ELK初学搭建(elasticsearch)

elasticsearch

logstash

kibana

ELK初学搭建 elasticsearch

1.环境准备

centos6.8_64 mini

IP:192.168.10.78

tar包：

logstash-2.4.0.tar.gz

elasticsearch-2.4.0.tar.gz

kibana-4.6.1-linux-x86_64.tar.gz

JDK环境

elasticsearch	logstach	kibana	java
V2.4	V2.4	V4.6.1	V1.8.0_111

1.1环境准备

[root@localhost ~]# yum install java-1.8.0-openjdk* -y
[root@localhost ~]# export JAVA_HOME=/usr/lib/jvm/java-1.8.0
[root@localhost ~]# export PATH=$JAVA_HOME/bin:$PATH
[root@localhost ~]# export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
[root@localhost ~]# java -version
openjdk version "1.8.0_111"
OpenJDK Runtime Environment (build 1.8.0_111-b15)
OpenJDK 64-Bit Server VM (build 25.111-b15, mixed mode)

此时jdk环境已经正常可用。

2.软件上传之服务器并解压到/usr/local目录下

解压，并重新命名文件夹：

[root@localhost ~]# xvf elasticsearch-2.4.0.tar.gz

[root@localhost ~]# mv elasticsearch-2.4.0 /usr/local/elasticsearch

同理将这三个软件解压...

3. 运行软件

[root@localhost elasticsearch]# ./bin/elasticsearch
Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root.
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:94)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:160)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:286)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Refer to the log for complete error details.
[root@localhost elasticsearch]#

运行报错，发现elasticsearch不允许在root下运行，解决：

[root@localhost elasticsearch]# groupadd es
[root@localhost elasticsearch]# useradd -g es es
[root@localhost elasticsearch]# useradd -g es es
[root@localhost elasticsearch]# passwd es
Changing password for user es.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost elasticsearch]# chown -R root .
[root@localhost elasticsearch]# chown -R es .
[root@localhost elasticsearch]# chgrp -R es .
[root@localhost elasticsearch]# ls -l
total 56
drwxr-xr-x 2 es es 4096 Nov 7 17:25 bin
drwxr-xr-x 3 es es 4096 Nov 7 19:37 config
drwxrwxr-x 3 es es 4096 Nov 7 17:34 data
drwxr-xr-x 2 es es 4096 Nov 7 17:25 lib
-rw-rw-r-- 1 es es 11358 Aug 24 00:46 LICENSE.txt
drwxrwxr-x 2 es es 4096 Nov 7 17:34 logs
drwxrwxr-x 5 es es 4096 Aug 29 17:23 modules
-rw-rw-r-- 1 es es 150 Aug 24 00:46 NOTICE.txt
drwxrwxr-x 4 es es 4096 Nov 7 17:50 plugins
-rw-rw-r-- 1 es es 8700 Aug 24 00:46 README.textile

