一、elasticsearch安装步骤
1.官网下载安装包
https://www.elastic.co/cn/downloads/elasticsearch elasticsearch
https://www.elastic.co/cn/downloads/logstash logstash
https://www.elastic.co/cn/downloads/kibana kibana
2.上传到服务器上,解压缩(请确认服务器上jdk版本为1.8及以上)
#tar xxx
root用户下建立一个新的用户
#adduser esuser
root用户下给刚解压的文件夹赋权
#chown -R esuser /var/elasticsearch-5.x/
3.切换到刚刚的用户
#su esuser
#chmod 777 /var/elasticsearch-5.x/
4.到/elasticsearch/config目录下打开elasticsearch.yml文件进行修改
#集群名称,不同服务器上的集群名称需一样,才能形成集群
cluster.name: elasticsearch
#集群中的几点名称,不能重复
node.name: node-1
#索引分片个数
#index.number_of_shards: 5
#索引副本个数
#index.number_of_replicas: 1
#绑定IP
network.host: 127.0.0.1
#交互的IP
transport.tcp.port: 9300
#对外服务端口
http.port: 9200
#
http.cors.enabled: true
http.cors.allow-origin: "*"
#
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
#是否可以成为主节点
node.master: true
#是否可以成为存储节点
node.data: true
#集群的服务器地址
discovery.zen.ping.unicast.hosts: ["127.0.0.1","127.0.0.1"]
#最少启动的集群服务器数量
discovery.zen.minimum_master_nodes: 15.启动es
找到/elasticsearch/bin目录
#cd /var/elasticsearch-5.x/bin
#./elasticsearch –d
6.关闭ES
#ps –ef|grep elasticsearch
#kill -9 -…
ps.启动过程中会出现error,解决方法如下
1、机器内剩余内存较少,会启动失败,并且有类似如下报错:
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x000000008a660000, 1973026816, 0) failed; error=’Cannot allocate memory’ (errno=12)
这是因为es的jvm参数-Xmx和-Xms默认都为2G
修改config下的jvm.option文件
# vim elasticsearch/elasticsearch-5.5.1/config/jvm.opstions
将
-Xms2g
-Xmx2g
改为
-Xms1g
-Xmx1g
或更小
-Xms512M
-Xmx512M
再次启动即可
2、启动的时候出现:
1、
ERROR: bootstrap checks failed
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk…
问题原因:因为Centos6不支持SecComp,而ES5.x.x默认bootstrap.system_call_filter为true进行检测,所以导致检测失败,失败后直接导致ES不能启动。详见 :https://github.com/elastic/elasticsearch/issues/22899
解决方法:在elasticsearch.yml中配置bootstrap.system_call_filter为false,注意要在Memory下面:
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
2、(遇到的几率比较大)
ERROR: bootstrap checks failed
max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]
max number of threads [1024] for user [lishang] likely too low, increase to at least [2048]
解决方法:切换到root用户,编辑limits.conf 添加类似如下内容
#vim /etc/security/limits.conf
添加如下内容:
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
3、
max number of threads [1024] for user [lish] likely too low, increase to at least [2048]
解决方法:切换到root用户,进入limits.d目录下修改配置文件。
#vim /etc/security/limits.d/90-nproc.conf
修改如下内容:
* soft nproc 1024
修改为
* soft nproc 2048
4、
max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
解决方法:切换到root用户修改配置sysctl.conf
#vim /etc/sysctl.conf
添加下面配置:
vm.max_map_count=655360
并执行命令:
#sysctl -p
然后,再启动elasticsearch,即可启动成功。
二、logstash安装步骤
1.解压缩后在/logstash/目录下新建一个 .conf文件,用来配置输入输出语句,我这里使用logstash的是postgre(oracle、mysql等)与elasticsearch同步数据,这里贴出配置片段
input {
jdbc {
jdbc_driver_library => "D:/logstash-5.6.2/postgresql-9.4-1204.jdbc4.jar"
jdbc_driver_class => "org.postgresql.Driver"
jdbc_connection_string => "jdbc:postgresql://localhost:5432/postgres"
jdbc_user => "postgres"
jdbc_password => "postgres"
jdbc_paging_enabled => "true"
use_column_value => true
tracking_column => id
jdbc_page_size => "50000"
schedule => "* * * * *"
statement_filepath => "D:/logstash-5.6.2/template/xxx.sql"
}
}
output {
elasticsearch {
hosts => "localhost:9200"
sniffing => true
index => "jdbc"
document_type => "jdbc"
template_overwrite => true
template => "D:/logstash-5.6.2/template/es.json"
}
}jdbc_driver_library :postgre-jdbc的jar包
use_column_value :监控值改变
tracking_column :监控的字段
schedule :多长时间同步一次,这里是一分钟一次
statement_filepath :同步sql的路径,就一个查询的sql文件
template : elastcisearch动态模板,在logstash下新建文件夹,然后新建文件 xxx.json,下面贴出模板片段
{
"template" : "jdbc",
"settings" : {
"index.number_of_shards" : 5,
"index.number_of_replicas" : 1,
"index.refresh_interval" : "5s",
"index": {
"analysis": {
"analyzer": {
"ik_smart": { "type": "custom", "tokenizer": "ik_smart" },
"ik": { "type": "custom", "tokenizer": "ik_max_word" } }
}
}
},
"mappings" : {
"_default_" : {
"_all" : {
"enabled" : true,
"norms" : false
},
"dynamic_templates" : [
{
"question_field" : {
"path_match" : "question",
"match_mapping_type" : "string",
"mapping" : { "type" : "text", "analyzer" : "ik", "norms" : false }}
},
{
"answer_field" : {
"path_match" : "answer",
"match_mapping_type" : "string",
"mapping" : { "type" : "text", "analyzer" : "ik", "norms" : false }}
},
{
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : { "type" : "text", "norms" : false, "fields" : { "keyword" : { "type" : "keyword" } } } }
}
],
"properties" : {
"@timestamp" : {
"type" : "date",
"include_in_all" : false },
"@version" : {
"type" : "keyword",
"include_in_all" : false }
}
}
}
}都配置好后,启动logstash,该sql就会自动从postgres数据库中同步到elasticsearch中了
启动logstash的linux方法如下
cd /logstash-5.6.2/bin
nohup logstash -f /logstash-5.6.2/xxx.conf &>/dev/null &三、kibana安装步骤
1.解压缩后找到/kibana/config下kibana.yml文件,打开修改
server.port: 5601
server.host: "127.0.0.1"
elasticsearch.url: "http://127.0.0.1:9200"2.然后找到/kibana/bin下
#cd /kibana/bin
#./bin/kibana &
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
