搭建elasticsearch+kibana+logstash+filebeat
2024-04-08 11:48:39
- 由于资源有限,所以我暂时将elk部署在同一台主机,生产环境可以部署在多台主机上,只需要多台主机可以相互连通
elk原理
下载资源
elastic中文官网
环境准备
# 关闭防火墙和selinux
[root@VM-0-17-centos ~]# systemctl stop firewalld
[root@VM-0-17-centos ~]# systemctl disable firewalld
[root@VM-0-17-centos ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
[root@VM-0-17-centos ~]# getenforce
Disabled
# 下载软件包
[root@VM-0-17-centos ~]# mkdir /elk
[root@VM-0-17-centos ~]# cd /elk
[root@VM-0-17-centos elk]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.0-linux-x86_64.tar.gz # 下载极其慢,建议下载国内镜像站华为云等的elasticsearch## 可以执行以下命令:
[root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/elasticsearch/7.8.0/elasticsearch-7.8.0-linux-x86_64.tar.gz
[root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/kibana/7.8.0/kibana-7.8.0-linux-x86_64.tar.gz
[root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/logstash/7.8.0/logstash-7.8.0.tar.gz
[root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/filebeat/7.8.0/filebeat-7.8.0-linux-x86_64.tar.gz[root@VM-0-17-centos elk]# ls
elasticsearch-7.9.0-linux-x86_64.tar.gz kibana-7.9.0-linux-x86_64.tar.gz
filebeat-7.9.0-linux-x86_64.tar.gz logstash-7.9.0.tar.gz
安装部署 Elasticsearch
# 解压软件包
[root@VM-0-17-centos elk]# tar -xf elasticsearch-7.9.0-linux-x86_64.tar.gz -C /usr/local/
[root@VM-0-17-centos elk]# cd /usr/local/elasticsearch-7.9.0/# 修改yml格式的配置文件
[root@VM-0-17-centos elasticsearch-7.9.0]# vim config/elasticsearch.yml
23 node.name: node-1 # 节点名称
33 path.data: /DATA/elasticsearch/esdata
37 path.logs: /DATA/elasticsearch/eslogs
43 bootstrap.memory_lock: true
44 bootstrap.system_call_filter: false
55 network.host: 0.0.0.0 # 允许外部ip访问
60 http.port: 9200
61 http.cors.enabled: true
62 http.cors.allow-origin: "*"
63 xpack.security.enabled: false
64 xpack.monitoring.enabled: true
65 xpack.monitoring.collection.cluster.stats.timeout: 10s
66 indices.memory.index_buffer_size: 30%
67 indices.recovery.max_bytes_per_sec: 10000mb
68 indices.fielddata.cache.size: 30%
69 indices.breaker.fielddata.limit: 35%
70 indices.breaker.request.limit: 20%
71 indices.breaker.total.limit: 55%
72 cluster.initial_master_nodes: ["node-1"] # 设置集群初始主节点# 新建用户并赋权
ES为了安全考虑不允许使用root用户启动ElasticSearch,所以需要新建一个普通用户启动程序。
[root@VM-0-17-centos ~]# useradd es # 创建es用户
[root@VM-0-17-centos ~]# passwd es # 给es用户设置密码,此处密码为es
Changing password for user es.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.# 将对应的文件夹的权限赋给es用户
[root@VM-0-17-centos ~]# chown -R es /usr/local/elasticsearch-7.9.0/
[root@VM-0-17-centos ~]# mkdir -p /DATA/elasticsearch/{esdata,eslogs}
[root@VM-0-17-centos ~]# chown -R es /DATA/elasticsearch# 在es用户下启动
[root@VM-0-17-centos ~]# su - es
Last failed login: Wed Sep 2 02:22:39 CST 2020 from 106.52.119.75 on ssh:notty
There were 8 failed login attempts since the last successful login.
