Elasticsearch(ES)配置实战7.5.1版本

部署配置ES,需要配置JDK 环境,JDK(Java Development Kit) 是 Java 语言的软件开发工具包(SDK)),此处采用JDK1.8版本,配置JAVA环境变量

下载JAVA jdk源码包

wget http://od.mrtom.club/LINUX/jdk/jdk-11.0.1_linux-x64_bin.tar.gz
[root@es ~]# tar xf jdk-11.0.1_linux-x64_bin.tar.gz 
[root@es ~]# mv jdk11-0.1 /usr/java

加入变量

[root@es ~]# vim /etc/profile.d/java.sh
export JAVA_HOME=/usr/java
export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
[root@es ~]# source /etc/profile.d/java.sh 

ELK安装信息

10.168.1.150 Elasticsearch
10.168.1.151  Kibana
10.168.1.152  Logstash

1、配置ES(需要先安装JAVA)

下载elasticsearch7.5.1版本

wget https://mirrors.huaweicloud.com/elasticsearch/7.5.1/elasticsearch-7.5.1-linux-x86_64.tar.gz
[root@instance-lxdwnzid ~]# tar xf elasticsearch-7.5.1-linux-x86_64.tar.gz 
[root@instance-lxdwnzid ~]# mv elasticsearch-7.5.1 /usr/local/elasticsearch

修改velasticsearch.yml文件,设置监听地址为network.hosts:0.0.0.0

vim /usr/local/elasticsearch/config/elasticsearch.yml

useradd  elk  
chown -R  elk:elk  /usr/local/elasticsearch/  
su - elk  
/usr/local/elasticsearch/bin/elasticsearch -d

查看监听

访问9200端口

报错问题汇总:

一、ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]

解决办法:

 [root@es ~]# vim /etc/security/limits.conf 
 × soft nofile 65536
 × hard nofile 65536 

二、ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

解决办法:

[elk@es ~]$ vim /usr/local/elasticsearch/config/elasticsearch.yml 
# 在第23行位置去掉注释,起个名字,默认是node-1
node.name: node-1

三、ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

解决办法:

[elk@es ~]$ vim /usr/local/elasticsearch/config/elasticsearch.yml  # 在第73行位置去掉注释,修改为只保留一个node-1,名称要和node.name的名字保持一致 cluster.initial_master_nodes: ["node-1"]

四、max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决办法:

vi /etc/sysctl.conf
vm.max_map_count=262144
sysctl -p

在启动ElasticSearch的过程中爆出了以下错误:

ERROR: [1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
1
2
解决方案:
在elasticsearch的config目录下,修改elasticsearch.yml配置文件,将下面的配置加入到该配置文件中:

ip替换host1等,多节点请添加多个ip地址,单节点可写按默认来

配置以下三者,最少其一

[discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes]

cluster.initial_master_nodes: ["node-1"] #这里的node-1为node-name配置的值

2、Kibana WEB安装配置

下载Kibana

[root@kibana ~]# wget https://mirrors.huaweicloud.com/kibana/7.5.1/kibana-7.5.1-linux-x86_64.tar.gz

部署安装Kibana不需要安装JAVA JDK环境,直接下载源码,解压即可。

 [root@kibana ~]# tar xf kibana-7.5.1-linux-x86_64.tar.gz 
 [root@kibana ~]# mv kibana-7.5.1-linux-x86_64 /usr/local/kibana

修改kibana配置文件信息(监听端口和IP地址),设置ES地址:

vim /usr/local/kibana/config/kibana.yml

启动服务

查看监听

查看是否可以打开WEB界面

设置后台启动

[elk@kibana ~]$ nohup /usr/local/kibana/bin/kibana >&1 &

3、Logstash客户端配置实战

由于Logstash基于JAVA语言开发,Agent部署需要安装JDK运行环境库:

wget http://od.mrtom.club/LINUX/jdk/jdk-11.0.1_linux-x64_bin.tar.gz
[root@es ~]# tar xf jdk-11.0.1_linux-x64_bin.tar.gz 
[root@es ~]# mv jdk11-0.1 /usr/java

vim /etc/profile添加如下代码;

 export JAVA_HOME=/usr/java
 export CLASSPATH=$CLASSPATH:$JAVA_HOME/lib:$JAVA_HOME/jre/lib
 export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH:$HOMR/bin

下载Logstash软件

wget https://mirrors.huaweicloud.com/logstash/7.5.1/logstash-7.5.1.tar.gz

解压Logstash软件;

 [root@logstash ~]# tar xf logstash-7.5.1.tar.gz 
 [root@logstash ~]# mv logstash-7.5.1 /usr/local/logstash

ELK收集系统标准日志

#创建收集日志配置目录;

mkdir  -p  /usr/local/logstash/config/etc/
cd /usr/local/logstash/config/etc/

创建ELK整合配置文件:vim cnbugs.conf,内容如下:

input {
  stdin { }
 }
 output {
  stdout {
  codec => rubydebug {}
 }
  elasticsearch {
  hosts => "10.168.1.150:9200" }
 }

启动logstash服务

/usr/local/logstash/bin/logstash  -f  cnbugs.conf

ELK-WEB日志数据图表

Logstash启动窗口中输入任意信息,会自动输出相应格式日志信息

浏览器输入:http://192.168.111.129:5601/

如何更改中文?

https://www.cnbugs.com/post-2197.html

发表评论

后才能评论