elk installation record

Install elk on centos6.5, record the installation process and exception handling process.

First download elk, I downloaded version 5.1.1, three packages and jdk8, at the beginning I used 7, there were a lot of problems, and then I simply reinstalled java8, the problem disappeared directly.

The first step is to configure the java environment variables

Modify /etc/profile

/etc/profile writes

JAVA_HOME=/usr/local/jdk1.8.0_111
PATH=$PATH:$HOME/bin:$JAVA_HOME/bin
export JAVA_HOME
ulimit -SHn 65536
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL

Execute source /etc/profile

The second step, install elasticsearch

First, unzip the installation package:

Install Elasticsearch. It must be noted that the root account cannot be used

wrote

unzip elasticsearch-5.1.1.zip

Installed to /usr/local/ can also be customized, copy the file to /usr/local/elasticsearch-5.1.1

elasticsearch directory writes

drwxr-xr-x 2 appuser appuser 4096 Dec 26 18:01 bin
drwxr-xr-x 3 appuser appuser 4096 Dec 27 15:01 config
drwxrwxr-x 3 appuser appuser 4096 Dec 27 10:08 data
-rw-rw-r-- 1 appuser appuser 17022 Dec 27 10:06 hs_err_pid1224.log
drwxr-xr-x 2 appuser appuser 4096 Dec 26 18:01 lib
-rw-r--r-- 1 appuser appuser 11358 Dec 26 18:01 LICENSE.txt
drwxrwxr-x 2 appuser appuser 4096 Dec 27 14:22 logs
drwxr-xr-x 12 appuser appuser 4096 Dec 26 18:01 modules
-rw-r--r-- 1 appuser appuser 150 Dec 26 18:01 NOTICE.txt
drwxr-xr-x 2 appuser appuser 4096 Dec 27 15:24 plugins
-rw-r--r-- 1 appuser appuser 9108 Dec 26 18:01 README.textile

The config file writes

[appuser@zabbix elasticsearch]$ vim config/elasticsearch.yml
cluster.name: cluster-test
node.name: node-1
path.data: /tmp/elasticsearch/data
path.logs: /tmp/elasticsearch/logs
network.host: 192.168.1.1
http.port: 9200

启动写道

./bin/elasticsearch &

修改 config/elasticsearch.yml，配置一下 ES。

首先，找到“network.host”行，添加一行：

写道

network.host: your id address
就能通过IP，或浏览器访问。

再找到“http.port”行，添加一行：
http.port: 9200

访问http://114.215.168.115:9200/ 写道

{
"name" : "node-1",
"cluster_name" : "my-application",
"cluster_uuid" : "uylfWdFdSuyqLLIWd_ttVg",
"version" : {
"number" : "5.1.1",
"build_hash" : "5395e21",
"build_date" : "2016-12-06T12:36:15.409Z",
"build_snapshot" : false,
"lucene_version" : "6.3.0"
},
"tagline" : "You Know, for Search"
}

中途启动有几个错误，做下记录：

写道

ERROR: bootstrap checks failed

max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]
max number of threads [1024] for user [lishang] likely too low, increase to at least [2048]

解决：切换到root用户，编辑limits.conf 添加类似如下内容

vi /etc/security/limits.conf

添加如下内容:

* soft nofile 65536

* hard nofile 131072

* soft nproc 2048

* hard nproc 4096

max number of threads [1024] for user [lish] likely too low, increase to at least [2048]

解决：切换到root用户，进入limits.d目录下修改配置文件。

vi /etc/security/limits.d/90-nproc.conf

修改如下内容：

* soft nproc 1024

#修改为

* soft nproc 2048

max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]

解决：切换到root用户修改配置sysctl.conf

vi /etc/sysctl.conf

添加下面配置：

vm.max_map_count=655360

并执行命令：

sysctl -p

然后，重新启动elasticsearch，即可启动成功。

第三部分，安装logstash

解压安装包

写道

tar zxvf logstash

测试一下功能

写道

/usr/local/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'