[es@VM-0-17-centos ~]$ cd /usr/local/elasticsearch-7.9.0/
[es@VM-0-17-centos elasticsearch-7.9.0]$ ./bin/elasticsearch -d # 在后台启动
[root@VM-0-17-centos ~]# ss -nutlp | grep 9200
tcp LISTEN 0 128 [::]:9200 [::]:* users:(("java",pid=32065,fd=249))
防火墙策略
[root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=9200/tcp
success
[root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=9200/udp
success
[root@VM-0-17-centos ~]# firewall-cmd --reload
success
报错解决
------------------------------------------------------------------------------------------------------------
ERROR: [3] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max number of threads [3795] for user [es] is too low, increase to at least [4096]
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[4]:什么都不报,在执行启动之后迅速failed
[5]:error:
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000e0000000, 536870912, 0) failed; error='Not enough space' (errno=12)
[6]:failed to obtain node locks
[7]:memory locking requested for elasticsearch process but memory is not locked解决:
需切换到root用户解决错误:# 切换到 root 用户
[es@localhost elasticsearch-7.8.0]$ su root[1] 和 [2] 的解决方法:
# 修改 /etc/security/limits.conf 文件
[root@VM-0-17-centos ~]# vim /etc/security/limits.conf
# 添加以下四行
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096[3] 的解决方法:
# 修改 /etc/sysctl.conf 文件
[root@VM-0-17-centos ~]# vim /etc/sysctl.conf
# 添加下面一行
vm.max_map_count=655360# 执行命令
[root@VM-0-17-centos ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.conf.default.promote_secondaries = 1
net.ipv6.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh3 = 4096
kernel.softlockup_panic = 1
kernel.sysrq = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
kernel.numa_balancing = 0
kernel.shmmax = 68719476736
kernel.printk = 5
vm.max_map_count = 655360
切换到用户 es 重新启动程序就可以了。[4]的解决办法:
原本执行:
[es@VM-0-17-centos ~]$ cd /usr/local/elasticsearch-7.9.0/bin/
[es@VM-0-17-centos bin]$ ./elasticsearch
Killed# 虚拟机占用堆内存大小问题
# 做集群的时候可能内存不够, vim jvm.options,生产环境下仍要有1G
解决:
[es@VM-0-17-centos bin]$ cd ..
[es@VM-0-17-centos elasticsearch-7.9.0]$ vim config/jvm.options22 -Xms512m23 -Xmx512m[5]的解决办法:
# 创建交换空间
[root@VM-0-17-centos ~]# free -mtotal used free shared buff/cache available
Mem: 1838 1389 88 1 360 293
Swap: 0 0 0
[root@VM-0-17-centos ~]# dd if=/dev/zero of=swapfile bs=1024 count=5000000 # count=空间大小 of空间名字
5000000+0 records in
5000000+0 records out
5120000000 bytes (5.1 GB) copied, 45.4506 s, 113 MB/s
[root@VM-0-17-centos ~]# mkswap swapfile # 将swapfile设置为swap空间
Setting up swapspace version 1, size = 4999996 KiB
no label, UUID=9bbf462e-0101-47ae-9ffb-6118c2615427
[root@VM-0-17-centos ~]# swapon swapfile # 启用交换空间,这个操作有点类似于mount操作
swapon: /root/swapfile: insecure permissions 0644, 0600 suggested.
[root@VM-0-17-centos ~]# free -m # 使用free命令查看swap空间大小是否发生变化total used free shared buff/cache available
Mem: 1838 1286 68 0 482 392
Swap: 4882 0 4882[6]的解决办法:
# 可以简单理解为绑定节点失败
解决:
[root@VM-0-17-centos ~]# ps aux | grep elastic # 查看进程
[root@VM-0-17-centos ~]# kill -9 29109
[es@VM-0-17-centos ~]$ cd /usr/local/elasticsearch-7.9.0/bin/
[es@VM-0-17-centos bin]$ ./elasticsearch -d[7]的解决办法:
[root@VM-0-17-centos ~]# vim /etc/systemd/system.conf最下方添加
DefaultLimitNOFILE=65536
DefaultLimitNPROC=32000
DefaultLimitMEMLOCK=infinity
浏览器访问
安装部署kibana
[root@VM-0-17-centos ~]# cd /elk/
[root@VM-0-17-centos elk]# ls
