1.前置工作
1.虚拟机环境简介
Linux版本:Linux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
ip地址:192.168.1.4(虚拟机Nat配置可参考我的CSDN博客https://blog.csdn.net/yanshaoshuai/article/details/97689891)
Java环境:java 12.0.2(java环境安装可以参考我的CSDN博客https://blog.csdn.net/yanshaoshuai/article/details/87868286)
2.用户及权限配置
由于ELK产品不能以root用户运行,所以要先创建一个普通用户,并且最低要给予该用户你运行程序目录的执行权限,以及配置文件的修改权限和运行程序中产生文件的读写权限等。
#创建用户和组
[root@localhost gz]# groupadd es_group [root@localhost gz]# useradd es_user [root@localhost gz]# passwd es_user Changing password for user es_user. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully.
#把用户添加到组 [root@localhost gz]# usermod -g es_group es_user
#更改目录所有者为新用户
[root@localhost es]# chown -R es_user:es_group /opt/es
2.Elasticsearch 7.2版本安装配置
下载链接:https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.2.0-linux-x86_64.tar.gz
解压:切换到前面创建的es_user用户执行下面命令
[es_user@localhost es]$ tar -xzvf ./gz/elasticsearch-7.2.0-linux-x86_64.tar.gz -C .
切换到root用户修改elasticsearch配置文件:
[root@localhost ~]# vim /opt/es/elasticsearch-7.2.0/config/elasticsearch.yml #配置文件内容 # Path to directory where to store the data (separate multiple locations by comma): # path.data: /opt/es/elasticsearch-7.2.0/data # # Path to log files: # path.logs: /opt/es/elasticsearch-7.2.0/logs # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 192.168.1.4 # # Set a custom port for HTTP: # http.port: 9200 # Bootstrap the cluster using an initial set of master-eligible nodes: # cluster.initial_master_nodes: ["192.168.1.4"]
切换到es_user用户启动Elasticsearch:
./elasticsearch-7.2.0/bin/elasticsearch
启动报错及处理:
ES启动三个报错的处理
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2]: max number of threads [3829] for user [elk] is too low, increase to at least [4096]
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
在root用户下修改下面文件内容
最大文件打开数调整/etc/security/limits.conf
* - nofile 65536
最大打开进程数调整/etc/security/limits.d/20-nproc.conf
* - nproc 10240
内核参数调整 /etc/sysctl.conf
vm.max_map_count = 262144
修改完毕后再次启动即可。
启动成功测试:
[root@localhost ~]# curl 192.168.1.4:9200 { "name" : "localhost.localdomain", "cluster_name" : "elasticsearch", "cluster_uuid" : "0cwX-EgVR8W-61tlZV7cXg", "version" : { "number" : "7.2.0", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "508c38a", "build_date" : "2019-06-20T15:54:18.811730Z", "build_snapshot" : false, "lucene_version" : "8.0.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }
后台启动加上 -d 参数即可
3.Kinaba 7.2版本安装配置
下载链接:https://artifacts.elastic.co/downloads/kibana/kibana-7.2.0-linux-x86_64.tar.gz
解压:切换到前面创建的es_user用户执行下面命令
tar -xzvf ./gz/kibana-7.2.0-linux-x86_64.tar.gz -C ./
修改Kibana配置文件:
vim ./kibana-7.2.0-linux-x86_64/config/kibana.yml #配置文件内容 # Kibana is served by a back end server. This setting specifies the port to use. server.port: 5601 # To allow connections from remote users, set this parameter to a non-loopback address. server.host: "192.168.1.4" # The URLs of the Elasticsearch instances to use for all your queries. elasticsearch.hosts: ["http://192.168.1.4:9200"]
防火墙对外开放5601端口:
[root@localhost ~]# firewall-cmd --zone=public --add-port=5601/tcp --permanent success [root@localhost ~]# firewall-cmd --reload success
启动kibana:
./kibana-7.2.0-linux-x86_64/bin/kibana
远程访问kibana:
在浏览器输入192.168.1.4:5601回车即可访问到kibana
选择Explore on my own点击最下方箭头展开kibana选项卡,然后选择Dev Tools-->Console即可在kibana上操作ES了。
ES简单操作:
# 获取所有索引数据 GET _search { "query": { "match_all": {} } } # 查询索引下所有数据 GET /shijiange/_doc/_search?q=* # 删除索引 DELETE /shijiange # 添加索引数据(若无索引会创建索引) PUT /shijiange/_doc/1 { "name":"yanshaoshuai", "age":19 } # 覆盖 PUT /shijiange/_doc/1 { "age":19 } # 修改 POST /shijiange/_doc/1/_update { "doc":{ "name":"yan1" } }
Console中输入正确操作语句后点击后面绿色按钮即可执行该语句