ELK Stack 5.2.2 安装文档
简介:
ELK Stack 安装文档,这次都使用最新版本(5.2.2)、RPM 包的方式搭建 ELK Stack。
下载地址:
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.2.rpm
https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.rpm
https://artifacts.elastic.co/downloads/kibana/kibana-5.2.2-x86_64.rpm
jre: http://javadl.oracle.com/webapps/download/AutoDL?BundleId=216423
jdk: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
# 如果只是需要 java 环境,那么安装 jre 即可,如还需编译 java 包就需要安装 jdk 了。
# 运行 Elasticsearch jre 即可
一、安装
shell > rpm -e elasticsearch
Stopping elasticsearch service... OK
warning: /etc/sysconfig/elasticsearch saved as /etc/sysconfig/elasticsearch.rpmsave
warning: /etc/init.d/elasticsearch saved as /etc/init.d/elasticsearch.rpmsave
warning: /etc/elasticsearch/elasticsearch.yml saved as /etc/elasticsearch/elasticsearch.yml.rpmsave
Deleting log directory... OK
Deleting plugins directory... OK shell > rpm -e kibana
Stopping kibana service... OK
warning: /opt/kibana/config/kibana.yml saved as /opt/kibana/config/kibana.yml.rpmsave
# 我之前使用 2.4.1 版本,也是通过 rpm 安装的,需要先卸载。
shell > rm -rf /etc/sysconfig/elasticsearch.rpmsave
shell > rm -rf /etc/init.d/elasticsearch.rpmsave
shell > rm -rf /etc/elasticsearch/elasticsearch.yml.rpmsave
shell > rm -rf /opt/kibana/config/kibana.yml.rpmsave
# 可以看到卸载的时候,这些文件没有被删除,强迫症的我是不允许这些文件存在的。
shell > cd /usr/local/src; rpm -ivh elasticsearch-5.2..rpm logstash-5.2..rpm kibana-5.2.-x86_64.rpm
# 由于是测试一下新版本,所以都装在了一台服务器上。
二、配置
1、Elasticsearch
shell > grep -vP '^#|^$' /etc/elasticsearch/elasticsearch.yml
# 集群名称
cluster.name: elk
# 节点名称
node.name: node-
# 数据路径
path.data: /data/elast/data
# 日志路径
path.logs: /data/elast/logs
# 启动时锁住内存,防止数据被交换到 SWAP
bootstrap.memory_lock: true
# 监听地址
network.host: 0.0.0.0
# 与其余节点通信地址
network.publish_host: 10.127.174.217
# 开启 HTTP 协议
http.port:
# 解决启动报错
bootstrap.system_call_filter: false shell > mkdir -p /data/elast/{data,logs}
shell > chown -R elasticsearch.elasticsearch /data/elast
# 创建数据、日志目录
2、Logstash
shell > vim /etc/logstash/conf.d/for_elk.conf
# 输入插件,这里从 redis 中读取数据
input {
redis {
data_type => "list"
key => "for_elk"
host => "10.217.79.61"
port =>
threads =>
}
}
# 过滤插件,按需切割日志、加减字段等
filter {
mutate {
split => ["message", "|"]
add_field => {"clientip" => "%{message[0]}"}
add_field => {"localtime" => "%{message[1]}"}
add_field => {"api" => "%{message[2]}"}
add_field => {"request_all" => "%{message[3]}"}
add_field => {"http_code" => "%{message[4]}"}
add_field => {"request_body" => "%{message[6]}"}
add_field => {"request_time" => "%{message[11]}"}
} date {
match => ["localtime", "dd/MMM/yyyy:HH:mm:ss Z"]
} geoip {
source => "clientip"
fields => ["city_name", "latitude", "longitude"]
} kv {
source => "request_body"
field_split => "&"
remove_field => "host"
remove_field => "path"
remove_field => "message"
remove_field => "request_all"
remove_field => "request_body"
} mutate {
convert => [
"id", "integer",
"cid", "integer",
"tid", "integer",
"vid", "integer",
"version", "float",
"http_code", "integer",
"request_time", "float"
]
}
}
# 输出插件
output {
elasticsearch {
hosts => ["10.127.174.217:9200"]
index => "logstash-%{+YYYY.MM.dd}"
template_overwrite => true
}
# stdout {
# codec => rubydebug
# }
}
# 可以测试能否从 redis 拿到数据,然后在做 filter,最后测试能否写入 elasticsearch
3、Kibana
shell > /etc/kibana/kibana.yml
# Kibana 其实不用修改,暂时采用默认配置即可
三、启动
1、Elasticsearch
shell > /etc/init.d/elasticsearch start
2、Logstash
