elastic stack(一)软件安装启动

admin管理员组

文章数量:823431

elastic stack(一)软件安装启动

版本：elasticsearch 7.8.0、logstash 7.8.0、kibana 7.8.0(官网下载)   jdk 11

elk的启动账号（必须以非root账号启动）

• 1、检查本地jdk版本是匹配

java -version

 本地jdk环境是1.8（项目需求），此时需要在jdk中重新指定jdk版本

进入elasticsearch下bin目录的启动文件elasticsearch,配置如下：

#!/bin/bash# CONTROLLING STARTUP:
#
# This script relies on a few environment variables to determine startup
# behavior, those variables are:
#
#   ES_PATH_CONF -- Path to config directory
#   ES_JAVA_OPTS -- External Java Opts on top of the defaults set
#
# Optionally, exact memory values can be set using the `ES_JAVA_OPTS`. Example
# values are "512m", and "10g".
#
#   ES_JAVA_OPTS="-Xms8g -Xmx8g" ./bin/elasticsearch
# 指定jdk11
export JAVA_HOME=/gfkdata/elk/jdk-11.0.8
export PATH=$JAVA_HOME/bin:$PATHsource "`dirname "$0"`"/elasticsearch-envCHECK_KEYSTORE=true
DAEMONIZE=false
for option in "$@"; docase "$option" in-h|--help|-V|--version)CHECK_KEYSTORE=false;;-d|--daemonize)DAEMONIZE=true;;esac
doneif [ -z "$ES_TMPDIR" ]; thenES_TMPDIR=`"$JAVA" "$XSHARE" -cp "$ES_CLASSPATH" org.elasticsearch.tools.launchers.TempDirectory`
fi# get keystore password before setting java options to avoid
# conflicting GC configurations for the keystore tools
unset KEYSTORE_PASSWORD
KEYSTORE_PASSWORD=
if [[ $CHECK_KEYSTORE = true ]] \&& bin/elasticsearch-keystore has-passwd --silent
thenif ! read -s -r -p "Elasticsearch keystore password: " KEYSTORE_PASSWORD ; thenecho "Failed to read keystore password on console" 1>&2exit 1fi
fi# The JVM options parser produces the final JVM options to start Elasticsearch.
# It does this by incorporating JVM options in the following way:
#   - first, system JVM options are applied (these are hardcoded options in the
#     parser)
#   - second, JVM options are read from jvm.options and jvm.options.d/*.options
#   - third, JVM options from ES_JAVA_OPTS are applied
#   - fourth, ergonomic JVM options are applied
ES_JAVA_OPTS=`export ES_TMPDIR; "$JAVA" "$XSHARE" -cp "$ES_CLASSPATH" org.elasticsearch.tools.launchers.JvmOptionsParser "$ES_PATH_CONF"`# 添加jdk判断
if [ -x "$JAVA_HOME/bin/java" ]; thenJAVA="/gfkdata/elk/jdk-11.0.8/bin/java"
elseJAVA=`which java`
fi# manual parsing to find out, if process should be detached
if [[ $DAEMONIZE = false ]]; thenexec \"$JAVA" \"$XSHARE" \$ES_JAVA_OPTS \-Des.path.home="$ES_HOME" \-Des.path.conf="$ES_PATH_CONF" \-Des.distribution.flavor="$ES_DISTRIBUTION_FLAVOR" \-Des.distribution.type="$ES_DISTRIBUTION_TYPE" \-Des.bundled_jdk="$ES_BUNDLED_JDK" \-cp "$ES_CLASSPATH" \org.elasticsearch.bootstrap.Elasticsearch \"$@" <<<"$KEYSTORE_PASSWORD"
elseexec \"$JAVA" \"$XSHARE" \$ES_JAVA_OPTS \-Des.path.home="$ES_HOME" \-Des.path.conf="$ES_PATH_CONF" \-Des.distribution.flavor="$ES_DISTRIBUTION_FLAVOR" \-Des.distribution.type="$ES_DISTRIBUTION_TYPE" \-Des.bundled_jdk="$ES_BUNDLED_JDK" \-cp "$ES_CLASSPATH" \org.elasticsearch.bootstrap.Elasticsearch \"$@" \<<<"$KEYSTORE_PASSWORD" &retval=$?pid=$![ $retval -eq 0 ] || exit $retvalif [ ! -z "$ES_STARTUP_SLEEP_TIME" ]; thensleep $ES_STARTUP_SLEEP_TIMEfiif ! ps -p $pid > /dev/null ; thenexit 1fiexit 0
fiexit $?

elasticsearch相关配置

config/elasticsearch.yml        主配置文件

config/jvm.options                 jvm参数配置文件

config/log4j2.properties         日志配置文件

 

1、修改config目录下elasticsearch.yml配置文件（单机搭建）

####集群名称
cluster.name: my-application
####节点名称
node.name: node-1#### 是否可以成为master节点
#node.master: true
# 是否允许该节点存储数据,默认开启
#node.data: true####服务ip（支持外网访问）
network.host: 0.0.0.0
####服务端口(默认对外9200)
http.port: 9200#### 支持跨域访问
#http.cors.enabled: true
#http.cors.allow-origin: "*"####提供群集中可以成为master
discovery.seed_hosts: ["127.0.0.1"]####手动指定可成为master的所有节点的name或者ip，这些配置将会在第一次选举中进行计算
cluster.initial_master_nodes: ["127.0.0.1:9300"]

2、更改默认内存配置(默认内存大小1个G)

-Xms256m
-Xmx256m

3、启动报错：max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决方法：

vi /etc/sysctl.conf
vm.max_map_count=262144####修改完 执行以下命令使之生效
sysctl -p

4、启动elasticsearch，bin目录下：./elasticsearch

5、访问启动是否成功 curl http://localhost:9200 (出现下图表示启动成功)

 

logstash相关配置

在config目录下创建自定义配置文件myes.conf，内容如下

nput{# 从文件读取日志信息、输送到控制台,以json格式输出file{path => "/var/log/messages"codec =>"json"type =>"system"start_position =>"beginning"}
}#filter{
#
#}output{# 标准输出# stdout{}# 输出进行格式化、采用Ruby库来解析日志stdout{codec=>rubydebug}elasticsearch{###此处是elasticsearch的iphosts =>"127.0.0.1:9200"##根据每天创建索引index =>"system-%{+YYYY.MM.dd}"}
}

启动logstash：

启动指定配置文件： ./logstash -f ../config/myes.conf

logstash启动失败时，进入data目录删除.lock文件，重启

查询： ls -alh
删除.lock： rm .lock

logstash后台启动

./logstash -f config/myes.conf &

 

kibana相关配置

进入config目录下

####端口
server.port: 5601
####服务ip支持外网访问
server.host: "0.0.0.0"
####服务名称
server.name: "mykibana"
####查询的elasticsearch实例的url
elasticsearch.hosts: ["http://localhost:9200"]

启动kibana，bin目录下 ./kibana

访问url :http://ip:9200/status   或者http://ip:5601/app/kibana

至此，elk单击环境搭建好

本文标签： elastic stack(一)软件安装启动