tar –zxf logstash-1.5.2.tar.gz -C /usr/local/ 解压并复制(-C)到目录/usr/local 我采用的是先解压再复制到work目录的方式 [root@iZ work]# cp /tmp/logstash-5.4.0 /work/ cp: omitting directory ‘/tmp/logstash-5.4.0’ [root@iZ work]# cp -r /tmp/logstash-5.4.0 /work/ [root@iZ work]# ls conf golang gopath logs logstash-5.4.0 lua_workspace shell_workspace tomcat-7 tomcat-7.0.76 [root@iZ work]# 启用logstash pipeline试试
bin/logstash -e 'input {stdin{}} output {stdout{}}'
Exit Logstash by issuing a CTRL-D command in the shell where Logstash is running.CTRL+D退出Logstash运行界面,Logstash还在后台运行。
使用logstash的-f参数来读取配置文件,执行如下开始进行测试:
| 1 2 3 4 5 6 7 8 9 10 11 |
# echo "`date` hello World" Thu Jul 16 04:06:48 CST 2015 hello World # /usr/local/logstash-1.5.2/bin/logstash agent -f logstash-simple.conf Logstash startup completed Tue Jul 14 18:07:07 EDT 2015 hello World #该行是执行echo “`date`hello World” 后输出的结果,直接粘贴到该位置 { "message" => "Tue Jul 14 18:07:07 EDT 2015 helloWorld", "@version" => "1", "@timestamp" => "2015-07-14T22:07:28.284Z", "host" => "noc.vfast.com" } |
安装ElasticSearch ElasticSearch官网安装和使用 https://www.elastic.co/guide/en/elasticsearch/reference/current/_installation.html tar -zvxf elasticsearch-5.0.0.tar.gz -C /work/ 如果使用远程连接的Linux的方式并想后台运行elasticsearch执行如下命令: nohup /work/elasticsearch-5.0.0/bin/elasticsearch & (用/work/elasticsearch-5.0.0/bin/elasticsearch -d 也可以 它本身就支持用这个最好) tail -f nohup.out 查看运行情况
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x000000008a660000, 1973026816, 0) failed; error='Cannot allocate memory' (errno=12)
错误内存不够用。
ElstaticSearch默认JVM空间大小为2G config/jvm.options文件
x
因为安全问题elasticsearch 不让用root用户直接运行,所以要创建新用户
- 建议创建一个单独的用户用来运行ElasticSearch
- 创建elsearch用户组及elsearch用户
logs/elasticsearch.log (Permission denied) java 该elsearch用户对该没有权限
给用户elsearch赋予elasticsearch目录中文件的权限 [root@i~]# sudo chown -R elsearch /work/elasticsearch-5.0.0 [root@i~]# sudo chgrp -R elsearch /work/elasticsearch-5.0.0 成功
ctrl+C退出,再次启动时出错,删除 目录下的data/nodes/0/node.lock即可
[elsearch@iZ elasticsearch-5.0.0]$ rm -rf data/nodes/0/node.lockorg.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to obtain node locks, tried [[/work/elasticsearch-5.0.0/data/elasticsearch]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])? at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:116) ~[elasticsearch-5.0. tail -100f logs/elasticsearch.log 查看日志
http://www.cnblogs.com/moxiaoan/p/5683743.htmlCentos7开启防火墙 systemctl status firewalld 查看防火墙状态 但是防火墙没有开启
今天在虚拟机上安装了一个ES 5.2.2
结果curl "http://127.0.0.1:9200" 能够正常访问,可是使用外网ip就提示拒绝链接
解决办法:vim config/elasticsearch.yml
增加:network.host: 0.0.0.0
重启问题解决
另外,个别虚拟机无法启动ES,查看日志如果有:
[2017-03-28T15:35:19,948][ERROR][o.e.b.Bootstrap ] [kSH2rCN] node validation exception bootstrap checks failed
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决办法:切换root账户 vim /etc/sysctl.conf
增加一行 vm.max_map_count=655360
接着执行 sysctl -p
切回ES账户重新启动问题解决
Exception in thread "main" ElasticsearchParseException[malformed, expected settings to start with 'object', instead was [VALUE_STRING]]
ps -ef |grep elastic 找到它 kill -9 pid关闭它
su - elsearch 切换到该用用户启动它
elasticsearch.yml更改才有效。
[2017-05-12T17:12:10,946][ERROR][o.e.b.Bootstrap ] [lT7j70Y] node validation exception
bootstrap checks failed
max file descriptors [65535] for elasticsearch process likely too low, increase to at least [65536]
max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
http://blog.csdn.net/u014535678/article/details/71194548
max file descriptors (linux能够打开的最大文件句柄数)
vi /etc/security/limits.conf
设置vm.max_map_count (限制一个进程可以拥有的VMA(虚拟内存区域)的数量)
vi /etc/sysctl.conf 添加两行
vm.max_map_count=655360
fs.file-max=65536
sysctl -p 重启
设置 max number of threads (linux允许每个用户的最大线程数)已经可以满足
vi /etc/security/limits.d/20-nproc.conf
上面该设置都设置,但还是不行,sync;sync;sync;reboot重启了系统,可以了
外网访问成功!
但是页面怎么就只是返回JSON,如果要页面管理端,得事先安装安装Head插件(Optional):
./bin/plugin install mobz/elasticsearch-head
https://github.com/mobz/elasticsearch-head#running-with-built-in-server
- for Elasticsearch 5.x: site plugins are not supported. Run as a standalone server
[root@iZm work]# netstat -nap |grep 9100
tcp 0 0 127.0.0.1:9100 0.0.0.0:* LISTEN 509/node_exporter (PID/应用名)
配置文件Gruntfile.js
npm install 初始化安装
nohup npm run start & 后台运行
成功
页面上显示集群健康值:未连接
解决方法:修改elasticsearch.yml文件
vi elasticsearch-5.0.0/config/elasticsearch.yml #---------------------------CORS-------------------------- http.cors.enabled: true http.cors.allow.origin: "*"
成功
安装Kibana tar -zxvf kibana-5.0.0-linux-x86_64.tar.gz -C /work/ cd kibana-5.0.0-linux-x86_64/ vi config/kibana.yml 修改配置文件 添加 server.host: "221.14.73.47" #假设的IP elasticsearch.url: "http://22.14.73.47:9200" ./bin/kibana 启动 成功