shell > /usr/share/logstash/bin/logstash --path.settings /etc/logstash > /dev/null &
3、Kibana
shell > /etc/init.d/kibana start
四、访问
# http://x.x.x.x:5601 即可,根据 index 建立索引,嗯 确实比 K4 漂亮
五、插件安装
1、Elasticsearch head (从 5.0 起,该插件以一个单独的服务运行)
shell > cd /usr/local
shell > git clone git://github.com/mobz/elasticsearch-head.git
shell > cd elasticsearch-head
shell > npm install
shell > vim Gruntfile.js
connect: {
server: {
options: {
hostname: '0.0.0.0',
port: ,
base: '.',
keepalive: true
}
}
}
# 默认只监听 127.0.0.1,所以要加上 hostname: '0.0.0.0'
shell > ./node_modules/grunt/bin/grunt server > /dev/null & shell > vim /etc/elasticsearch/elasticsearch.yml # head plugin
http.cors.enabled: true
http.cors.allow-origin: "*"
# elasticsearch 5.x 需要设置该参数,否则无法 head 无法连接 es
# 你可能注意到 es 集群状态为 yellow,不要慌...
# 那是因为副本不可用,因为只有一个 es 节点,而副本不能在本机,不碍事 !
2、IK Analysis for Elasticsearch
shell > wget http://mirrors.tuna.tsinghua.edu.cn/apache/maven/maven-3/3.5.0/binaries/apache-maven-3.5.0-bin.tar.gz
shell > tar zxf apache-maven-3.5.-bin.tar.gz -C /usr/local
shell > echo -e '\nexport JAVA_HOME=/usr/java/default' >> /etc/profile && source /etc/profile shell > wget https://github.com/medcl/elasticsearch-analysis-ik/archive/v5.2.2.zip
shell > unzip v5.2.2.zip
shell > cd elasticsearch-analysis-ik-5.2.
shell > /usr/local/apache-maven-3.5./bin/mvn package
shell > unzip target/releases/elasticsearch-analysis-ik-5.2..zip -d /usr/share/elasticsearch/plugins/ik
shell > /usr/share/elasticsearch/bin/elasticsearch-plugin list
ik
shell > /etc/init.d/elasticsearch restart
附件:
1、Elasticsearch 启动报错
> bootstrap.memory_lock: true 参数导致
memory locking requested for elasticsearch process but memory is not locked
解决方法:
shell > vim /etc/security/limits.conf # allow user 'elasticsearch' mlockall
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
> CentOS 6.x 不支持 CONFIG_SECCOMP 导致
[--01T12::,][WARN ][o.e.b.JNANatives ] unable to install syscall filter:
java.lang.UnsupportedOperationException: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
at org.elasticsearch.bootstrap.SystemCallFilter.linuxImpl(SystemCallFilter.java:) ~[elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.SystemCallFilter.init(SystemCallFilter.java:) ~[elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.JNANatives.tryInstallSystemCallFilter(JNANatives.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Natives.tryInstallSystemCallFilter(Natives.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.cli.SettingCommand.execute(SettingCommand.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.cli.Command.main(Command.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:) [elasticsearch-5.2..jar:5.2.]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:) [elasticsearch-5.2..jar:5.2.] bootstrap checks failed
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
解决方法:
shell > vim /etc/elasticsearch/elasticsearch.yml bootstrap.system_call_filter: falses
> /etc/security/limits.d/90-nproc.conf 默认参数过低导致启动失败
[--06T14::,][ERROR][o.e.b.Bootstrap ] [node01] node validation exception
bootstrap checks failed
max number of threads [] for user [elasticsearch] is too low, increase to at least []
解决方法:
shell > vim /etc/security/limits.d/-nproc.conf * soft nproc
root soft nproc unlimited # 将原 改为
ELK Stack 5.2.2 安装文档的更多相关文章
- ELK安装文档
ELK安装文档: http://cuidehua.blog.51cto.com/5449828/1769525 如何将客户端日志通过ogstash-forwarder发送给服务端的logstash h ...
