ELK5.0安裝教程

ELK升級後，安裝稍微發生了點變化，在Elasticsearch中增長了不少資源上的限制，其餘的卻是沒什麼變化。不過全部的安裝都是基於JDK已經安裝完的狀況，且爲1.8版本。

安裝Elasticsearch

在官網下載elsaticsearch安裝包：
下載地址

下載對應版本拷貝到服務器，而後執行下面命令解壓縮:

tar -zxvf elasticsearch-5.2.2.tar.gz

解壓後進入對應的目錄,修改配置文件：

cluster.name: page-cluster
node.name: node-104
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["other ip"]

其中bootstrap相關是爲了解決一個報錯：

ERROR: bootstrap checks failed
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

修改參數vi /etc/sysctl.conf

fs.file-max=65536
vm.max_map_count=262144

而後執行命令sysctl -p

修改系統參數vi /etc/security/limits.conf:

*               soft    nofile          65536
*               hard    nofile          65536
*               soft    nproc           65536
*               hard    nproc           65536

修改參數vi /etc/security/limits.d/90-nproc.conf

* soft nproc 1024
#修改成
* soft nproc 2048

而後進入bin目錄，切換新帳戶執行ulimit -u 2048，執行./elasticsearch
看到下面輸出信息：

[2017-03-20T11:25:00,031][INFO ][o.e.n.Node               ] [node-104] initializing ...
[2017-03-20T11:25:00,172][INFO ][o.e.e.NodeEnvironment    ] [node-104] using [1] data paths, mounts [[/ (/dev/sda3)]], net usable_space [1.4tb], net total_space [1.7tb], spins? [possibly], types [ext4]
[2017-03-20T11:25:00,173][INFO ][o.e.e.NodeEnvironment    ] [node-104] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-03-20T11:25:00,174][INFO ][o.e.n.Node               ] [node-104] node name [node-104], node ID [T8UBB8IMT96Gh4bJx9u7ww]
[2017-03-20T11:25:00,176][INFO ][o.e.n.Node               ] [node-104] version[5.2.2], pid[30823], build[f9d9b74/2017-02-24T17:26:45.835Z], OS[Linux/2.6.32-642.11.1.el6.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_65/25.65-b01]
[2017-03-20T11:25:00,974][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [aggs-matrix-stats]
[2017-03-20T11:25:00,975][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [ingest-common]
[2017-03-20T11:25:00,975][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [lang-expression]
[2017-03-20T11:25:00,975][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [lang-groovy]
[2017-03-20T11:25:00,975][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [lang-mustache]
[2017-03-20T11:25:00,975][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [lang-painless]
[2017-03-20T11:25:00,975][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [percolator]
[2017-03-20T11:25:00,975][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [reindex]
[2017-03-20T11:25:00,976][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [transport-netty3]
[2017-03-20T11:25:00,976][INFO ][o.e.p.PluginsService     ] [node-104] loaded module [transport-netty4]
[2017-03-20T11:25:00,976][INFO ][o.e.p.PluginsService     ] [node-104] no plugins loaded
[2017-03-20T11:25:02,888][INFO ][o.e.n.Node               ] [node-104] initialized
[2017-03-20T11:25:02,888][INFO ][o.e.n.Node               ] [node-104] starting ...
[2017-03-20T11:25:03,084][INFO ][o.e.t.TransportService   ] [node-104] publish_address {10.10.5.104:9300}, bound_addresses {[::]:9300}
[2017-03-20T11:25:03,090][INFO ][o.e.b.BootstrapChecks    ] [node-104] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
[2017-03-20T11:25:06,136][INFO ][o.e.c.s.ClusterService   ] [node-104] new_master {node-104}{T8UBB8IMT96Gh4bJx9u7ww}{An_WWH5xTYWUAZ-mXid5JQ}{10.10.5.104}{10.10.5.104:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2017-03-20T11:25:06,154][INFO ][o.e.h.HttpServer         ] [node-104] publish_address {1.1.1.1:9200}, bound_addresses {[::]:9200}
[2017-03-20T11:25:06,154][INFO ][o.e.n.Node               ] [node-104] started
[2017-03-20T11:25:06,229][INFO ][o.e.g.GatewayService     ] [node-104] recovered [0] indices into cluster_state
^C[2017-03-20T11:28:30,939][INFO ][o.e.n.Node               ] [node-104] stopping ...
[2017-03-20T11:28:30,977][INFO ][o.e.n.Node               ] [node-104] stopped
[2017-03-20T11:28:30,977][INFO ][o.e.n.Node               ] [node-104] closing ...
[2017-03-20T11:28:30,987][INFO ][o.e.n.Node               ] [node-104] closed

