ELK日志分析系统

最新推荐文章于 2023-07-06 14:05:53 发布
最新推荐文章于 2023-07-06 14:05:53 发布
阅读量522 收藏 1
点赞数 1
文章标签: linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_52623251/article/details/114169379
版权

一、基础环境配置

1、环境准备
规划3个节点,其中1个作为主节点,2个作为数据节点:
在这里插入图片描述
2. 修改主机名(三台都修改)

[root@localhost ~]# hostnamectl set-hostname elk-1
[root@localhost ~]# bash
[root@elk-1 ~]#
  1. 配置hosts文件(三台都修改)
[root@elk-1 ~]# vi /etc/hosts
192.168.200.10 elk-1
192.168.200.40 elk-2
192.168.200.90 elk-3

[root@elk-1 ~]# ping elk-2
PING elk-2 (192.168.200.40) 56(84) bytes of data.
64 bytes from elk-2 (192.168.200.40): icmp_seq=1 ttl=64 time=0.990 ms
64 bytes from elk-2 (192.168.200.40): icmp_seq=2 ttl=64 time=0.650 ms
64 bytes from elk-2 (192.168.200.40): icmp_seq=3 ttl=64 time=0.738 ms
64 bytes from elk-2 (192.168.200.40): icmp_seq=4 ttl=64 time=0.758 ms
^C
--- elk-2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3007ms
rtt min/avg/max/mdev = 0.650/0.784/0.990/0.125 ms
[root@elk-1 ~]# ping elk-3
  1. 安装JDK(三台都安装)
[root@elk-1 ~]#  yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel
[root@elk-1 ~]# java -version     检查jdk版本
openjdk version "1.8.0_65"
OpenJDK Runtime Environment (build 1.8.0_65-b17)
OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode)
[root@elk-1 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

错误一
[root@elk-1 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
curl: (6) Could not resolve host: artifacts.elastic.co; Unknown error
error: https://artifacts.elastic.co/GPG-KEY-elasticsearch: import read failed(2).

[root@elk-1 ~]# vi /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
错误二
[root@elk-2 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
curl: (35) TCP connection reset by peer
error: https://artifacts.elastic.co/GPG-KEY-elasticsearch: import read failed(2).
更新curl
[root@elk-2 ~]# yum update curl
Updated:
  curl.x86_64 0:7.29.0-59.el7_9.1                                                                                                     

Dependency Updated:
  libcurl.x86_64 0:7.29.0-59.el7_9.1               libssh2.x86_64 0:1.8.0-4.el7              nspr.x86_64 0:4.25.0-2.el7_9             
  nss.x86_64 0:3.53.1-3.el7_9                      nss-pem.x86_64 0:1.0.3-7.el7              nss-softokn.x86_64 0:3.53.1-6.el7_9      
  nss-softokn-freebl.x86_64 0:3.53.1-6.el7_9       nss-sysinit.x86_64 0:3.53.1-3.el7_9       nss-tools.x86_64 0:3.53.1-3.el7_9        
  nss-util.x86_64 0:3.53.1-1.el7_9                

Complete!
错误三
[root@elk-2 ~]#  rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
curl: (60) Peer's Certificate has expired.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
error: https://artifacts.elastic.co/GPG-KEY-elasticsearch: import read failed(2).
修改一下日期
[root@elk-2 ~]# date
Thu Nov 26 11:29:33 CST 2020
[root@elk-2 ~]# date -s "2021-02-21 14:22:30"
Sun Feb 21 14:22:30 CST 2021
[root@elk-2 ~]# date
Sun Feb 21 14:22:34 CST 2021

