ELK實戰:https://blog.csdn.net/beyond_qjm/article/details/81943187
一、安裝(elasticsearch-6.2.3)
1. 下載下傳連結
https://www.elastic.co/downloads/past-releases
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.tar.gz
2. 建立新使用者(高版本elasticsearch為安裝考慮已禁止使用root啟動)
useradd elk
passwd elk
3. 解壓 安裝包
安裝目錄 /home/elk
tar -xvf elasticsearch-6.2.3.tar.gz
4. 建立資料儲存目錄
mkdir /home/elk/data/elasticsearch/data
5. 建立日志資訊儲存目錄
mkdir /home/elk/data/elasticsearch/logs
二、配置
配置檔案(/home/elk/elasticsearch-6.2.3/config/elasticsearch.yml)
1. 配置說明(紅色為必配置,綠色建議配置,其他可以為預設)
| #叢集的名稱 cluster.name: elk #節點名稱,不能相同 node.name: node-1 #指定該節點是否有資格被選舉成為master節點,預設是true,es是預設叢集中的第一台機器為master,如果這台機挂了就會重新選舉master node.master: true #允許該節點存儲資料(預設開啟) node.data: true #索引資料的存儲路徑 path.data: /home/elk/data/elasticsearch/data #日志檔案的存儲路徑 path.logs: /home/elk/data/elasticsearch/logs #設定為true來鎖住記憶體。因為記憶體交換到磁盤對伺服器性能來說是緻命的,當jvm開始swapping時es的效率會降低,是以要保證它不swap bootstrap.memory_lock: true #綁定的ip位址,預設為localhost如果在别的PC可能無法通過浏覽器通路 network.host: 172.17.0.183 #設定對外服務的http端口,預設為9200 http.port: 9200 # 設定節點間互動的tcp端口,預設是9300 transport.tcp.port: 9300 #Elasticsearch将綁定到可用的環回位址,并将掃描端口9300到9305以嘗試連接配接到運作在同一台伺服器上的其他節點。 #這提供了自動叢集體驗,而無需進行任何配置。數組設定或逗号分隔的設定。每個值的形式應該是host:port或host #(如果沒有設定,port預設設定會transport.profiles.default.port 回落到transport.tcp.port)。 #請注意,IPv6主機必須放在括号内。預設為127.0.0.1, [::1] discovery.zen.ping.unicast.hosts: ["172.17.0.181:9300", "172.17.0.182:9300", "172.17.0.183:9300"] #如果沒有這種設定,遭受網絡故障的叢集就有可能将叢集分成兩個獨立的叢集 - 分裂的大腦 - 這将導緻資料丢失 discovery.zen.minimum_master_nodes: 3 #主節點需要配置否側 _head 插件無法連接配接 #開啟跨域通路支援,預設為false http.cors.enabled: true #跨域通路允許的域名位址,(允許所有域名)以上使用正則 http.cors.allow-origin: "*" |
2. 配置
| # ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster.name: elk # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-183 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # path.data: /home/elk/data/elasticsearch/data # # Path to log files: # path.logs: /home/elk/data/elasticsearch/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # bootstrap.memory_lock: false bootstrap.system_call_filter: false # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 172.17.0.183 # # Set a custom port for HTTP: # http.port: 9200 transport.tcp.port: 9300 #是否作為主機 node.master: true #是否作為資料節點 node.data: false # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # discovery.zen.ping.unicast.hosts: ["172.17.0.181:9300", "172.17.0.182:9300","172.17.0.183:9300"] # # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): # #discovery.zen.minimum_master_nodes: 2 # # For more information, consult the zen discovery module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true http.cors.enabled: true http.cors.allow-origin: "*" |
三、安裝可能報錯
錯誤
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536
編輯 limits.conf 在第一行加上如下内容
vi /etc/security/limits.conf
| * soft nofile 65536 * hard nofile 131072 * soft nproc 2048 * hard nproc 4096 |
錯誤
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
編輯 limits.conf 在第一行加上如下内容
vi /etc/sysctl.conf
| vm.max_map_count = 655360 |
執行 sysctl -p
sysctl -p
錯誤
[3]: ERROR: bootstrap checks failed system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
這是在因為Centos6不支援SecComp,而ES5.2.0預設bootstrap.system_call_filter為true進行檢測,是以導緻檢測失敗,失敗後直接導緻ES不能啟動。
編輯elasticsearch.yml中配置bootstrap.system_call_filter為false,注意要在Memory下面
| bootstrap.memory_lock: false bootstrap.system_call_filter: false |
![資料采集學習劄記[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)