elk的离线安装和问题处理

--------elasticsearch安装------------------------------------------------------------------

---------账号-----------------------
elasticsearch:
useradd es
linux账号:es / es123456

–初始化所有账号密码
elasticsearch-setup-passwords interactive

Enter password for [elastic]:12345678

Enter password for [apm_system]:12345678

Enter password for [kibana_system]:12345678

Enter password for [logstash_system]:12345678

Enter password for [beats_system]:12345678

Enter password for [remote_monitoring_user]:12345678

–修改账号密码:
elasticsearch-reset-passwords -u elastic -i

----------安装--------------------
1、上传压缩包并解压
tar zxvf elasticsearch-8.3.2-linux-x86_64.tar.gz
mv elasticsearch-8.3.2-linux-x86_64 elasticsearch
2、创建ES用户
命令:useradd es
命令:passwd es(设置密码)
修改权限 : chown -R es:es elasticsearch
切换用户:su es

修改配置(可以不做)
修改jvm.options
-Xms1g
-Xmx1g

—修改elasticsearch.yml
命令:vi elasticsearch.yml
修改数据和日志目录:
path.data: /home/yinlian/elasticsearch/data # 数据目录位置
path.logs: /home/yinlian/elasticsearch/logs # 日志目录位置
修改绑定的ip:
network.host: 0.0.0.0 # 绑定到0.0.0.0,允许任何ip来访问(默认是只有本机访问)

–创建data目录
mkdir /home/yinlian/elasticsearch/data
chown -R es:e /home/yinlian/elasticsearch/data

–运行
进入elasticsearch/bin目录,执行命令:
./elasticsearch
后台运行:nohup ./elasticsearch>elasticsearch.out &

—停止服务
ps -ef | grep Elasticsearch | grep -v grep | awk ‘{print $2}’
kill -9 pid

-------------------开机启动---------------------
elasticsearch

  1. 在/etc/init.d目录下新建文件elasticsearch,配置如下内容:

#!/bin/sh

#chkconfig: 2345 80 05

#description: elasticsearch

export JAVA_HOME=/usr/java/jdk1.8.0_181-amd64

export JAVA_BIN=/usr/java/jdk1.8.0_181-amd64/bin

export PATH=P A T H : PATH:PATH:JAVA_HOME/bin

export CLASSPATH=.:J A V A H O M E / l i b / d t . j a r : JAVA_HOME/lib/dt.jar:JAVAHOME/lib/dt.jar:JAVA_HOME/lib/tools.jar

export JAVA_HOME JAVA_BIN PATH CLASSPATH

case “$1” in

start)

su es<<!


cd /opt/tools/elasticsearch


./bin/elasticsearch -d

!

echo "elasticsearch startup"


;;

stop)

es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`


kill -9 $es_pid


echo "elasticsearch stopped"


;;

restart)

es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`


kill -9 $es_pid


echo "elasticsearch stopped"


su es<<!


cd /opt/tools/elasticsearch


./bin/elasticsearch -d

!

echo "elasticsearch startup"


;;

*)

echo "start|stop|restart"


;;

esac

exit $?

  1. 保存退出,赋予执行权限

chmod +x /etc/init.d/elasticsearch

  1. 添加开机自启动

chkconfig --add /etc/init.d/elasticsearch

–测试命令
curl -u elastic http://localhost:9200/_cat/indices?v

-----配置注意事项--------------
1、
单节点配置:
在elasticsearch.yml 配置文件中去除
discovery.seed_hosts 和cluster.initial_master_nodes.
然后添加discovery.type: single-node

集群配置:
discovery.seed_hosts 和cluster.initial_master_nodes.

2、修改配置

文件权限不足
vi /etc/security/limits.conf

  • soft nofile 65536
  • hard nofile 131072
  • soft nproc 4096
  • hard nproc 4096

线程不够
vi /etc/security/limits.d/90-nproc.conf

  • soft nproc 1024 修改为 * soft nproc 4096

elasticsearch用户拥有的内存权限太小
继续修改配置:vi /etc/sysctl.conf
添加内容:vm.max_map_count=655360
然后执行命令:sysctl -p

----可以使用es自带的jdk包运行
vi bin/elasticsearch-env
修改:ES_JAVA_HOME=/opt/tools/elasticsearch/jdk

-----------elasticsearch-head安装------------------------------------------------------------------

1、安装nodejs模块,安装cnpm,再安装grunt

2、启动运行
cd elasticsearch-head
cnpm start
或者
grunt service

–界面
http://xxx:9100/?auth_user=elastic&auth_password=123456
后面带用户认证参数
elasticseach使用:http://xxxx:9200/

-----------kibana安装------------------------------------------------------------------

问题处理:
1、chome浏览器加载不出登录页面,可能是版本过低。
2、汉化过程,修改kibana.yml文件的语言部分

启动方式
su - kibana
./bin/kibana
后台启动:nohup ./bin/kibana > kibana.out &

—停止服务
ps -ef | grep kibana | grep -v grep | awk ‘{print $2}’
kill -9 pid

—注意
kibana.yml这里设置的用户名和kibana登录界面时使用的用户名要不一样。
elasticsearch.username: “kibana_system”
elasticsearch.password: “123456”

页面访问地址:http:// ip: 5601
elastic / 123456

--------logstash安装------------------------------------------------------------------

–安装
rpm -ivh logstash-8.2.0-x86_64.rpm

–配置
ps -ef | grep logstash
cd /etc/logstash
vi logstash.yml
日志文件位置:path.logs: /var/log/logstash

–elasticsearch位置(可以不添加):
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: “123456” --注意这里一定要要引号
xpack.monitoring.elasticsearch.hosts: [“http://17.0.0.1:9200”]

–logstash采集插件配置
cdcd /etc/logstash/conf.d
注意这里修改新建采集进度的文件
last_run_metadata_path => “/data/meta/log_loginlog_offset.txt”
mkdir /data/meta
touch /data/meta/log_loginlog_offset.txt
chown -R logstash.logstash /data/meta/log_loginlog_offset.txt

–权限
我们必须保证logstash在运行过程中对该日志有读的权限
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/nginx.conf

–测试
input中增加sincedb_path => “/dev/null” 每次都从头开始

–启动服务
systemctl start logstash.service

版权声明:本文为peter_wsh原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。