修改配置文件

[root@elk-1 ~]# vi /etc/yum.repos.d/elastic.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[root@elk-1 ~]# yum list | grep elasticsearch
[root@elk-1 ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base elasticsearch-6.x extras updates
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
[root@elk-1 ~]# yum repolist
Loaded plugins: fastestmirror
base                                                                                                           | 3.6 kB  00:00:00     
elasticsearch-6.x                                                                                              | 1.3 kB  00:00:00     
extras                                                                                                         | 2.9 kB  00:00:00     
updates                                                                                                        | 2.9 kB  00:00:00     
(1/5): elasticsearch-6.x/primary                                                                               | 267 kB  00:00:03     
(2/5): base/7/x86_64/group_gz                                                                                  | 153 kB  00:00:06     
(3/5): extras/7/x86_64/primary_db                                                                              | 225 kB  00:00:06     
(4/5): base/7/x86_64/primary_db                                                                                | 6.1 MB  00:00:13     
(5/5): updates/7/x86_64/primary_db                                                                             | 5.6 MB  00:00:13     
Determining fastest mirrors
 * base: mirrors.bfsu.edu.cn
 * extras: mirrors.bfsu.edu.cn
 * updates: mirrors.bfsu.edu.cn
elasticsearch-6.x                                                                                                             728/728
repo id                                             repo name                                                                   status
base/7/x86_64                                       CentOS-7 - Base                                                             10,072
elasticsearch-6.x                                   Elasticsearch repository for 6.x packages                                      728
extras/7/x86_64                                     CentOS-7 - Extras                                                              453
updates/7/x86_64                                    CentOS-7 - Updates                                                           1,640
repolist: 12,893

安装Elasticserach(三台都安装)

[root@elk-1 ~]# yum install -y elasticsearch    (可以不执行这一步)
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.tuna.tsinghua.edu.cn
 * extras: mirrors.tuna.tsinghua.edu.cn
 * updates: mirrors.bfsu.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package elasticsearch.noarch 0:6.8.14-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================
 Package                          Arch                      Version                        Repository                            Size
======================================================================================================================================
Installing:
 elasticsearch                    noarch                    6.8.14-1                       elasticsearch-6.x                    142 M

Transaction Summary
======================================================================================================================================
Install  1 Package

Total download size: 142 M
Installed size: 229 M
Downloading packages:
elasticsearch-6.8.14.rpm                                                                                       | 142 MB  00:02:07     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Creating elasticsearch group... OK
Creating elasticsearch user... OK
  Installing : elasticsearch-6.8.14-1.noarch                                                                                      1/1 
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service
Created elasticsearch keystore in /etc/elasticsearch
  Verifying  : elasticsearch-6.8.14-1.noarch                                                                                      1/1 

Installed:
  elasticsearch.noarch 0:6.8.14-1                                                                                                     

Complete!

二、Elasticserach安装

1、安装Elasticserach
从百度下载压缩包,通过FX上传到本地
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm

或:

[root@elk-1 ~]# yum install wget -y
[root@elk-1 ~]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm
Unable to establish SSL connection.    报错
[root@elk-1 ~]#  wget --no-check-certificate https://nodejs.org/dist/v11.2.0/node-v11.2.0.tar.gz
--2020-11-26 16:56:26--  https://nodejs.org/dist/v11.2.0/node-v11.2.0.tar.gz
Resolving nodejs.org (nodejs.org)... 104.20.22.46, 104.20.23.46, 2606:4700:10::6814:172e, ...
Connecting to nodejs.org (nodejs.org)|104.20.22.46|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 36508574 (35M) [application/gzip]
Saving to: ‘node-v11.2.0.tar.gz’

100%[============================================================================================>] 36,508,574   297KB/s   in 4m 44s 

2020-11-26 17:01:13 (125 KB/s) - ‘node-v11.2.0.tar.gz’ saved [36508574/36508574]

使用scp进行拷贝

[root@elk-1 ~]# scp elasticsearch-6.0.0.rpm elk-2:/root/
The authenticity of host 'elk-2 (192.168.200.40)' can't be established.
ECDSA key fingerprint is SHA256:jK8pJtGwHwXaNmq2NwcnBX+1J0AD6CvBLoPgeEXycM8.
ECDSA key fingerprint is MD5:5a:28:9b:9c:25:6d:42:2a:7d:9a:f1:34:96:f1:e8:dd.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'elk-2,192.168.200.40' (ECDSA) to the list of known hosts.
root@elk-2's password: 
elasticsearch-6.0.0.rpm                                                                             100%   27MB  29.8MB/s   00:00  
[root@elk-1 ~]# scp elasticsearch-6.0.0.rpm elk-3:/root/
root@elk-3's password: 
elasticsearch-6.0.0.rpm                                                                             100%   27MB  29.8MB/s   00:01  

elk-2节点查看是否复制过去
[root@elk-2 ~]# ls
anaconda-ks.cfg  elasticsearch-6.0.0.rpm

使用rpm命令进行安装(三台都安装)