此时，ES 不能通过IP访问，最好修改 config/elasticsearch.yml，配置一下 ES。

首先，找到“network.host”行，添加一行：

network.host: 192.168.10.78

再找到“http.port”行，添加一行：

http.port: 9200

否则，ES 每次启动时，端口可能会变（端口被占用，ES 自己会改端口）~

如果还不能正常启动 ES，并提示端口被占用，就查看一下什么程序占用 9200 端口，kill 掉，重启 ES 就行。

就能通过IP，或浏览器访问。

切换至es用户先运行elasticsearch

[root@localhost ~]# su es
[es@localhost root]$ cd /usr/local/elasticsearch/
[es@localhost elasticsearch]$ ls
bin config data lib LICENSE.txt logs modules NOTICE.txt plugins README.textile
[es@localhost elasticsearch]$ ./bin/elasticsearch
[2016-11-07 21:50:45,580][WARN ][bootstrap ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
[2016-11-07 21:50:45,824][INFO ][node ] [Man-Eater] version[2.4.0], pid[1880], build[ce9f0c7/2016-08-29T09:14:17Z]
[2016-11-07 21:50:45,824][INFO ][node ] [Man-Eater] initializing ...
[2016-11-07 21:50:46,521][INFO ][plugins ] [Man-Eater] modules [reindex, lang-expression, lang-groovy], plugins [head, kopf], sites [head, kopf]
[2016-11-07 21:50:46,548][INFO ][env ] [Man-Eater] using [1] data paths, mounts [[/ (/dev/mapper/VolGroup-lv_root)]], net usable_space [5gb], net total_space [8.2gb], spins? [possibly], types [ext4]
[2016-11-07 21:50:46,548][INFO ][env ] [Man-Eater] heap size [1007.3mb], compressed ordinary object pointers [true]
[2016-11-07 21:50:46,548][WARN ][env ] [Man-Eater] max file descriptors [4096] for elasticsearch process likely too low, consider increasing to at least [65536]
[2016-11-07 21:50:49,052][INFO ][node ] [Man-Eater] initialized
[2016-11-07 21:50:49,053][INFO ][node ] [Man-Eater] starting ...
[2016-11-07 21:50:49,124][INFO ][transport ] [Man-Eater] publish_address {192.168.10.78:9300}, bound_addresses {192.168.10.78:9300}
[2016-11-07 21:50:49,130][INFO ][discovery ] [Man-Eater] elasticsearch/kAMEcJDUQ_2jK0jm7fVWeQ
[2016-11-07 21:50:52,210][INFO ][cluster.service ] [Man-Eater] new_master {Man-Eater}{kAMEcJDUQ_2jK0jm7fVWeQ}{192.168.10.78}{192.168.10.78:9300}, reason: zen-disco-join(elected_as_master, [0] joins received)
[2016-11-07 21:50:52,289][INFO ][http ] [Man-Eater] publish_address {192.168.10.78:9200}, bound_addresses {192.168.10.78:9200}
[2016-11-07 21:50:52,290][INFO ][node ] [Man-Eater] started
[2016-11-07 21:50:52,385][INFO ][gateway ] [Man-Eater] recovered [2] indices into cluster_state
[2016-11-07 21:50:53,045][INFO ][cluster.routing.allocation] [Man-Eater] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[logstash-%{type}-2016.11.07][1], [.kibana][0]] ...]).

此时，在另一个终端，访问 elasticsearch：

[root@localhost ~]# curl -X GET http://192.168.10.78:9200
{
"name" : "Egghead",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.4.0",
"build_hash" : "ce9f0c7394dee074091dd1bc4e9469251181fc55",
"build_timestamp" : "2016-08-29T09:14:17Z",
"build_snapshot" : false,
"lucene_version" : "5.5.2"
}
"tagline" : "You Know, for Search"
}

到这一不，ES 已经安装成功。可用浏览器测试是都正常即可。

Head 插件

Head 是一个用来监控 ES 状态的客户端插件，可以为初学用户提供很多便利，例如，使用 Head 提供的 HTTP 客户端，通过 HTTP 方式来操作 ES。

ES 支持在线和本地安装 Head。本地安装时，从 Github 上下载 Head 插件，然后上传到你的 ES 服务器，比如，Elasticsearch/plugins 目录。

下面是在线安装：

[root@localhost elasticsearch]# ./bin/plugin install mobz/elasticsearch-head
-> Installing mobz/elasticsearch-head...
Trying https://github.com/mobz/elasticsearch-head/archive/master.zip ...
Downloading ...................................................................................................................................................................................................................................................................................................................................................................................................................................DONE
Verifying https://github.com/mobz/elasticsearch-head/archive/master.zip checksums if available ...
NOTE: Unable to verify checksum for downloaded plugin (unable to find .sha1 or .md5 file to verify)
Installed head into /usr/local/elasticsearch/plugins/head

用浏览器访问 http://192.168.10.78:9200/_plugin/head

logstash-%{type}-2016.11.07是我自己创建的，后续介绍。

至此Elasticsearch Head 就成功安装了。

Marvel 图形化监控插件收费，安装方法同上，本免费党不测试了哈哈~

安装 kopf 网络插件

[root@localhost elasticsearch]# ./bin/plugin install mobz/elasticsearch-kopf

-> Installing lmenezes/elasticsearch-kopf...

Trying https://github.com/lmenezes/elasticsearch-kopf/archive/master.zip...

Downloading ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................DONE

Installed lmenezes/elasticsearch-kopf into /usr/local/elasticsearch/plugins/kopf

kopf.png

至此elasticsearch准备就绪，下一章安装losstach.