搭建elk日志系統（持續更新中）

首先本機的jdk版本時1.8。

下載下傳elasticsearch：

官網教程：https://www.elastic.co/guide/en/elasticsearch/reference/7.2/rpm.html

我使用的是：

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-x86_64.rpm.sha512
shasum -a 512 -c elasticsearch-7.2.0-x86_64.rpm.sha512 
sudo rpm --install elasticsearch-7.2.0-x86_64.rpm
           

使用：sudo -i service elasticsearch start 啟動未成功

檢視日志：sudo -i service elasticsearch start

報錯如下：

Jul  2 18:50:37 VM_0_4_centos systemd-logind: Removed session 2503.
Jul  2 19:07:07 VM_0_4_centos systemd: Started Elasticsearch.
Jul  2 19:07:07 VM_0_4_centos systemd: Starting Elasticsearch...
Jul  2 19:07:07 VM_0_4_centos elasticsearch: Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
Jul  2 19:07:07 VM_0_4_centos elasticsearch: output:
Jul  2 19:07:07 VM_0_4_centos elasticsearch: #
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # There is insufficient memory for the Java Runtime Environment to continue.
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # Native memory allocation (mmap) failed to map 986513408 bytes for committing reserved memory.
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # An error report file with more information is saved as:
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # /var/log/elasticsearch/hs_err_pid25927.log
Jul  2 19:07:07 VM_0_4_centos elasticsearch: error:
Jul  2 19:07:07 VM_0_4_centos elasticsearch: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Jul  2 19:07:07 VM_0_4_centos elasticsearch: OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000c5330000, 986513408, 0) failed; error='Not enough space' (errno=12)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:111)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:79)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:57)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:89)
Jul  2 19:07:07 VM_0_4_centos systemd: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Jul  2 19:07:07 VM_0_4_centos systemd: Unit elasticsearch.service entered failed state.
Jul  2 19:07:07 VM_0_4_centos systemd: elasticsearch.service failed.

           

首先是說記憶體問題，于是我檢視了配置檔案 ：vim /etc/elasticsearch/jvm.options

預設配置是1g，我伺服器是2g的運作 那麼應該是可以的。但是我還是将配置改小一點試試，更改如下：

-Xms256m

-Xmx256m

啟動後還是失敗，然後修改了配置檔案elasticsearch.yml 的 network.host: 0.0.0.0 ，允許任何請求通路

結果還是失敗，檢視日志：tail -n 10 -f /var/log/elasticsearch/elasticsearch.log

報錯為：

[1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
           

這是就需要修改配置檔案：elasticsearch.yml

cluster.initial_master_nodes: ["node-1"]
           

最後啟動成功，通路成功。