Elasticsearch5.2.2安裝

安裝環境：

操做系統:centos 6.8
jdk版本：jdk1.8.0_121
應用版本:Elasticsearch 5.2.2

1.Elasticsearch5.2.2安裝

(1)下載地址：

wget -P /usr/local/src https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.2.tar.gz

(2)jdk安裝
jdk包文件自行官網下載:

下載的軟件存放目錄爲/usr/local/src/

解壓：tar -zxvf jdk-8u121-linux-x64.tar.gz -C /usr/local/
進入目錄：cd /usr/local/
作軟鏈接：ln -s jdk1.8.0_121 java

添加環境變量

#vim /etc/profile
最後添加:
export JAVA_HOME=/usr/local/java
export JAVA_BIN=$JAVA_HOME/bin
export PATH=$PATH:$JAVA_HOME/bin
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH

使profile生效
#source /etc/profile

檢測jdk是否安裝成功.

java -version

(3)安裝Elasticsearch

[root@localhost src]#tar -zxvf elasticsearch-5.22.tar.gz -C /usr/local/
[root@elk-node1 local]# ln -s elasticsearch-5.22 elasticsearch

二、用戶組和用戶建立，elasticsearch不能使用root啓動，所以須要建立其餘用戶來啓動

建立用戶組

groupadd elsearch
useradd -g elsearch elsearch
chown -R elsearch:elsearch  elasticsearch*

三、設置系統的相關參數,若是不設置參數將會存在相關的問題致使不能啓動

配置系統最大文件數

vim /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536

修改最大線程數的配置

vim /etc/security/limits.d/90-nproc.conf	
*          soft    nproc     65536
root       soft    nproc     unlimited

內存過小須要修改

vim /usr/local/elasticsearch/config/jvm.options
將-Xmx2g改爲-Xmx512m
將-Xms2g改爲-Xms512m
-Xms512m
-Xmx512m

調整虛擬內存最大map數量，默認是65536，調整最大的文件數量

vim /etc/sysctl.conf

在文件最底下增長：vm.max_map_count=262144和fs.file-max=65536
使生效並查看值：sysctl -p
最好也執行一下這條語句，確保修改爲功
echo "262144" >  /proc/sys/vm/max_map_count

(4)啓動elasticsearch

修改配置文件：vim /usr/local/elasticsearch/config/elasticsearch.yml
配置下面參數
network.host: 本機IP地址
http.port: 9200
須要注意，若是您的系統是centos 6.5須要再末尾增長：bootstrap.system_call_filter: false。不增長的狀況下啓動會報異常，緣由是操做系統不兼容

啓動程序

切換到設置的用戶：su - elsearch
啓動：/usr/local/elasticsearch/bin/elasticsearch -d

(5.)驗證有沒有啓動成功：curl http://IP:9200,返回下面信息說明啓動成功

#結合 `-i 參數來顯示HTTP 頭信息

[root@localhost]# curl -i -XGET '192.168.100.70:9200/'
HTTP/1.1 200 OK
content-type: application/json; charset=UTF-8
content-length: 324

{
  "name" : "node-1",
  "cluster_name" : "elk-cluster",
  "cluster_uuid" : "bMJ2JfagSHSe2oQsGRxXkw",
  "version" : {
    "number" : "5.2.2",
    "build_hash" : "f9d9b74",
    "build_date" : "2017-02-24T17:26:45.835Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.1"
  },
  "tagline" : "You Know, for Search"
}

 

官網地址：
https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html

https://www.elastic.co/guide/en/logstash/5.2/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-hosts

logstash-kibana下載地址:

wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.2.2-linux-x86_64.tar.gz

kibana可視化配置文檔：

http://www.apache.wiki/pages/viewpage.action?pageId=2163133

 

ELK5.2.2 X-pack 安裝：　

elasticsearch:
若是elasticsearch是集羣，每一個節點都安裝x-pack.

[root@ELK-node1 elasticsearch]# bin/elasticsearch-plugin install x-pack
[root@ELK-node2 elasticsearch]# bin/elasticsearch-plugin install x-pack

修改配置文件，在末尾加上以下行:

vim elasticsearch.yml

action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*

logstash安裝x-pack,若是logstash是多臺也都得安裝:

[root@ELK-node1 logstash]# bin/logstash-plugin install x-pack　

[root@ELK-node1 config]# vim logstash.yml 

xpack.monitoring.elasticsearch.url: "http://es-ip:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "changeme"　　

在logstash配置文件logstash.conf中要指定認證用戶名和密碼:如

if [type] == "nginx-access" {
    elasticsearch {
      hosts => [ "192.168.100.70:9200","192.168.100.71:9200" ]
      index => "logstash-xxx-log-%{+YYYY.MM.dd}"
      user => logstash_internal
      password => changeme
    }
  }　　

kibana安裝x-pack:

[root@ELK-node2 kibana]# bin/kibana-plugin install x-pack

重啓ELK各個服務：

登陸kibna: http://ip:5601

默認登陸用戶名密碼：

　　elastic
　　changeme

若是kibana能夠登陸，但logstash日誌仍是有以下報錯信息：

[WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. 
{:url=>#<URI::HTTP:0x3c6582db URL:http://127.0.0.1:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::
BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}

則再建立以下用戶（能夠直接在kibana控制檯的Dev Tools中執行以下命令）：

POST _xpack/security/role/logstash_writer
{
  "cluster": ["manage_index_templates", "monitor"],
  "indices": [
    {
      "names": [ "logstash-*" ], 
      "privileges": ["write","delete","create_index"]
    }
  ]
}



POST _xpack/security/user/logstash_internal
{
  "password" : "changeme",
  "roles" : [ "logstash_writer"],
  "full_name" : "Internal Logstash User"
}

使用_cat查看Elasticsearch狀態 

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat
=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates

統計：

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/count?v
epoch      timestamp count
1517975582 11:53:02  5794388

查看監控狀態：

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/health?v
epoch      timestamp cluster   status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1517975847 11:57:27  escluster green           5         5    344 172    0    0        0             0                  -                100.0%

查看集羣master節點狀態

[root@v01-ops-es01 ~]# curl http://10.100.3.61:9200/_cat/master?v
id                     host        ip          node
uKwubwwrTF-C1FWNQiLVWg 10.100.3.59 10.100.3.59 es01

搜索es集羣索引日誌信息：

curl -XGET 'http://127.0.0.1:9200/*-2017-10-*'

刪除索引：

curl -XDELETE 'http://10.200.3.90:9200/logstash-www1.beta.etongdai.org_access.log-2018.04.*'

參考文檔： http://blog.csdn.net/ybtsdst/article/details/51907020

 

參考文檔： 　　　　http://doc.okbase.net/davidgu/archive/262011.html 　　　　http://www.th7.cn/system/lin/201611/187507.shtml 　　　　https://www.elastic.co/guide/en/x-pack/current/index.html 　　　　https://stackoverflow.com/questions/43281264/how-enable-anonymous-access-in-elasticsearch-5-3