First, the software version
1.jdk-8u211-linux-x64.rpm
2.elasticsearch-6.8.1.rpm
3.logstash-6.8.1.rpm
4.kibana-6.8.1-x86_64.rpm
Description: elasticsearch do cluster master 1: 192.168.1.102 Host 2: 192.168.1.104
logstash kibana and installed on the host 1
Second, install the software
2.1 Host 1:
jdk-8u211-linux-x64.rpm and elasticsearch-6.8.1.rpm and configured elasticsearch
Description: elasticsearch jdk environment dependent, so install jdk-8u211-linux-x64.rpm
yum -y localinstall jdk-8u211-linux-x64.rpm
yum -y localinstall elasticsearch-6.8.1.rpm
Create and log data directory and directory permissions modification
[the root-Elkl Linux @ ~] # mkdir -p / Elk / {Data, logs}
[the root-Elkl Linux @ ~] # chown elasticsearch.elasticsearch / Elk / -R & lt
Modify the memory limit, you need to configure the memory lock 2g need more memory, otherwise it will lead to not start elasticsearch.
[root @ linux-elk1 ~] # vim /usr/lib/systemd/system/elasticsearch.service
added the following line in the [-Service]
LimitMEMLOCK = Infinity
[Linux-Elkl the root @ ~] # Vim /etc/elasticsearch/jvm.options
-Xms2g
-Xmx2g # memory minimum and maximum limits.
Edit the configuration file: vim /etc/elasticsearch/elasticsearch.yml
[root@logsystem src]# grep -v "^#" /etc/elasticsearch/elasticsearch.yml
cluster.name: my-log
node.name: node-1
path.data: /elk/data
path.logs: /elk/logs
network.host: 192.168.1.102
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.1.102","192.168.1.104"]
Set boot
systemctl enable elasticsearch.service
systemctl daemon-reload
systemctl start elasticsearch.service
View the status
systemctl status elasticsearch.service
Is running, check the port
ss -tnl
View information, but also a test. If the following message appears, it indicates that the configuration is correct
curl http://192.168.1.102:9200
There are a cluster status: green, red, yellow
green means everything is good (full clustering capabilities)
Yellow means that all data is available, but some copies have not been assigned (functional clustering)
some red means that data is not available
even if a cluster is red, it is still part of the function (that is, it will continue to search requests from service available debris), but you may need to fix it as soon as possible, because you have missing data.
Restful API:
four types of the API
1. Check the cluster nodes, and other health indices or not, and obtain their respective state
2. management cluster, node, and metadata of the index
3. Perform CRUD operations
4. Advanced operations such as paging, filtering etc.
ES access interface: 9200 / tcp
语法:
curl -X<VERB> '<PROTOCOL>://host:port/<PATH>?QUERY_STRING/' -d '<BODY>'
查看elasticsearch相关信息 json格式的
[root@logsystem ~]# curl http://192.168.1.102:9200/_cluster/health?pretty=true
{
"cluster_name" : "elasticsearch",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}