elasticsearch-7.9.0-linux-x86_64.tar.gz kibana-7.9.0-linux-x86_64.tar.gz
filebeat-7.9.0-linux-x86_64.tar.gz logstash-7.9.0.tar.gz
[root@VM-0-17-centos elk]# tar -xf kibana-7.9.0-linux-x86_64.tar.gz -C /usr/local/
[root@VM-0-17-centos elk]# cd /usr/local/kibana-7.9.0-linux-x86_64/
[root@VM-0-17-centos kibana-7.9.0-linux-x86_64]# vim config/kibana.yml 2 server.port: 5601 # 服务端口7 server.host: "0.0.0.0" # 服务器的ip,此处为本机28 elasticsearch.hosts: ["http://localhost:9200"] # Elasticsearch 服务地址
115 i18n.locale: "zh-CN"# 授权并切换用户
给 es 用户授予 kibana 目录的权限。
[root@VM-0-17-centos ~]# chown -R es /usr/local/kibana-7.9.0-linux-x86_64/
[root@VM-0-17-centos ~]# su - es# 启动 Kibana
注意:启动 Kibana 之前需要先启动 Elasticsearch需要先配置防火墙打开5601端口:
[root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=5601/tcp
success
[root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=5601/udp
success
[root@VM-0-17-centos ~]# firewall-cmd --reload
success# 启动kibana
[es@VM-0-17-centos ~]$ cd /usr/local/kibana-7.9.0-linux-x86_64/
[es@VM-0-17-centos kibana-7.9.0-linux-x86_64]$ ./bin/kibana # 前台启动
[es@VM-0-17-centos kibana-7.9.0-linux-x86_64]$ nohup ./bin/kibana & # 后台启动
[1] 3284
[es@VM-0-17-centos kibana-7.9.0-linux-x86_64]$ nohup: ignoring input and appending output to ‘nohup.out’ # 出现此行代表忽略输入输出,将信息化信息记录到nohup.out文件中。敲击回车,就退出了nohup.out当前的界面,进入正常的命令行[root@VM-0-17-centos ~]# ss -nutlp | grep 5601 # 查看端口
tcp LISTEN 0 128 *:5601 *:* users:(("node",pid=3284,fd=18))
浏览器访问
安装部署logstash
[root@VM-0-17-centos ~]# mkdir /DATA/logstash
[root@VM-0-17-centos ~]# chown -R es /DATA/logstash
[root@VM-0-17-centos ~]# cd /elk/
[root@VM-0-17-centos elk]# tar -xf logstash-7.9.0.tar.gz -C /usr/local/
[root@VM-0-17-centos elk]# cd /usr/local/logstash-7.9.0/
[root@VM-0-17-centos logstash-7.9.0]# vim config/logstash.yml28 path.data: /DATA/logstash73 path.config: /usr/local/logstash-7.9.0/config/*
118 http.host: "0.0.0.0"
241 path.logs: /usr/local/logstash-7.9.0/log[root@VM-0-17-centos logstash-7.9.0]# cp config/logstash-sample.conf config/logstash-es.conf
[root@VM-0-17-centos logstash-7.9.0]# vim config/logstash-es.conf
input { # input输入源配置tcp { # 使用tcp输入源port => 9601 # 服务器监听端口9061接收日志,默认ip localhostcodec => json_lines # 使用json解析日志 需要安装json解析插件}
}output { # output 数据输出配置elasticsearch { # 使用elasticsearch接收hosts => ["http://localhost:9200"] # 集群地址 多个用逗号隔开#user => "elastic" #password => "changeme"}stdout {codec => rubydebug # 输出到命令窗口}
}# 安装插件
由于国内无法访问默认的gem source,需要将gem source改为国内的源。
[root@VM-0-17-centos logstash-7.9.0]vim Gemfile
source "https://ruby.taobao.org" # 如果报错Could not fetch specs from http://ruby.taobao.org/,则将源改成如下:
source "https://gems.ruby-china.com/"[root@VM-0-17-centos logstash-7.9.0]# ./bin/logstash-plugin install --no-verify logstash-codec-json_lines
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
Installing logstash-codec-json_lines
Installation successful# 启动
[root@VM-0-17-centos logstash-7.9.0]# nohup ./bin/logstash -f ./config/logstash-es.conf & # 后台启动
[1] 8206
[root@VM-0-17-centos logstash-7.9.0]# nohup: ignoring input and appending output to ‘nohup.out’
nohup: ignoring input and appending output to ‘nohup.out’[root@VM-0-17-centos logstash-7.9.0]# cd config/
[root@VM-0-17-centos config]# vim test.conf
input {beats {port => 5044}
}output{stdout {codec => rubydebug}
}[root@VM-0-17-centos config]# cd -
/usr/local/logstash-7.9.0
[root@VM-0-17-centos logstash-7.9.0]# ./bin/logstash -f config/test.conf
