The ELK log management platform is set up
1, Jdk1.8 installation decompression:
tar -zxvf jdk-8u181-linux-x64.tar.gz
Copy the codeCreate the /usr/jdk directory and copy the decompression package to /usr/jd/
mkdir -p /usr/jdk
mv /opt/elk/ jdk-8u181-linux-x64 /usr/jdk
Copy the codeConfigure environment variables:
vim /etc/profil
Copy the codeAt the end of the file add:Copy the codeexportJAVA_HOME = / usr/JDK/jdk1.8.0 _181export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
Copy the codeTo make the configuration take effect:Copy the codesource /etc/profile
Copy the codeVerified version:Copy the codejava -version
Copy the codeIf 1.8 is displayed, the JDK is installed
Elasticsearch is easy to install and unzip. Elasticsearch requires that you cannot run Elasticsearch as user root, so create an elastic account, give the software permissions to the elastic account, and run Elasticsearch using the elastic account. Download address www.elastic.co/cn/download…
- Into/usr/local /
Tar -zxvf elasticSearch-6.4.0.tar. gz -c /usr/local/
Copy the code- Create an account and set a password
adduser elastic
passwd elastic
Copy the code- License to the elasticSearch directory for the elastic user.
chown -R elastic /usr/local/ elasticsearch 6.4.0 /Copy the code- Switch to the elasticSearch directory and run as an Elastic user
cd /usr/local/ elasticSearch -6.4.0/ su elastic./bin/ elasticSearch./bin/ elasticSearch-dBackground running ESCopy the codeIf there is no error, it is running successfully…
- Elasticsearch Edits the ES configuration file at the specified IP address
vim config/elasticsearch.yml
Copy the codeFind the line network.host:, remove the # sign and change it to:
Network. The host: 192.168.100.101Copy the code192.168.100.101 for the specified IP address, can be more, if for 0.0.0.0 said nic is open to all access, so you can open in the browser: http://192.168.100.101:9200/? pretty
1, Max file descriptors [4096] for elasticSearch process is too low, increase to at least [65536] Max file descriptors for elasticSearch process is too low You can run the following two commands to view the current number
ulimit -Hn
ulimit -Sn
Copy the codeModify/etc/security/limits file, increase the configuration, take effect after the user login again
* soft nofile 65536
* hard nofile 65536
Copy the codeMax threads number [3818] for user [es] is too low, increase to at least [4096] Modify the configuration file/etc/security/limits the conf, increase configuration
* soft nproc 4096
* hard nproc 4096
Copy the codeYou can view the information by running commands
ulimit -Hu
ulimit -Su
Copy the code3, Max Virtual memory areas VM. Max_map_count [65530] is too low, increase to at least [262144]
Add vm.max_map_count=262144 to the /etc/sysctl.conf file
vi /etc/sysctl.conf
sysctl -p
Copy the codeRun the sysctl -p command to take effect