- ORACLE LINUX 6.3 + ORACLE 11.2.0.3 RAC + VBOX安装文档
ORACLE LINUX 6.3 + ORACLE 11.2.0.3 RAC + VBOX安装文档 2015-10-21 12:51 525人阅读 评论(0) 收藏 举报 分类: Oracle RA ...
- Oracle 12c RAC 安装文档
参考文档: https://docs.oracle.com/en/database/oracle/oracle-database/12.2/cwlin/index.html https://docs. ...
- Oracle 11g 单实例安装文档
这里介绍在Red Hat Enterprise Linux Server release 5.7 (Tikanga)下安装ORACLE 11.2.0.1.0的过程,本文仅仅是为了写这样安装指导文档而整 ...
- linkedin开源的kafka-monitor安装文档
linkedin开源的kafka-monitor安装文档 linkedin 开源的kafka-monitor的安装使用可以参考官方的readme:流程介绍的已经比较清楚,但是还是有一些地方需要修正.让 ...
- 为什么开发者热衷在Stack Overflow上查阅API文档?
摘要:一项新研究跟踪了Android开发者的访问历史,发现开发者多达二分之一的文档是从Stack Overflow上获取到的,而Stack Overflow上的示例也多于官方指南,开发者通过搜索更多时 ...
- _00024 尼娜抹微笑伊拉克_云计算ClouderaManager以及CHD5.1.0群集部署安装文档V1.0
笔者博文:妳那伊抹微笑 itdog8 地址链接 : http://www.itdog8.com(个人链接) 博客地址:http://blog.csdn.net/u012185296 博文标题:_000 ...
- oracle database 12c R1 安装文档
INSTALLORACLE DATABASE 12C 完整的安装文档下载地址: http://download.csdn.net/detail/royjj/5665869 OS:ORALCE LINU ...
- HAProxy安装文档
HAProxy安装文档 [toc][TOC] 一.环境说明 系统环境:CentOS Linux release 7.2.1511 (Core) 系统内核:3.10.0-327.el7.x86_64 软 ...
随机推荐
- python学习笔记(一)---python下载以及环境的安装
转载网址:https://www.runoob.com/python/python-install.html 1.下载python安装包: 安装包下载网址(如下图所在的网址):https://www. ...
- access_token和微信服务地址的获取
access_token的获取: //获取微信服务器地址:
- PHP:第五章——字符串的统计及查找
<?php header("Content-Type:text/html;charset=utf-8"); /*字符串的统计与查找*/ //1.获取字符串的长度 //1)st ...
- [转载]java正则表达式
转载自:http://butter.iteye.com/blog/1189600 1.正则表达式的知识要点1.正则表达式是什么?正则表达式是一种可以用于模式匹配和替换的强有力的工具.2.正则表达式的优 ...
- centos7 搭建svn服务器&客户端的访问&备份迁移
当今用于版本控制的软件程序主要的有svn和git,其它软件咱不熟悉,今天记录下搭建svn服务器和svn客户端使用: 使用环境:虚拟机为centos7系统,svn服务器安装在centos7系统平台上,s ...
- DbVisualizer 连接 SQL Server 2008配置
软件准备 1.SQLServer驱动准备,可在该连接下载:https://pan.baidu.com/s/1i4V1Ivz (1). 解压JDBC for SQLServer drive.rar,得到 ...
- iOS-----线程同步与线程通信
线程同步与线程通信 多线程是有趣的事情,它很容易突然出现”错误情况”,这是由于系统的线程调度具有一定的随机性造成的.不过,即使程序偶然出现问题,那么是由于编程不当所引起的.当使用多个线程来访问同一个数 ...
- 创建一个新的进程os.fork
import os pid = os.fork()功能:创建新的进程参数:无返回值:失败返回一个负数 成功:在原有进程中返回一个新的进程的PID号 在新的进程中返回0 *子进程会复制父进程全部代码段, ...
- StreamSets 设计Edge pipeline
edge pipeline 运行在edge 执行模式,我们可以使用 data collector UI 进行edge pipeline 设计, 设计完成之后,你可以部署对应的pipeline到edge ...
- 监控操作系统的CPU、内存、磁盘
Linux 四大件:CPU.内存.磁盘.网络 CPU 就像人的大脑,主要负责相关事情的判断以及实际处理的机制. CPU的性能主要体现在其运行程序的速度上.影响运行速度的性能指标包括CPU的工作频率.C ...