[root@VM-0-17-centos logstash-7.9.0]# cd bin
[root@VM-0-17-centos bin]# ./logstash -f /usr/local/logstash-7.9.0/config/test.conf --path.data=/logdata/filebeat &
[1] 25582成功部署后logstash就能成功输出日志信息了------------------------------------------------------------------------------------------------------------
其他相关操作:测试filebeat启动后,查看相关输出信息:
./filebeat -e -c filebeat.yml -d "publish"后台方式启动filebeat:
./filebeat -e -c filebeat.yml >/dev/null 2>&1 & 将所有标准输出及标准错误输出到/dev/null空设备,即没有任何输出
./filebeat -e -c filebeat.yml > filebeat.log &停止filebeat:查找进程ID并kill掉:
ps -ef |grep filebeat<br>kill -9 进程号
安装filebeat
注释:在inputs中配置了两个目录的.log文件,在output中也配置了两个会在es中产生的index
[root@VM-0-17-centos ~]# cd /elk/
[root@VM-0-17-centos elk]# tar -xf filebeat-7.9.0-linux-x86_64.tar.gz -C /usr/local/
[root@VM-0-17-centos elk]# cd /usr/local/filebeat-7.9.0-linux-x86_64/
[root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# vim filebeat.yml 15 filebeat.inputs:16 - type: log17 enabled: true18 paths:19 - /usr/local/nginx/logs/*.log
146 # ---------------------------- Elasticsearch Output ----------------------------
147 #output.elasticsearch:
148 # Array of hosts to connect to.
149 # hosts: ["localhost:9200"]
159 # ------------------------------ Logstash Output -------------------------------
160 output.logstash:
161 # The Logstash hosts
162 hosts: ["localhost:5044"][root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# nohup ./filebeat -e -c filebeat.yml &
[1] 11733
[root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# nohup: ignoring input and appending output to ‘nohup.out’[root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# ps -elf | grep filebeat
0 S root 11733 7222 0 80 0 - 228233 futex_ 09:06 pts/0 00:00:00 ./filebeat -e -c filebeat.yml
0 S root 12434 7222 0 80 0 - 28203 pipe_w 09:09 pts/0 00:00:00 grep --color=auto filebeat13 # ============================== Filebeat inputs ===============================14 15 filebeat.inputs:16 - type: log17 enabled: true18 paths:19 - /var/log/test.log20 multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Exception|^Caused by'21 multiline.negate: false22 max_lines: 2023 multiline.match: after24 document_type: "osquery"25 tags: ["osquery"]26 fields:27 type: 'osquery'28 29 - type: log30 enabled: true31 paths:32 - /var/log/ida/ida-restful-api/*.log33 multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Exception|^Caused by'34 multiline.negate: false35 max_lines: 2036 multiline.match: after37 document_type: "restful"38 tags: ["restful"]39 fields:40 type: 'restful'123 # ---------------------------- Elasticsearch Output ----------------------------
124 output.elasticsearch:
125 hosts: ["localhost:9200"]
126 indices:
127 - index: "osquery-%{+yyyy.MM.dd}"
128 when.equals:
129 fields.type: "osquery"
130 - index: "restful-%{+yyyy.MM.dd}"
131 when.equals:
132 fields.type: "restful"
安装elasticsearch-head插件
# 安装nodejs
[root@VM-0-17-centos ~]# wget https://npm.taobao.org/mirrors/node/latest-v7.x/node-v7.9.0.tar.gz
[root@VM-0-17-centos ~]# tar -xf node-v7.9.0.tar.gz
[root@VM-0-17-centos ~]# cd node-v7.9.0/
[root@VM-0-17-centos node-v7.9.0]# ./configure --prefix=/usr/local/node
[root@VM-0-17-centos node-v7.9.0]# make && make install
[root@VM-0-17-centos ~]# vim /etc/profile
export NODE_HOME=/usr/local/node
export PATH=$PATH:$NODE_HOME/bin:$PATH
