欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

elastic stack(一)软件安装启动

程序员文章站 2024-01-19 17:29:46
...

版本:elasticsearch 7.8.0、logstash 7.8.0、kibana 7.8.0(官网下载)   jdk 11

elk的启动账号(必须以非root账号启动)

  • 1、检查本地jdk版本是匹配
java -version

 本地jdk环境是1.8(项目需求),此时需要在jdk中重新指定jdk版本

进入elasticsearch下bin目录的启动文件elasticsearch,配置如下:

#!/bin/bash

# CONTROLLING STARTUP:
#
# This script relies on a few environment variables to determine startup
# behavior, those variables are:
#
#   ES_PATH_CONF -- Path to config directory
#   ES_JAVA_OPTS -- External Java Opts on top of the defaults set
#
# Optionally, exact memory values can be set using the `ES_JAVA_OPTS`. Example
# values are "512m", and "10g".
#
#   ES_JAVA_OPTS="-Xms8g -Xmx8g" ./bin/elasticsearch
# 指定jdk11
export JAVA_HOME=/gfkdata/elk/jdk-11.0.8
export PATH=$JAVA_HOME/bin:$PATH

source "`dirname "$0"`"/elasticsearch-env

CHECK_KEYSTORE=true
DAEMONIZE=false
for option in "aaa@qq.com"; do
  case "$option" in
    -h|--help|-V|--version)
      CHECK_KEYSTORE=false
      ;;
    -d|--daemonize)
      DAEMONIZE=true
      ;;
  esac
done

if [ -z "$ES_TMPDIR" ]; then
  ES_TMPDIR=`"$JAVA" "$XSHARE" -cp "$ES_CLASSPATH" org.elasticsearch.tools.launchers.TempDirectory`
fi

# get keystore password before setting java options to avoid
# conflicting GC configurations for the keystore tools
unset KEYSTORE_PASSWORD
KEYSTORE_PASSWORD=
if [[ $CHECK_KEYSTORE = true ]] \
    && bin/elasticsearch-keystore has-passwd --silent
then
  if ! read -s -r -p "Elasticsearch keystore password: " KEYSTORE_PASSWORD ; then
    echo "Failed to read keystore password on console" 1>&2
    exit 1
  fi
fi

# The JVM options parser produces the final JVM options to start Elasticsearch.
# It does this by incorporating JVM options in the following way:
#   - first, system JVM options are applied (these are hardcoded options in the
#     parser)
#   - second, JVM options are read from jvm.options and jvm.options.d/*.options
#   - third, JVM options from ES_JAVA_OPTS are applied
#   - fourth, ergonomic JVM options are applied
ES_JAVA_OPTS=`export ES_TMPDIR; "$JAVA" "$XSHARE" -cp "$ES_CLASSPATH" org.elasticsearch.tools.launchers.JvmOptionsParser "$ES_PATH_CONF"`

# 添加jdk判断
if [ -x "$JAVA_HOME/bin/java" ]; then
        JAVA="/gfkdata/elk/jdk-11.0.8/bin/java"
else
        JAVA=`which java`
fi

# manual parsing to find out, if process should be detached
if [[ $DAEMONIZE = false ]]; then
  exec \
    "$JAVA" \
    "$XSHARE" \
    $ES_JAVA_OPTS \
    -Des.path.home="$ES_HOME" \
    -Des.path.conf="$ES_PATH_CONF" \
    -Des.distribution.flavor="$ES_DISTRIBUTION_FLAVOR" \
    -Des.distribution.type="$ES_DISTRIBUTION_TYPE" \
    -Des.bundled_jdk="$ES_BUNDLED_JDK" \
    -cp "$ES_CLASSPATH" \
    org.elasticsearch.bootstrap.Elasticsearch \
    "aaa@qq.com" <<<"$KEYSTORE_PASSWORD"
else
  exec \
    "$JAVA" \
    "$XSHARE" \
    $ES_JAVA_OPTS \
    -Des.path.home="$ES_HOME" \
    -Des.path.conf="$ES_PATH_CONF" \
    -Des.distribution.flavor="$ES_DISTRIBUTION_FLAVOR" \
    -Des.distribution.type="$ES_DISTRIBUTION_TYPE" \
    -Des.bundled_jdk="$ES_BUNDLED_JDK" \
    -cp "$ES_CLASSPATH" \
    org.elasticsearch.bootstrap.Elasticsearch \
    "aaa@qq.com" \
    <<<"$KEYSTORE_PASSWORD" &
  retval=$?
  pid=$!
  [ $retval -eq 0 ] || exit $retval
  if [ ! -z "$ES_STARTUP_SLEEP_TIME" ]; then
    sleep $ES_STARTUP_SLEEP_TIME
  fi
  if ! ps -p $pid > /dev/null ; then
    exit 1
  fi
  exit 0
fi

exit $?

                                                                                                                                                                                                                     
                                                                                                                                                                                                                  

elasticsearch相关配置

config/elasticsearch.yml        主配置文件

config/jvm.options                 jvm参数配置文件

config/log4j2.properties         日志配置文件

 

1、修改config目录下elasticsearch.yml配置文件(单机搭建)

####集群名称
cluster.name: my-application
####节点名称
node.name: node-1

#### 是否可以成为master节点
#node.master: true
# 是否允许该节点存储数据,默认开启
#node.data: true

####服务ip(支持外网访问)
network.host: 0.0.0.0
####服务端口(默认对外9200)
http.port: 9200

#### 支持跨域访问
#http.cors.enabled: true
#http.cors.allow-origin: "*"


####提供群集中可以成为master
discovery.seed_hosts: ["127.0.0.1"]

####手动指定可成为master的所有节点的name或者ip,这些配置将会在第一次选举中进行计算
cluster.initial_master_nodes: ["127.0.0.1:9300"]

2、更改默认内存配置(默认内存大小1个G)

-Xms256m
-Xmx256m

3、启动报错:max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决方法:

vi /etc/sysctl.conf
vm.max_map_count=262144

####修改完 执行以下命令使之生效
sysctl -p

4、启动elasticsearch,bin目录下:./elasticsearch

elastic stack(一)软件安装启动

5、访问启动是否成功 curl http://localhost:9200 (出现下图表示启动成功)

 elastic stack(一)软件安装启动

logstash相关配置

在config目录下创建自定义配置文件myes.conf,内容如下

nput{
        # 从文件读取日志信息、输送到控制台,以json格式输出
        file{
                path => "/var/log/messages"
                codec =>"json"
                type =>"system"
                start_position =>"beginning"
        }
}

#filter{
#
#}

output{
        # 标准输出
        # stdout{}
        # 输出进行格式化、采用Ruby库来解析日志
        stdout{
                codec=>rubydebug
        }
        elasticsearch{
                ###此处是elasticsearch的ip
                hosts =>"127.0.0.1:9200"
                ##根据每天创建索引
                index =>"system-%{+YYYY.MM.dd}"
        }
}

启动logstash:

启动指定配置文件: ./logstash -f ../config/myes.conf

logstash启动失败时,进入data目录删除.lock文件,重启

查询: ls -alh
删除.lock: rm .lock

kibana相关配置

进入config目录下

####端口
server.port: 5601
####服务ip支持外网访问
server.host: "0.0.0.0"
####服务名称
server.name: "mykibana"
####查询的elasticsearch实例的url
elasticsearch.hosts: ["http://localhost:9200"]

启动kibana,bin目录下 ./kibana

访问url :http://ip:9200/status   或者http://ip:5601/app/kibana

elastic stack(一)软件安装启动

至此,elk单击环境搭建好

相关标签: elastic stack