搭建elk日志系统（持续更新中）

首先本机的jdk版本时1.8。

下载elasticsearch：

官网教程：https://www.elastic.co/guide/en/elasticsearch/reference/7.2/rpm.html

我使用的是：

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-x86_64.rpm
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-x86_64.rpm.sha512
shasum -a 512 -c elasticsearch-7.2.0-x86_64.rpm.sha512 
sudo rpm --install elasticsearch-7.2.0-x86_64.rpm
           

使用：sudo -i service elasticsearch start 启动未成功

查看日志：sudo -i service elasticsearch start

报错如下：

Jul  2 18:50:37 VM_0_4_centos systemd-logind: Removed session 2503.
Jul  2 19:07:07 VM_0_4_centos systemd: Started Elasticsearch.
Jul  2 19:07:07 VM_0_4_centos systemd: Starting Elasticsearch...
Jul  2 19:07:07 VM_0_4_centos elasticsearch: Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
Jul  2 19:07:07 VM_0_4_centos elasticsearch: output:
Jul  2 19:07:07 VM_0_4_centos elasticsearch: #
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # There is insufficient memory for the Java Runtime Environment to continue.
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # Native memory allocation (mmap) failed to map 986513408 bytes for committing reserved memory.
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # An error report file with more information is saved as:
Jul  2 19:07:07 VM_0_4_centos elasticsearch: # /var/log/elasticsearch/hs_err_pid25927.log
Jul  2 19:07:07 VM_0_4_centos elasticsearch: error:
Jul  2 19:07:07 VM_0_4_centos elasticsearch: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Jul  2 19:07:07 VM_0_4_centos elasticsearch: OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000c5330000, 986513408, 0) failed; error='Not enough space' (errno=12)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:111)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:79)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:57)
Jul  2 19:07:07 VM_0_4_centos elasticsearch: at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:89)
Jul  2 19:07:07 VM_0_4_centos systemd: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Jul  2 19:07:07 VM_0_4_centos systemd: Unit elasticsearch.service entered failed state.
Jul  2 19:07:07 VM_0_4_centos systemd: elasticsearch.service failed.

           

首先是说内存问题，于是我查看了配置文件 ：vim /etc/elasticsearch/jvm.options

默认配置是1g，我服务器是2g的运行 那么应该是可以的。但是我还是将配置改小一点试试，更改如下：

-Xms256m

-Xmx256m

启动后还是失败，然后修改了配置文件elasticsearch.yml 的 network.host: 0.0.0.0 ，允许任何请求访问

结果还是失败，查看日志：tail -n 10 -f /var/log/elasticsearch/elasticsearch.log

报错为：

[1] bootstrap checks failed
[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
           

这是就需要修改配置文件：elasticsearch.yml

cluster.initial_master_nodes: ["node-1"]
           

最后启动成功，访问成功。