export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH
[root@VM-0-17-centos ~]# source /etc/profile
[root@VM-0-17-centos node-v7.9.0]# node -v
v7.9.0
[root@VM-0-17-centos node-v7.9.0]# npm -v
4.2.0# 下载elasticsearch-head
[root@VM-0-17-centos ~]# git clone https://github.com/mobz/elasticsearch-head.git
[root@VM-0-17-centos ~]# cd elasticsearch-head/
[root@VM-0-17-centos elasticsearch-head]# npm install
[root@VM-0-17-centos elasticsearch-head]# vim Gruntfile.js
97 hostname: '0.0.0.0',# 修改es主机地址
[root@VM-0-17-centos elasticsearch-head]# vim ./_site/app.js
4371 init: function(parent) {4372 this._super();
4373 this.prefs = services.Preferences.instance();
4374 this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://localhost:9200"; # 修改为es主机的地址,此处我是本机,所以不做修改# 后台启动
[root@VM-0-17-centos elasticsearch-head]# nohup ./node_modules/grunt/bin/grunt server &
[1] 743
[root@VM-0-17-centos elasticsearch-head]# nohup: ignoring input and appending output to ‘nohup.out’
访问浏览器
排错
# 如果访问页面出现集群健康值:未连接,可以进行如下操作
[root@VM-0-17-centos ~]# vim /usr/local/elasticsearch-7.9.0/config/elasticsearch.yml # 在文件的末尾添加
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User"
[es@VM-0-17-centos ~]$ /usr/local/elasticsearch-7.9.0/bin/elasticsearch -d # 后台重启或者最简单的办法,把es的ip由localhost改为ip本机
# 集群健康值为yellow状态的解决办法
正常情况下,Elasticsearch 集群健康状态分为三种:
green 最健康得状态,说明所有的分片包括备份都可用; 这种情况Elasticsearch集群所有的主分片和副本分片都已分配, Elasticsearch集群是 100% 可用的。
yellow 基本的分片可用,但是备份不可用(或者是没有备份); 这种情况Elasticsearch集群所有的主分片已经分片了,但至少还有一个副本是缺失的。不会有数据丢失,所以搜索结果依然是完整的。不过,你的高可用性在某种程度上被弱化。如果 更多的 分片消失,你就会丢数据了。把 yellow 想象成一个需要及时调查的警告。
red 部分的分片可用,表明分片有一部分损坏。此时执行查询部分数据仍然可以查到,遇到这种情况,还是赶快解决比较好; 这种情况Elasticsearch集群至少一个主分片(以及它的全部副本)都在缺失中。这意味着你在缺少数据:搜索只能返回部分数据,而分配到这个分片上的写入请求会返回一个异常。Elasticsearch 集群不健康时的排查思路
-> 首先确保 es 主节点最先启动,随后启动数据节点;
-> 允许 selinux(非必要),关闭 iptables;
-> 确保数据节点的elasticsearch配置文件正确;
-> 系统最大打开文件描述符数是否够用;
-> elasticsearch设置的内存是否够用 ("ES_HEAP_SIZE"内存设置 和 "indices.fielddata.cache.size"上限设置);
-> elasticsearch的索引数量暴增 , 删除一部分索引(尤其是不需要的索引);[root@VM-0-17-centos ~]# curl http://localhost:9200/_cluster/health?pretty
{"cluster_name" : "elasticsearch", # 集群名"status" : "yellow", # 集群健康状态,正常的话是“green”,缺少副本分片为“yellow”,缺少主分片为“red”"timed_out" : false, "number_of_nodes" : 1, # 集群节点数"number_of_data_nodes" : 1, # 数据节点数"active_primary_shards" : 1, # 主分片数"active_shards" : 1, # 可用的分片数"relocating_shards" : 0, # 正在迁移的分片数"initializing_shards" : 0, # 正在初始化的分片数"unassigned_shards" : 1, # 未分配的分片,但在集群中存在"delayed_unassigned_shards" : 0, # 延时待分配到具体节点上的分片数"number_of_pending_tasks" : 0, # 待处理的任务数,指主节点创建索引并分配"number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0,"active_shards_percent_as_number" : 50.0 # 可用分片数占总分片的比例
}
[root@VM-0-17-centos ~]# curl -XGET http://localhost:9200/_cat/indices\?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open .kibana ixYbdO9ARHmTtCx6FgaP2Q 1 1 2 0 8.2kb 8.2kb解决办法:
添加请求头
[root@VM-0-17-centos ~]# curl -H "Content-Type: application/json" -XPUT localhost:9200/_settings -d '{"index" : {"number_of_replicas" : 0}}'
{"acknowledged":true}
[root@VM-0-17-centos ~]# curl -XGET http://localhost:9200/_cat/indices\?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana ixYbdO9ARHmTtCx6FgaP2Q 1 0 2 0 8.2kb 8.2kb
[root@VM-0-17-centos ~]# curl http://localhost:9200/_cluster/health?pretty