定义屏幕输入为源，没问题以后，可以加入在配置文件里面

写道

[root@iZbp1ikiaevnqhvtazc51gZ local]# cd kibana-5.1.1-linux-x86_64/
[root@iZbp1ikiaevnqhvtazc51gZ kibana-5.1.1-linux-x86_64]# ll
total 68
drwxr-xr-x 2 root root 4096 Dec 27 16:07 bin
drwxr-xr-x 2 root root 4096 Dec 27 16:08 config
drwxr-xr-x 2 root root 4096 Dec 27 16:09 data
-rw-r--r-- 1 root root 562 Dec 27 16:07 LICENSE.txt
drwxr-xr-x 6 root root 4096 Dec 27 16:07 node
drwxr-xr-x 471 root root 20480 Dec 27 16:07 node_modules
drwxr-xr-x 3 root root 4096 Dec 27 16:07 optimize
-rw-r--r-- 1 root root 701 Dec 27 16:07 package.json
drwxr-xr-x 2 root root 4096 Dec 27 16:07 plugins
-rw-r--r-- 1 root root 4962 Dec 27 16:07 README.txt
drwxr-xr-x 9 root root 4096 Dec 27 16:07 src
drwxr-xr-x 2 root root 4096 Dec 27 16:07 webpackShims

config目录放入配置文件写道

[root@zabbix etc]# vim logstash-simple.conf

input { stdin { } }
output {
elasticsearch {hosts => "192.168.1.1" }
stdout { codec=> rubydebug }
}

Logstash使用input和output定义收集日志时的输入和输出的相关配置，本例中input定义了一个叫"stdin"的input，output定义一个叫"stdout"的output

测试一把写道

[root@zabbix local]# /usr/local/logstash/bin/logstash -f /usr/local/logstash/etc/logstash-test.conf
Settings: Default pipeline workers: 2
Logstash startup completed
hello world
{
"message" => "hello world",
"@version" => "1",
"@timestamp" => "2016-03-31T08:20:00.736Z",
"host" => "zabbix.com"
}

第四步：安装Kibana

解压包写道

tar zxvf kibana.tar.gz

修改配置文件

写道

[root@iZbp1ikiaevnqhvtazc51gZ kibana-5.1.1-linux-x86_64]# ll
total 68
drwxr-xr-x 2 root root 4096 Dec 27 16:07 bin
drwxr-xr-x 2 root root 4096 Dec 27 16:08 config
drwxr-xr-x 2 root root 4096 Dec 27 16:09 data
-rw-r--r-- 1 root root 562 Dec 27 16:07 LICENSE.txt
drwxr-xr-x 6 root root 4096 Dec 27 16:07 node
drwxr-xr-x 471 root root 20480 Dec 27 16:07 node_modules
drwxr-xr-x 3 root root 4096 Dec 27 16:07 optimize
-rw-r--r-- 1 root root 701 Dec 27 16:07 package.json
drwxr-xr-x 2 root root 4096 Dec 27 16:07 plugins
-rw-r--r-- 1 root root 4962 Dec 27 16:07 README.txt
drwxr-xr-x 9 root root 4096 Dec 27 16:07 src
drwxr-xr-x 2 root root 4096 Dec 27 16:07 webpackShims

写道

server.port: 5601
server.host: “192.168.1.245”
elasticsearch.url: http://192.168.1.245:9200
kibana.index: “.kibana”

startup 写道

./bin/kibana

登录后，首先，配置一个索引，默认，Kibana的数据被指向Elasticsearch，使用默认的logstash-*的索引名

使用控制台输入来测试一下，整体的功能，在logstash下面输入，然后传递给elasticsearch，在通过kibana来展示

写道

./logstash-5.1.1/bin/logstash -f ./logstash-5.1.1/config/logstash-simple.conf

elk installation record

Guess you like