ElasticSearch installation

Download ElasticSearch. Version 5.5.1 is used for this article.

2, configuration,

path.data: /data/es # data path
path.logs: /data/logs/es # log pathNetwork. host: indicates the local address# server address
http.port: 9200 # port
Copy the code

The default data and logs are in the ElasticSearch folder if the configuration is not modified.

The default address is 192.168.0.1, and ElasticSearch is in development mode and can only be accessed from the host. If you change it to a production address, the system enters production mode and runs bootstrap Check.

3, start,

./bin/elasticsearch
Copy the code

Note You cannot start ElasticSearch as user root. You have read and write permission for the elasticSearch folder.

I also got the following warnings during the installation

[2017-08-07T09.13:59:951][O.E.B.J NANatives] Unable to install syscall filter: java.lang.UnsupportedOperationException: seccomp unavailable: Requires kernel 3.5+ with CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER compiledinThe at org. Elasticsearch. The bootstrap. SystemCallFilter. LinuxImpl (SystemCallFilter. Java: 350) ~ [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. SystemCallFilter. Init (SystemCallFilter. Java: 638) ~ [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. JNANatives. TryInstallSystemCallFilter (JNANatives. Java: 245) [elasticsearch - 5.5.1. Jar: 5.5.1] The at org. Elasticsearch. The bootstrap. Natives. TryInstallSystemCallFilter (Natives. Java: 113) [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. The bootstrap. InitializeNatives (111) the bootstrap. Java: [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. The bootstrap. Setup (194) the bootstrap. Java: [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. The bootstrap. Init (351) the bootstrap. Java: [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. Elasticsearch. Init (elasticsearch. Java: 123) [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. Elasticsearch. Execute (elasticsearch. Java: 114) [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. Cli. EnvironmentAwareCommand. Execute (EnvironmentAwareCommand. Java: 67) [elasticsearch - 5.5.1. Jar: 5.5.1] At org.elasticsearch.cli.Com mand. MainWithoutErrorHandling (122). The Command Java: [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org.elasticsearch.cli.Com mand. Main (88). The Command Java: [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. Elasticsearch. Main (elasticsearch. Java: 91) [elasticsearch - 5.5.1. Jar: 5.5.1] the at Org. Elasticsearch. The bootstrap. Elasticsearch. Main (elasticsearch. Java: 84) [elasticsearch - 5.5.1. Jar: 5.5.1] [2017-08-01T14:10:57.843] WARN [O.E.B. Botstrapchecks][VAfWGGZ] Max file Descriptors [65535]forelasticsearch process is too low, Increase to at least [65536] [2017-08-01T14:10:57.844] WARN [O.E.B. Cootstrapchecks][VAfWGGZ] Max number of threads [1024]foruser [maserati] is too low, Increase to at least [2048] [2017-08-0t14:10:57.844] WARN [O.E.B. Bootstrapchecks][VAfWGGZ] Max virtual memory areas vm.max_map_count [65530] is too low, Increase to at least [262144] [2017-08-0t14:10:57.844][O.E.B. Cootstrapchecks][VAfWGGZ] system call filters failed to install; check the logs and fix your configuration ordisable system call filters at your own risk
Copy the code

For the file descriptor, set it to 65536 ulimit -n 65536. If the message indicates that there is no permission, you can add a line in the user’s.bash_profile, and log out the user and log in again.

In view of the Max number of threads, modify/etc/security/limits. D / 90 – nproc. Conf.

*          soft    nproc     2048
root       soft    nproc     unlimited
Copy the code

For Max Virtual Memory areas, modify /etc/sysctl.conf. If not, add a new line.

vm.max_map_count = 262144
Copy the code

You can disable this parameter for system_call_filter by modifying the configuration file (elasticSearch.yml).

bootstrap.system_call_filter: false 
Copy the code

4. Access. If the following information is displayed, the startup is successful.

[root@iZ627x15h6pZ cloud]# curl http://localhost:9200
{
  "name" : "VAfWGGZ"."cluster_name" : "elasticsearch"."cluster_uuid" : "J9Tm5R2zRt2PkOSwtXj5Wg"."version" : {
    "number" : "5.5.1"."build_hash" : "19c13d0"."build_date" : "The 2017-07-18 T20:44:24. 823 z"."build_snapshot" : false."lucene_version" : "6.6.0"
  },
  "tagline" : "You Know, for Search"
}
Copy the code

Logstash installation

1. Download and unzip the Logstash version used for this article

2. Create a simple configuration file logstash_test.conf

input { stdin { } }
output {
  stdout { codec => rubydebug }
}
Copy the code

3. Start the logstash

./bin/logstash -f logstash_test.conf 
Copy the code

If this information is displayed, the startup is successful.

[2017-08-01T13:58:38.437][INFO][stash. Pipeline] Pipeline main started The stdin plugin is now waitingforInput: [2017-08-01T13:58:38.532][INFO][logstash. Agent] Successfully started logstash API endpoint {:port=>9600}Copy the code

4. Work with ElasticSearch.

Kibana installation

1. Download Kibana

2. Modify the configuration

Port: 5601 // Start service IP server.host:"This machine IP"/ / elasticsearch address elasticsearch. Url:"Http://localhost:9200"Copy the code

3. Start the program

./bin/kibana

4, access to check whether Kibana startup is successful, and retrieve view data

http://localhost:5601

ELK+Filebeat ELK+Filebeat ELK+Filebeat ELK+Filebeat ELK+Filebeat