[root@elk-1 ~]# rpm -ivh elasticsearch-6.0.0.rpm
Preparing...                          ################################# [100%]
        package elasticsearch-0:6.8.14-1.noarch (which is newer than elasticsearch-0:6.0.0-1.noarch) is already installed
        file /etc/elasticsearch/elasticsearch.yml from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /etc/elasticsearch/jvm.options from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /etc/elasticsearch/log4j2.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /etc/init.d/elasticsearch from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /etc/sysconfig/elasticsearch from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/bin/elasticsearch from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /var/lib/elasticsearch from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /var/log/elasticsearch from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/lib/systemd/system/elasticsearch.service from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/LICENSE.txt from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/NOTICE.txt from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/README.textile from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/bin/elasticsearch-env from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/bin/elasticsearch-keystore from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/bin/elasticsearch-plugin from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/bin/elasticsearch-translog from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/aggs-matrix-stats/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/analysis-common/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/ingest-common/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/lang-expression/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/lang-mustache/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/lang-painless/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/parent-join/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/percolator/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/reindex/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/repository-url/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/transport-netty4/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/tribe/plugin-descriptor.properties from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/lang-painless/plugin-security.policy from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/reindex/plugin-security.policy from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
        file /usr/share/elasticsearch/modules/transport-netty4/plugin-security.policy from install of elasticsearch-0:6.0.0-1.noarch conflicts with file from package elasticsearch-0:6.8.14-1.noarch
       
[root@elk-1 ~]# rpm -ql elasticsearch
/etc/elasticsearch
/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/jvm.options
/etc/elasticsearch/log4j2.properties
/etc/elasticsearch/role_mapping.yml
/etc/elasticsearch/roles.yml
/etc/elasticsearch/users
/etc/elasticsearch/users_roles
/etc/init.d/elasticsearch
/etc/sysconfig/elasticsearch
/usr/lib/sysctl.d/elasticsearch.conf
/usr/lib/systemd/system/elasticsearch.service
/usr/lib/tmpfiles.d/elasticsearch.conf
/usr/share/elasticsearch/LICENSE.txt
/usr/share/elasticsearch/NOTICE.txt
/usr/share/elasticsearch/README.textile
/usr/share/elasticsearch/bin
/usr/share/elasticsearch/bin/elasticsearch

[root@elk-1 ~]# vi /etc/sysconfig/elasticsearch 
################################
# Elasticsearch
################################

# Elasticsearch home directory
#ES_HOME=/usr/share/elasticsearch

# Elasticsearch Java path
#JAVA_HOME=

# Elasticsearch configuration directory
ES_PATH_CONF=/etc/elasticsearch      看一下就可以

# Elasticsearch PID directory
#PID_DIR=/var/run/elasticsearch

# Additional Java OPTS
#ES_JAVA_OPTS=

# Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true

################################
# Elasticsearch service
################################

# SysV init.d
#
# The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5

################################
# System properties
################################

2、配置Elasticserach
elk-1节点:
配置文件:vi /etc/elasticsearch/elasticsearch.yml

# ---------------------------------- Cluster -----------------------------------
#cluster.name: my-application
cluster.name: elk    
//配置es的集群名称,默认是elasticsearch,es会自动发现在同一网段下的es,如果在同一网段下有多个集群,就可以用这个属性来区分不同的集群

# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
node.name: elk-1
//节点名,默认随机指定一个name列表中名字,该列表在es的jar包中config文件夹里name.txt文件中,其中有很多作者添加的有趣名字
node.master: true
//指定该节点是否有资格被选举成为node,默认是true,es是默认集群中的第一台机器为master,如果这台机挂了就会重新选举master。 其他两节点为false
node.data: false  
//指定该节点是否存储索引数据,默认为true。其他两节点为true   

# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 192.168.200.10
//设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0
http.port: 9200
//启动的es对外访问的http端口,默认9200

# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
//索引数据存储位置(保持默认,不要开启注释)
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
//设置日志文件的存储路径,默认是es根目录下的logs文件夹

# --------------------------------- Discovery ----------------------------------
discovery.zen.ping.unicast.hosts: ["elk-1", "elk-2","elk-3"]
//设置集群中master节点的初始列表,可以通过这些节点来自动发现新加入集群的节点

