The ELK log management platform is set up

1, Jdk1.8 installation decompression:

tar -zxvf jdk-8u181-linux-x64.tar.gz
Copy the code

Create the /usr/jdk directory and copy the decompression package to /usr/jd/

	mkdir -p /usr/jdk
	mv /opt/elk/ jdk-8u181-linux-x64 /usr/jdk
Copy the code

Configure environment variables:

	vim /etc/profil
Copy the code
At the end of the file add:Copy the code
exportJAVA_HOME = / usr/JDK/jdk1.8.0 _181export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
Copy the code
To make the configuration take effect:Copy the code
source /etc/profile
Copy the code
Verified version:Copy the code
java -version
Copy the code

If 1.8 is displayed, the JDK is installed

Elasticsearch is easy to install and unzip. Elasticsearch requires that you cannot run Elasticsearch as user root, so create an elastic account, give the software permissions to the elastic account, and run Elasticsearch using the elastic account. Download address www.elastic.co/cn/download…

  1. Into/usr/local /
Tar -zxvf elasticSearch-6.4.0.tar. gz -c /usr/local/
Copy the code
  1. Create an account and set a password
adduser elastic
	passwd elastic 
Copy the code
  1. License to the elasticSearch directory for the elastic user.
	chown -R elastic /usr/local/ elasticsearch 6.4.0 /Copy the code
  1. Switch to the elasticSearch directory and run as an Elastic user
cd /usr/local/ elasticSearch -6.4.0/ su elastic./bin/ elasticSearch./bin/ elasticSearch-dBackground running ESCopy the code

If there is no error, it is running successfully…

  1. Elasticsearch Edits the ES configuration file at the specified IP address
vim config/elasticsearch.yml
Copy the code

Find the line network.host:, remove the # sign and change it to:

Network. The host: 192.168.100.101Copy the code

192.168.100.101 for the specified IP address, can be more, if for 0.0.0.0 said nic is open to all access, so you can open in the browser: http://192.168.100.101:9200/? pretty

1, Max file descriptors [4096] for elasticSearch process is too low, increase to at least [65536] Max file descriptors for elasticSearch process is too low You can run the following two commands to view the current number

ulimit -Hn
ulimit -Sn
Copy the code

Modify/etc/security/limits file, increase the configuration, take effect after the user login again

*               soft    nofile          65536
*               hard    nofile          65536
Copy the code

Max threads number [3818] for user [es] is too low, increase to at least [4096] Modify the configuration file/etc/security/limits the conf, increase configuration

*               soft    nproc           4096
*               hard    nproc           4096
Copy the code

You can view the information by running commands

ulimit -Hu
ulimit -Su
Copy the code

3, Max Virtual memory areas VM. Max_map_count [65530] is too low, increase to at least [262144]

Add vm.max_map_count=262144 to the /etc/sysctl.conf file

vi /etc/sysctl.conf
sysctl -p
Copy the code

Run the sysctl -p command to take effect