uri image 機器 log min pro pub div ber

版本elk均為6.3+centos7.0 準備工作 官網下載elk6.3的linux環境的壓縮包，sftp上傳 下載對應的head插件sftp上傳到指定目錄 tar.gz文件解壓 tar -zxvf filename -C dirname zip文件 安裝zip軟件 unzip filename -d dirname 1.root用戶不能啟動elasticsearch 參考：http://www.cnblogs.com/ding2016/p/6879584.html https://www.cnblogs.com/Onlywjy/p/Elasticsearch.html 2.創建用戶 useradd fan 修改密碼 passwd fan 3.給用戶root權限（測試圖簡單，線上請自行建組並授權） 賦予用戶fan root權限 chmod -v u+w /etc/sudoers visudo 在root那行添加如下 ## Allow root to run any commands anywhere root ALL=(ALL) ALL fan ALL=(ALL) ALL 4.給目錄授權 chmod 777 -R dir 5.修改配置文件limits.conf vim /etc/security/limits.conf #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 fan hard nofile 65536 fan soft nofile 65536 "/etc/security/limits.conf" 62L, 2465C 已寫入 fan為啟動用戶，自己根據自己用戶名更改，不改改配置會報如下錯誤 [2018-04-29T07:10:31,207][INFO ][o.e.t.TransportService ] [node_01] publish_address {192.168.2.10:9300}, bound_addresses {[::]:9300} [2018-04-29T07:10:31,222][INFO ][o.e.b.BootstrapChecks ] [node_01] bound or publishing to a non-loopback address, enforcing bootstrap checks ERROR: [2] bootstrap checks failed [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536] [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 6.修改配置文件sysctl.conf vi /etc/sysctl.conf 文件末尾添加 vm.max_map_count=655360 否則啟動報如下錯誤 [2018-04-29T07:19:56,208][INFO ][o.e.b.BootstrapChecks ] [node_01] bound or publishing to a non-loopback address, enforcing bootstrap checks ERROR: [1] bootstrap checks failed [1]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 7.修改elasticsearch配置文件elasticsearch.yml #cluster.name: my-application cluster.name: elk # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node_01 #指定該節點是否有資格被選舉成為node，默認是true，es是默認集群中的第一臺機器為master，如果這臺機掛了就會重新選舉 node.master: true #指定該節點是否存儲索引數據，默認為true node.data: true #設置這個參數來保證集群中的節點可以知道其它N個有master資格的節點。默認為1，對於大的集群來說，可以設置大一點的值（2-4） discovery.zen.minimum_master_nodes: 1 #設置節點間交互的tcp端口，默認是9300 transport.tcp.port: 9300 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # #path.data: /path/to/data path.data: /path/to/data # # Path to log files: # #path.logs: /path/to/logs path.logs: /path/to/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # #network.host: 192.168.0.1 network.host: 192.168.2.10 # # Set a custom port for HTTP: # #http.port: 9200 http.port: 9200 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # #discovery.zen.ping.unicast.hosts: ["host1", "host2"] discovery.zen.ping.unicast.hosts: ["192.168.2.10", "192.168.2.11", "192.168.2.12"] # # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): # #discovery.zen.minimum_master_nodes: # # For more information, consult the zen discovery module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true # #head插件 http.cors.enabled: true http.cors.allow-origin: "*" 最後兩行開始不要加，後面配置head插件後再添加 8.elasticsearch啟動成功 [fan@master elasticsearch-6.3.0]$ jps 114672 Jps 114595 Elasticsearch elasticsearch.yml 參考：https://blog.csdn.net/lu_wei_wei/article/details/51263153 https://www.cnblogs.com/zlslch/p/6419948.html 9.關閉防火墻 “failed to obtain node locks” jps 將elasticsearch kill elasticsearch 沒有到主機的路由 關閉防火墻 集群訪問： http://192.168.2.11:9200/_cluster/state/nodes?pretty 參考：https://www.cnblogs.com/zhi-leaf/p/8484337.html 10.logstash 同elasticsearch解壓，然後修改配置文件 logstash 采集後臺 logstash.conf 自己根據實際情況更改input中的path和output中的host index 11.添加日誌文件測試 logstash 後臺會有添加記錄 12.下載解壓kibana 同上面elasticsearch 修改conf 下 kibana.yml添加elasticsearch地址，添加一個即可 elasticsearch.url: "http://192.168.2.10:9200" 然後後臺啟動bin目錄下 nohup ./kibana & 13.head安裝 前提條件 a.下載master-head插件，https://github.com/mobz/elasticsearch-head 上面地址下載master.zip上傳解壓 也可以命令：wget https://github.com/mobz/elasticsearch-head/archive/master.zip 我是下載的master.zip所以要解壓 安裝zip軟件 yum install -y zip unzip 解壓master.zip unzip master.zip -d /srv/ b.node下載安裝 下載地址：https://npm.taobao.org/mirrors/node/ 下載後解壓同elasticsearch 配置環境變量 vim /etc/profile export NODE_HOME=/srv/node-v4.4.7-linux-x64 export PATH=$JAVA_HOME/bin:$HADOOP_HOME/bin:$NODE_HOME/bin:$PATH 生效環境變量source /etc/profile npm install -g grunt-cli [root@master elasticsearch-head-master]# grunt -version grunt-cli v1.2.0 修改 Gruntfile.js vim Gruntfile.js connect: { server: { options: { port: 9100, base: ‘.‘, keepalive: true, hostname: ‘*‘ } } } npm install 啟動head插件 grunt server 訪問http://192.168.2.10:9100/ 參考：http://www.cnblogs.com/Onlywjy/p/Elasticsearch.html 14.訪問kibana http://192.168.2.10:5601 我這邊直接拷貝了一個日誌文件放到了前面logstash中配置的路徑下 elk搭建完畢 Solr和Es區別 Solr:查詢多且查詢的時候更新較少。支持word, pdf等富文本索引開發者社區完善,穩定性高一點。但是笨重 1Es:一邊查一邊更新多系統。只支持ison格式。輕便,集群部署簡單。實時性高。 由於環境不同大家可能遇到其他的問題，有問題可以加入qq群：513650703共同交流學習

elk6.3 centos集群搭建 head插件安裝