[root@elk-1 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.10  elk-1
192.168.200.40  elk-2
192.168.200.90  elk-3
[root@elk-1 ~]# 
[root@elk-1 ~]# scp /etc/elasticsearch/elasticsearch.yml elk-2:/etc/elasticsearch 
root@elk-2's password: 
elasticsearch.yml                                                                                   100% 3036     1.0MB/s   00:00 
[root@elk-1 ~]# scp /etc/elasticsearch/elasticsearch.yml elk-3:/etc/elasticsearch 
root@elk-3's password: 
elasticsearch.yml                                                                                   100% 3036     1.0MB/s   00:00

elk-2节点:

[root@elk-2 ~]# vi /etc/elasticsearch/elasticsearch.yml
cluster.name: ELK
node.name: elk-2
node.master: false
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.40.12
http.port: 9200
discovery.zen.ping.unicast.hosts: ["elk-1","elk-2","elk-3"]

elk-3节点:

[root@elk-3 ~]# vi /etc/elasticsearch/elasticsearch.yml 
[root@elk-3 ~]# cat /etc/elasticsearch/elasticsearch.yml |grep -v ^# |grep -v ^$
cluster.name: ELK
node.name: elk-3
node.master: false
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 192.168.200.90
http.port: 9200
discovery.zen.ping.unicast.hosts: ["elk-1","elk-2","elk-3"]
  1. 启动服务

先关闭防火墙,再启动es (三个节点都需要)

[root@elk-2 ~]# systemctl stop firewalld.service && setenforce 0 && iptables -F        
[root@elk-2 ~]# systemctl start elasticsearch

使用ps命令查看进程是否存在

[root@elk-1 ~]#  ps -ef |grep elasticsearch
elastic+  21348      1 48 16:15 ?        00:01:39 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.io.tmpdir=/tmp/elasticsearch-7318904054478436984 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/log/elasticsearch/gc.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=32 -XX:GCLogFileSize=64m -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -Des.distribution.flavor=default -Des.distribution.type=rpm -cp /usr/share/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -p /var/run/elasticsearch/elasticsearch.pid --quiet
elastic+  21410  21348  0 16:15 ?        00:00:00 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
root      21445  12789  0 16:18 pts/0    00:00:00 grep --color=auto elasticsearch

使用netstat命令查看是否端口启动
[root@elk-1 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1098/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1471/master         
tcp6       0      0 192.168.200.10:9200     :::*                    LISTEN      21348/java          
tcp6       0      0 192.168.200.10:9300     :::*                    LISTEN      21348/java          
tcp6       0      0 :::22                   :::*                    LISTEN      1098/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      1471/master 
有以上端口或者进程存在,证明es服务启动成功
  1. 检测集群状态
    健康检查
[root@elk-1 ~]# curl '192.168.200.10:9200/_cluster/health?pretty' 
{
  "cluster_name" : "elk",         
  "status" : "green",        
   //为green则代表健康没问题,yellow或者red	则是集群有问题
  "timed_out" : false,
   //是否有超时
  "number_of_nodes" : 2,
  //集群中的节点数量
  "number_of_data_nodes" : 1,
   //集群中data节点的数量
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

