ElasticSearch （ELK）安装说明

一、 ElasticSearch安装

 wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.3.2.tar.gz #下载
 tar zxvf  elasticsearch-5.3.2.tar.gz #解压
cd elasticsearch-5.3.2/config
vim elasticsearch.yml #修改配置文件
------------------------------------------------
cluster.name: elasticsearch
node.name: node-4
node.attr.rack: r4
network.host: 192.168.100.17,127.0.0.1
node.master: true
node.data: true
transport.tcp.port: 9300
transport.tcp.compress: true
discovery.zen.ping.unicast.hosts: ["192.168.100.17:9300","192.168.100.18:9300","192.168.100.19:9300"]

http.cors.enabled: true
http.cors.allow-origin: "*"
indices.query.bool.max_clause_count: 10240
------------------------------------------------

1）问题：max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536] 意思是说你的进程不够用了

 vim /etc/security/limits.conf   #添加
-------------------------------------------------------
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
-------------------------------------------------------

前面的*符号必须带上，然后重新启动就可以了。执行完成后可以使用命令 ulimit -n 查看进程数

2）问题： max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] 需要修改系统变量的最大值了

vim /etc/sysctl.conf 
----------------------------------------------------
vm.max_map_count=655360 #添加
----------------------------------------------------
sysctl -p #更新配置

3) 问题： elasticSearch不能以 root账号启动，创建用户elastic

groupadd elastic #创建用户组
useradd elastic -g elastic #创建用户指定到用户组
chown -R elastic:elastic  elasticsearch-5.3.2  #文件夹附用户权限

4）启动es

 ./bin/elasticsearch  #前台启动
nohup  ./bin/elasticsearch & #后台启动

二、Kibana-5.3.2安装

wget https://artifacts.elastic.co/downloads/kibana/kibana-5.3.2-linux-x86_64.tar.gz #下载
 tar zxvf  kibana-5.3.2.tar.gz #解压
cd kibana-5.3.2/config
vim kibana.yml  #修改配置文件（末尾添加）
------------------------------------------------
server.port: 5601  
server.host: 192.168.100.17
elasticsearch.url: "http://192.168.100.17:9300"  
logging.dest: /data/kibana-5.3.2-linux-x86_64/log/kibana.log
------------------------------------------------

三 、Logstash-5.3.2安装

wget https://artifacts.elastic.co/downloads/logstash/logstash-5.3.2.tar.gz  #下载
 tar zxvf  logstash-5.3.2.tar.gz #解压
cd logstash-5.3.2/config
vim message.conf  #添加配置文件
------------------------------------------------
input {
  file {
      type => "systemlog"
     path => "/data/logdir/message.log"
     }
}
output {
    if [type] == "systemlog" {
      redis {
      host => "192.168.100.17"
          port => "7000"
          data_type => "list"
          key => "logstash-systemlog"
       }
    }
}
------------------------------------------------

启动 logstash

./bin/logstash -f config/message.conf 前台启动

流程控制

1、logstash从message.log文件获取内容插入取到 redis集群
2、从redis集群取数据到容插入elasticSearch里面
3、kibana读取elasticSearch信息

最后再启动kibana读取elasticSearch集群

cd  /data/kibana-5.3.2-linux-x86_64
./bin/kibana #前台启动