1.官网下载安装包,官网地址:
https://www.elastic.co/downloads
本次使用版本为
elasticsearch-6.1.1.tar.gz
kibana-6.1.1-linux-x86_64.tar.gz
2.环境准备:
Java环境:JDK1.8(若未安装,需先安装)
3.安装elasticsearch-6.1.1.tar.gz
a.tar -zxvf elasticsearch-6.0.1.tar.gz -C /app/webapp
b. vi /app/webapp/elasticsearch-6.1.1/config/elasticsearch.yml
配置文件内容如下:
#cluster.name: cluster-es
# 集群名称
#node.name: es-node1
# 节点名称,其余两台为es-node2、es-node3
path.data: /usr/local/elasticsearch/data
# 数据目录
path.logs: /usr/local/elasticsearch/logs
# 日志目录
network.host: 172.16.64.137
# 本机IP
http.port: 9200
# 本机http端口
discovery.zen.minimum_master_nodes: 1
# 指定集群中的节点中有几个有master资格的节点
#discovery.zen.ping.unicast.hosts: ["172.16.64.137", "172.16.64.138", "172.16.64.147"]
# 指定集群中其他节点的IP
node.master: true
# 是否为master
node.data: false
# 是否为数据节点
#discovery.zen.fd.ping_timeout: 180s
# 设置集群中自动发现其它节点时ping连接超时时间
#discovery.zen.fd.ping_retries: 10
# 集群中节点之间ping的次数
#discovery.zen.fd.ping_interval: 30s
# 集群中节点之间ping的时间间隔
c.配置内存
vim bin/elasticsearch
# 添加以下代码
export JAVA_HOME=/usr/local/jdk1.8.0_73
export PATH=$JAVA_HOME/bin:$PATH
启动报错解决:
ERROR: bootstrap checks failed
max file descriptors [65535] for elasticsearch process likely too low, increase to at least [65536]
memory locking requested for elasticsearch process but memory is not locked
max number of threads [1024] for user [jason] likely too low, increase to at least [2048]
max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
解决方法:
> vim /etc/security/limits.conf
...* hard nofile 65536 # 针对 max file descriptors
* soft nofile 65536
* hard nproc 4096
vi /etc/security/limits.d/90-nproc.conf
修改如下内容:
* soft nproc 1024
#修改为
* soft nproc 2048
...
vm.max_map_count=262144 # 针对 max virtual memory areas
> vim /etc/elasticsearch/elasticsearch.yml
...
bootstrap.system_call_filter: false # 针对 system call filters failed to install, 参见 https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html
4.
并执行命令:
sysctl -p
后台启动elasticsearch
[ela@test1 ~]$ nohup /app/efk/elasticsearch-6.1.1/bin/elasticsearch &
正常情况下,启动后,网页访问172.16.16.206:9200会有以下内容显示
5.安装kibana-6.1.1
解压:tar -zxvf kibana-6.1.1-linux-x86_64.tar.gz
修改配置文件
cd /app/webapp/kibana-6.1.1/config
vi kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5601
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "172.16.69.70"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
# to Kibana. This setting cannot end in a slash.
#server.basePath: ""
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://172.16.69.70:9200"
把标红的注释取消,并把默认的localhost改为自己的主机名
启动: cd kibana-6.1.1/bin
nohup /app/webapp/kibana/bin/kibana &