訪問對應的地址:http://1.2.3.4:9200/

看到下面的信息，就正常了：

{
"name": "node-104",
"cluster_name": "page-cluster",
"cluster_uuid": "jZsQmqpUSbS_Hwv-NcGWsg",
"version": {
"number": "5.2.2",
"build_hash": "f9d9b74",
"build_date": "2017-02-24T17:26:45.835Z",
"build_snapshot": false,
"lucene_version": "6.4.1"
},
"tagline": "You Know, for Search"
}

安裝Kibana

去官網下載Kibana安裝包，下載地址

解壓縮後，修改配置文件vi kibana.yml：

server.host: 0.0.0.0

運行./bin/kibana,看到輸出:

[hdfs@localnode4 bin]$ ./kibana
  log   [05:22:04.137] [info][status][plugin:kibana@5.2.2] Status changed from uninitialized to green - Ready
  log   [05:22:04.224] [info][status][plugin:elasticsearch@5.2.2] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [05:22:04.254] [info][status][plugin:console@5.2.2] Status changed from uninitialized to green - Ready
  log   [05:22:04.476] [info][status][plugin:timelion@5.2.2] Status changed from uninitialized to green - Ready
  log   [05:22:04.480] [info][listening] Server running at http://0.0.0.0:5601
  log   [05:22:04.482] [info][status][ui settings] Status changed from uninitialized to yellow - Elasticsearch plugin is yellow
  log   [05:22:09.490] [info][status][plugin:elasticsearch@5.2.2] Status changed from yellow to yellow - No existing Kibana index found
  log   [05:22:10.331] [info][status][plugin:elasticsearch@5.2.2] Status changed from yellow to green - Kibana index ready
  log   [05:22:10.331] [info][status][ui settings] Status changed from yellow to green - Ready

而後訪問對應的頁面便可：1.1.1.1:5601

安裝logstash

Logstash我用的wondows版本，下載後解壓就能夠用。下載地址

在logstash_home/bin目錄下建立logstash.conf文件，內容以下：

input {
    stdin{}
}
output {
    stdout{codec=>rubydebug}
}

而後執行下面的命令logstash.bat -f logstash.conf:

C:\Users\xx\Documents\workspace\elk\logstash-5.2.2\bin>logstash.bat -f logstash.conf
Could not find log4j2 configuration at path /Users/xinghailong/Documents/workspace/elk/logstash-5.2.2/config/log4j2.properties. Using default config which logs to console
09:10:25.692 [[main]-pipeline-manager] INFO  logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
09:10:25.758 [[main]-pipeline-manager] INFO  logstash.pipeline - Pipeline main started
The stdin plugin is now waiting for input:
09:10:26.229 [Api Webserver] INFO  logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
test
{
    "@timestamp" => 2017-03-20T06:31:49.209Z,
      "@version" => "1",
          "host" => "DESKTOP-JB5HET6",
       "message" => "test\r"
}
success
{
    "@timestamp" => 2017-03-20T06:31:54.481Z,
      "@version" => "1",
          "host" => "DESKTOP-JB5HET6",
       "message" => "success\r"
}