{"cluster_name" : "elasticsearch","status" : "green","timed_out" : false,"number_of_nodes" : 1,"number_of_data_nodes" : 1,"active_primary_shards" : 1,"active_shards" : 1,"relocating_shards" : 0,"initializing_shards" : 0,"unassigned_shards" : 0,"delayed_unassigned_shards" : 0,"number_of_pending_tasks" : 0,"number_of_in_flight_fetch" : 0,"task_max_waiting_in_queue_millis" : 0,"active_shards_percent_as_number" : 100.0
}
# 如果curl访问9200端口可以访问但9100端口无法访问,可以进行如下操作:
[root@VM-0-17-centos ~]# curl -get localhost:9200
{"name" : "node-1","cluster_name" : "elasticsearch","cluster_uuid" : "yaYvP4NyQiSX-jIBPCLvaA","version" : {"number" : "7.9.0","build_flavor" : "default","build_type" : "tar","build_hash" : "a479a2a7fce0389512d6a9361301708b92dff667","build_date" : "2020-08-11T21:36:48.204330Z","build_snapshot" : false,"lucene_version" : "8.6.0","minimum_wire_compatibility_version" : "6.8.0","minimum_index_compatibility_version" : "6.0.0-beta1"},"tagline" : "You Know, for Search"
}
[root@VM-0-17-centos ~]# curl http://localhost:9200/_cluster/health?pretty
{"cluster_name" : "elasticsearch","status" : "green","timed_out" : false,"number_of_nodes" : 1,"number_of_data_nodes" : 1,"active_primary_shards" : 9,"active_shards" : 9,"relocating_shards" : 0,"initializing_shards" : 0,"unassigned_shards" : 0,"delayed_unassigned_shards" : 0,"number_of_pending_tasks" : 0,"number_of_in_flight_fetch" : 0,"task_max_waiting_in_queue_millis" : 0,"active_shards_percent_as_number" : 100.0
}但在浏览器访问ip:9100被拒绝,解决:
[root@VM-0-17-centos ~]# vim /usr/local/elasticsearch-7.9.0/config/elasticsearch.yml
network.host: 172.17.0.17 # 将此行改为本机的ip,如果是云服务器,建议改成云服务器的内网ip,否则可能会出现Cannot assign requested address
[es@VM-0-17-centos ~]$ /usr/local/elasticsearch-7.9.0/bin/elasticsearch -d # 重启
[root@VM-0-17-centos ~]# ss -nutlp | grep 9200
tcp LISTEN 0 128 [::ffff:172.17.0.17]:9200 [::]:* users:(("java",pid=9558,fd=251))也可能会出现如下问题:
[root@VM-0-17-centos elasticsearch-head]# nohup ./node_modules/grunt/bin/grunt server &
[4] 14409
[root@VM-0-17-centos elasticsearch-head]# nohup: ignoring input and appending output to ‘nohup.out’
[Exit].......
/root/node_modules/chalk/source/index.js:106...styles,^^^
SyntaxError: Unexpected token ...at createScript (vm.js:53:10)at Object.runInThisContext (vm.js:95:10)at Module._compile (module.js:543:28)at Object.Module._extensions..js (module.js:580:10)at Module.load (module.js:488:32)at tryModuleLoad (module.js:447:12)at Function.Module._load (module.js:439:3)at Module.require (module.js:498:17)at require (internal/module.js:20:19)at Object.<anonymous> (/root/node_modules/grunt-legacy-log-utils/index.js:12:13)解决办法:
其实这是因为npm和node的版本比较低的原因
进行如下的操作:
[root@VM-0-17-centos ~]# npm uninstall npm -g # 卸载npm
[root@VM-0-17-centos ~]# yum install gcc gcc-c++ # 安装gcc
[root@VM-0-17-centos ~]# wget https://npm.taobao.org/mirrors/node/v10.14.1/node-v10.14.1-linux-x64.tar.gz # 下载高版本的node
[root@VM-0-17-centos ~]# tar -xvf node-v10.14.1-linux-x64.tar.gz # 解压
[root@VM-0-17-centos ~]# mv node-v10.14.1-linux-x64 /usr/local/node
[root@VM-0-17-centos ~]# vim /etc/profile
export NODE_HOME=/usr/local/node
export PATH=$PATH:$NODE_HOME/bin:$PATH
export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH
[root@VM-0-17-centos ~]# source /etc/profile
[root@VM-0-17-centos ~]# ls /usr/local/node
bin CHANGELOG.md include lib LICENSE README.md share
[root@VM-0-17-centos ~]# source /etc/profile
[root@VM-0-17-centos ~]# node -v
v10.14.1
[root@VM-0-17-centos ~]# npm -v
6.4.1
浏览器访问
成功!!
