http://www.5180it.com/bbs/admin/1/527.html


下載地址:https://www.elastic.co/cn/downloads/

這里我下載最新版本的(這個版本建議用jdk11,但還是能支持jdk8)


安裝elaticSearch

解壓tar -zxvf??elasticsearch-7.10.1-linux-x86_64.tar.gz

找到config目錄下的elasticsearch.yml文件,修改配置:

cluster.initial_master_nodes: ["node-1"]

cluster.name: es-application

node.name: node-1

network.host: 0.0.0.0

http.port: 9200

path.data: /usr/elk/elasticsearch-7.10.1/data

path.logs: /usr/elk/elasticsearch-7.10.1/logs

http.cors.enabled: true

http.cors.allow-origin: "*"


配置完之后,因為ElasticSearch使用非root用戶啟動,所以創(chuàng)建一個用戶,這里我創(chuàng)建用戶elk密碼也是elk,然后授權(quán)目錄。

# 創(chuàng)建用戶

useradd elk

# 設(shè)置密碼

passwd?elk

# 賦予用戶權(quán)限

chown -R yelk:elk/usr/elk/elasticsearch-7.10.1/

然后切換用戶,啟動:

# 切換用戶

su elk

# 啟動 -d表示后臺啟動

./bin/elasticsearch -d


使用命令

netstat -nltp

查看端口號:

訪問http://192.168.104.45:9200/可以看到如下信息,表示安裝成功。

安裝Logstash

解壓tar -zxvf??logstash-7.10.1-linux-x86_64.tar.gz

找到/config目錄下的logstash-sample.conf文件,修改配置:


# Sample Logstash configuration for creating a simple

# Beats -> Logstash -> Elasticsearch pipeline.


input {

file{

path => ['/home/smarthome/servers/*.log']

type => 'user_log'

start_position => "beginning"

}

}


output {

elasticsearch {

hosts => ["http://localhost:9200"]

index => "user-%{+YYYY.MM.dd}"

}

}


input表示輸入源,output表示輸出,還可以配置filter過濾,架構(gòu)如下:


啟動logstash

nohup ./bin/logstash -f /usr/elk/logstash-7.10.1/config/logstash-sample.conf &


安裝Kibana

解壓??tar -zxvf??kibana-7.10.1-linux-x86_64.tar.gz

找到/config目錄下的kibana.yml文件,修改配置:


server.port: 5601

server.host: "192.168.104.45"

elasticsearch.hosts: ["http://192.168.104.45:9200"]


和elasticSearch一樣,不能使用root用戶啟動,需要創(chuàng)建一個用戶:

這里我還是用剛才創(chuàng)建的用戶elk就行

# 賦予用戶權(quán)限

chown -R elk:elk /usr/elk/kibana-7.10.1-linux-x86_64/

然后使用命令啟動:

#切換用戶

su kibana

#非后臺啟動,關(guān)閉shell窗口即退出

./bin/kibana

#后臺啟動

nohup ./bin/kibana &


啟動后在瀏覽器打開http://192.168.104.45::5601可以看到kibana的web交互界面

到此為止,elk已經(jīng)搭建完成,下面我總結(jié)了我安裝過程遇到的問題:


oot@test8:/usr/elk/elasticsearch-7.10.1#uncaught exception in thread [main]

java.lang.RuntimeException: can not run elasticsearch as root

at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:111)

at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)

at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393)

at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)

at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)

at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)

at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)

at org.elasticsearch.cli.Command.main(Command.java:90)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)

For complete error details, refer to the log at /usr/elk/elasticsearch-7.10.1/logs/es-application.log

2021-01-12 08:59:39,803026 UTC [3655] INFOMain.cc@103 Parent process died - ML controller exiting


解決方案:

創(chuàng)建新的用戶,再啟動

# 創(chuàng)建用戶

useradd elk

# 設(shè)置密碼

passwd elk

# 賦予用戶權(quán)限

chown -R yelk:elk /usr/elk/elasticsearch-7.10.1/

然后切換用戶,啟動:

# 切換用戶

su elk

# 啟動 -d表示后臺啟動

./bin/elasticsearch -d


elk@test8:/usr/elk/elasticsearch-7.10.1$ERROR: [2] bootstrap checks failed

[1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

[2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

ERROR: Elasticsearch did not exit normally - check the logs at /usr/elk/elasticsearch-7.10.1/logs/es-application.log


解決方案:

編輯 /etc/sysctl.conf,追加以下內(nèi)容:

vm.max_map_count=262144

保存后,執(zhí)行:

sysctl -p

future versions of Elasticsearch will require Java 11; your Java version from [/usr/java/jdk1.8.0_144/jre] does not meet this requirement

future versions of Elasticsearch will require Java 11; your Java version from [/usr/java/jdk1.8.0_144/jre] does not meet this requirement

elk@test8:/usr/elk/elasticsearch-7.10.1$ERROR: [1] bootstrap checks failed

[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

ERROR: Elasticsearch did not exit normally - check the logs at /usr/elk/elasticsearch-7.10.1/logs/es-application.log

解決方案:

修改elasticsearch.yml

取消注釋保留一個節(jié)點(diǎn)

cluster.initial_master_nodes: ["node-1"]

這個的話,這里的node-1是上面一個默認(rèn)的記得打開就可以了


參照:http://www.5180it.com/bbs/admin/1/527.html

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

友情鏈接更多精彩內(nèi)容