一.elasticsearch
官网地址:
1.安装
[root@cluster136 elk]# mkdir /opt/elk && cd /opt/elk[root@cluster136 elk]# wget https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.1.1/elasticsearch-2.1.1.tar.gz
2.root用户启动报错
[root@cluster136 bin]# ./elasticsearch -d[root@cluster136 bin]# Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root. at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:93) at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:144) at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285) at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)Refer to the log for complete error details.
说明:为了安全起见,elastic search禁止已root用户启动该进程.
解决:
建议创建一个单独的用户用来运行ElasticSearch
创建elsearch用户组及elsearch用户
groupadd elsearchuseradd elsearch -g elsearch -p elasticsearch
更改elasticsearch文件夹及内部文件的所属用户及组为elsearch:elsearch
3.优化
(1)vi /etc/sysconfig/elasticsearch
ES_MIN_MEM=256m > ES_MIN_MEM=8g
ES_MAX_MEM=1g > ES_MAX_MEM=8g
(2)监听地址,默认监听127.0.0.1,如果不改,logstash无法连接elasticsearch.
vi elasticsearch.ymlnetwork.host: 192.168.0.136
4.启动elasticsearch
su elsearch/opt/elk/elasticsearch/bin/elasticsearch -d
二.logstash
官网地址:
1.导入GPG-KEY
[root@cluster139 elk]:
2.建立/etc/yum.repo.d/logstash.repo
cat > /etc/yum.repo.d/logstash.repo << EOF
[logstash-2.0]name=Logstash repository for 2.0.x packagesbaseurl=http://packages.elastic.co/logstash/2.0/centosgpgcheck=1gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF
3.安装logstash
[root@cluster139 elk]: yum install logstash -y
三.kibana
(1)下载
mkdir /opt/elk && wget https://download.elastic.co/kibana/kibana/kibana-4.3.1-linux-x64.tar.gzln -sv /opt/elk/kibana-4.3.1 /opt/elk/kibana
(2)更改kibana配置文件,连接elasticsearch
vi /opt/elk/kibana/config/kibana.ymlelasticsearch.url: "http://192.168.0.136:9200"
(3)启动kibana
/opt/elk/kibana serve