搭建elasticsearch+kibana+logstash+filebeat相关推荐
- Docker安装部署ELK教程 (Elasticsearch+Kibana+Logstash+Filebeat)
ELK是由 Elasticsearch.Logstash和Kibana 三部分组件组成. Elasticsearch 是个开源分布式搜索引擎,它的特点有:分布式,零配置,自动发现,索引自动分片,索引副 ...
- Elasticsearch,Kibana,Logstash,NLog实现ASP.NET Core 分布式日志系统
Elasticsearch,Kibana,Logstash,NLog实现ASP.NET Core 分布式日志系统 原文:Elasticsearch,Kibana,Logstash,NLog实现ASP. ...
- ElasticSearch + Kibana + logstash+ik结合springboot代码实现,比较ES和传统Mysql查询效率
开发环境:Win10 开发环境:STS 概要:此篇文章主要是传统的Mysql查询和ES查询两种方式的效率比较,以及代码实现,另外使用logstash进行mysql数据的同步也可以直接理解为" ...
- Docker安装部署ELK教程 (Elasticsearch+Kibana+Logstash)
Elasticsearch 是个开源分布式搜索引擎,它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等. Logstash 是一个完全开 ...
- [基础服务-windows] [ELK] ElasticSearch + Kibana + Logstash 以及插件安装和配置
步骤/详情 一:下载 注意的是下载版本为免安装版.下载地址: https://www.elastic.co/cn/downloads/elasticsearch 笔者由于当前用的是JDK8选择的是 7 ...
- elasticsearch kibana,logstash 百度云盘下载
国内下载elasticsearch哪叫一个慢, 为了方便大家学习, 博主将下载好的包放到云盘. 官网下载地址:https://www.elastic.co/cn/downloads/elasticse ...
- Docker 部署ElasticSearch + Kibana
2.1 安装ElasticSearch 2.11 Windows安装 声明:JDK1.8 ,最低要求! ElasticSearch 客户端,界面工具!官网:Free and Open Search: ...
- Springboot/Springcloud整合ELK平台,(Filebeat方式)日志采集及管理(Elasticsearch+Logstash+Filebeat+Kibana)
前言 最近在搞一套完整的云原生框架,详见 spring-cloud-alibaba专栏,目前已经整合的log4j2,但是想要一套可以实时观察日志的系统,就想到了ELK,然后上一篇文章是socket异步 ...
- Elasticsearch Kibana Filebeat开启SSL通信
EFK搭建并开启TLS通信 搭建Elasticsearch & Kibana 安装docker 创建配置文件 执行步骤 Filebeat配置 搭建Elasticsearch & Kib ...
最新文章
- oracle解析xml字符串命名空间,XML命名空间
- linux 自学系列:wc命令
- linux mysql io压力大_MySQL性能调优(四) Linux 磁盘IO
- mysql中ifnull和hive中if函数的转换
- 牛客题霸 [平衡二叉树] C++题解/答案
- C语言应用笔记:C语言typedef关键字及其使用
- LeetCode 2202. K 次操作后最大化顶端元素
- AI 人工智能与半导体论坛:
- 2018 腾讯内部转岗面试题 1 —— 不用 sizeof 判断操作系统是 32 还是 64 位
- 获取TextView每行的内容 (涉及getLineCount为0,getLineEnd问题)
- 【数字信号调制】基于matlab GUI数字信号调制仿真平台【含Matlab源码 880期】
- 正确卸载IE8并恢复IE6的两种方法
- ★中国富豪掘第一桶金的九大方式 ★
- 几个 ICON 图标 网站
- 工作三年的Java程序员该如何规划后续的职业发展?
- 玩转oj之1003题(地球人口承载力估计)
- 青云科技成为开源 GitOps 产业联盟会员
- EWASM Gas Costs——gas 计算
- linux静默安装oracle11g数据库教程
- 书记员计算机打字速度要求,干货 | 书记员提升打字速度的要求