集群详细信息

[root@elk-1 ~]# curl '192.168.200.10:9200/_cluster/state?pretty'
Larissa @_@
关注
ELK安装 – 安装es报错解决方式
qq_51085767的博客
03-03 1227
[root@elk-1 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch [root@elk-1 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch curl: (35) TCP connection reset by peer error: https://artifacts.elastic.co/GPG-KEY-elasticsear
elasticsearch 安装中遇到的坑
qq_26766305的博客
12-27 1314
1 . 下载   https://www.elastic.co/downloads/elasticsearch   cd /usr/local/      mkdir elk  cd /usr/local/elk    上传   elasticsearch-5.1.1.tar.gz 2 tar -zxvf    elasticsearch-5.1.1.tar.gz cd   elastic
Zabbix分布式监控实战
weixin_44611826的博客
05-10 1019
CentOS 7.9 部署 Zabbix 5.0 分布式监控系统 server + proxy + agent2
FileBeat+ELK的搭建(v7.11.2)
qq_43753178的博客
04-16 488
FileBeat+ELK的搭建(v7.11.2) 架构图: [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-DDM3s11p-1618543273133)(C:\Users\Administrator\Pictures\elk\Filebeat+ELK架构.png)] JDK的安装: 在安装es之前必须安装jdk,我这里安装jdk-11.0.1; 下载地址:https://jdk.java.net/archive/ jdk11与之前版本不同,安装好的文件夹里没有jre文件,环境
学习ELK日志分析系统
qq_50981675的博客
02-21 531
安装ELK 一、准备环境 三个节点都执行以下操作 例如,elk-1节点 1、修改主机名 [root@localhost ~]# hostnamectl set-hostname elk-1 [root@localhost ~]# bash [root@elk-1 ~]# 2、添加映射 [root@elk-1 ~]# vi /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::
Centos7下搭建ELK日志分析系统
11-02
【Centos7下搭建ELK日志分析系统ELK栈是日志管理和分析的强大工具,由Elasticsearch、Logstash、Kibana三个组件组成。Elasticsearch是一个分布式的实时搜索和分析引擎,用于存储、分析和检索大量数据。Logstash...
ELK日志分析系统搭建
05-01
### ELK日志分析系统搭建详解 #### 一、ELK简介 ELK栈是由Elasticsearch、Logstash和Kibana三个组件组成的开源日志分析解决方案。它们各自承担着不同的角色,在一起协同工作,形成了高效的数据处理流程。 1. **...
万恶之源:Could not resolve host
最新发布
我是你大爷
07-06 9084
万恶之源:Could not resolve host
安装部署filebeat
宫商角徵羽的徵の博客
04-26 345
在需要采集日志的机器上安装filebeat 下载filebeat cd /usr/local/ curl -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.6.3-linux-x86_64.tar.gz 但是使用上述curl指令时候会报错Could not resolve host:artifacts.elas...
elasticsearch centos7 安装过程及问题处理
杜继恒的博客
03-15 888
本文是我在centos7的虚拟上安装的。我把我安装的过程以及遇到的问题和解决办法记录下来,如下。 注意:rpm 包不支持centos5 和sles11,这两个版本的可以用.zip 和.tar.gz安装方式 这个es数据库在配置elastic证书下是可以免费试用的,它包含了开源和免费的商业特性,和访问收费的商业特性,可以开始为期30天的免费试用 最新版本访问:https://www.elast...
Elasticsearch5.5.2版本部署中的问题-01
十里平湖的博客
08-24 9379
参考: http://www.cnblogs.com/kevingrace/p/5919021.html http://www.cnblogs.com/xing901022/p/6030296.html之前装过2.X版本,里面的elasticsearch-head组件是集成到版本里的,今天装的5.5.2版本,发现没有elasticsearch-head组件,需要单独安装,安装过程中遇到一些错误,
小记安装ElasticSearch遇到的小坑
weixin_34168700的博客
11-02 580
前言: 今天突然想试试使用es,就屁颠屁颠的上官网,看着有三种方法可以安装,因为我的环境是Ubuntu16.04,所以选择了deb方式里面的APT进行安装. 确认有没有安装JAVA zff@zff-V5:~$ echo $JAVA_HOME /usr/local/java/jdk1.8.0_101 sudo apt-get instal...
安装ElasticSearch过程遇到的坑
勤能补拙
07-13 3652
采用默认安装时是可以成功安装的,但是只能在本机通过127.0.0.1:9200访问,修改: network.host: 为本机IP后,启动报错。elasticsearch 5.3 安装过程中遇到了一些问题,这里简单记录一下 。问题一:警告提示[2016-11-06T16:27:21,712][WARN ][o.e.b.JNANatives ] unable to install syscall fi
elasticsearch5.* yum或者rpm部署 应该注意事项
weixin_33690367的博客
03-08 211
1.yum 部署 rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch cd /etc/yum.repos.d/ vim elasticsearch.repo [elasticsearch-5.x] name=Elasticsearch repository for 5.x packages baseurl=https:/...
elasticsearch:Could not resolve host解方法
热门推荐
long243416336的专栏
01-09 2万+
在window的cmd窗口下,按照教程输入如下命令: curl -XPOST 'localhost:9200/books/solr/1' -d '{"title":"Apache Solr 4 Cookbook", "published": 2012}' 发现报错,报错信息如下: curl: (6) Could not resolve host: 'localhost curl: (6) C
手把手教你搭建ELK日志分析系统
"快速搭建ELK日志分析系统,包括Elasticsearch、Logstash和Kibana的核心组件,用于日志收集、分析和可视化。Elasticsearch是一个强大的搜索和分析引擎,Logstash处理各种日志源,而Kibana则提供图形化界面。" 在...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值