ELK日志分析系统实战(一)安装和部署
2017-02-15 17:25
996 查看
http://www.iyunv.com/forum.php?mod=viewthread&tid=198268
1.系统概述
2、安装过程
安装java环境
3、获取最新版本
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.1.zip
解压缩
修改配置文件
原因:用户允许最大线程数首先
vi bin/elasticsearch
ulimit -u 2048 //仅供测试使用
vi bin/elasticsearch
添加如下配置项:
JAVA_HOME=”/export/servers/jdk1.8.0_60”
JAVA_OPTS=”“
JAVA_OPTS配置为空,是为了不受系统配置的环境变量的影响
配置
对于5.X,在config/jvm.options配置文件中,添加
#bootstrap.memory_lock: true
解决方法2:配置:/etc/security/limits.conf,
admin soft memlock unlimited
admin hard memlock unlimited
Your kernel does not support seccomp.
Elasticsearch attempts to utilize seccomp by default (via the setting bootstrap.system_call_filter).
Starting in 5.2.0, if you’re in production mode, bootstrap.system_call_filter is enabled, and initializing seccomp fails, then Elasticsearch will refuse to bootstrap.
You either have to migrate to a kernel that supports seccomp, or disable bootstrap.system_call_filter.
Centos6不支持SecComp,而ES5.2.0默认bootstrap.system_call_filter为true
禁用:在elasticsearch.yml中配置bootstrap.system_call_filter为false,注意要在Memory下面:
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
http.port: 9201
specify a custom plugins path via path.plugins has been removed.
configuration like the elasticsearch.yaml, in system properties or command line
arguments.
curl -XPUT ‘http://localhost:9200/_all/_settings?preserve_existing=true’ -d ‘{
“index.number_of_shards” : “3”
}’
curl -XPUT ‘http://localhost:9200/_all/_settings?preserve_existing=true’ -d ‘{
“index.mapper.dynamic” : “false”,
“index.translog.durability” : “async”,
“index.translog.sync_interval” : “30s”
}’
即以index开头的配置删除。
1.系统概述
2、安装过程
安装java环境
3、获取最新版本
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.2.1.zip
解压缩
修改配置文件
max number of threads [1024] for user [admin] is too low, increase to at least [2048]
原因:用户允许最大线程数首先vi bin/elasticsearch
ulimit -u 2048 //仅供测试使用
Warning: Ignoring JAVA_OPTS=…….
Please pass JVM parameters via ES_JAVA_OPTS insteadvi bin/elasticsearch
添加如下配置项:
JAVA_HOME=”/export/servers/jdk1.8.0_60”
JAVA_OPTS=”“
JAVA_OPTS配置为空,是为了不受系统配置的环境变量的影响
can not run elasticsearch as root
不能以root用户启动ES服务器。非要以root用户运行?配置
-Des.insecure.allow.root=true
对于5.X,在config/jvm.options配置文件中,添加
-Des.insecure.allow.root=true
内存锁定:
解决方法1:配置 config/elasticsearch.yml ,注释掉以下内容#bootstrap.memory_lock: true
解决方法2:配置:/etc/security/limits.conf,
admin soft memlock unlimited
admin hard memlock unlimited
system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk
Your kernel does not support seccomp.Elasticsearch attempts to utilize seccomp by default (via the setting bootstrap.system_call_filter).
Starting in 5.2.0, if you’re in production mode, bootstrap.system_call_filter is enabled, and initializing seccomp fails, then Elasticsearch will refuse to bootstrap.
You either have to migrate to a kernel that supports seccomp, or disable bootstrap.system_call_filter.
Centos6不支持SecComp,而ES5.2.0默认bootstrap.system_call_filter为true
禁用:在elasticsearch.yml中配置bootstrap.system_call_filter为false,注意要在Memory下面:
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
配置IP和http端口,TCP端口默认在HTTP端口上加100
network.host: 192.168.179.20http.port: 9201
path.conf is not a recognized option
之前的配置: –path.conf=ESCONF修改为:−Epath.conf={ES_CONF}unknown setting [path.plugins]
https://www.elastic.co/guide/en/elasticsearch/reference/5.0/breaking_50_plugins.html#_custom_plugins_pathspecify a custom plugins path via path.plugins has been removed.
node settings must not contain any index level settings
Since elasticsearch 5.x index level settings can NOT be set on the nodesconfiguration like the elasticsearch.yaml, in system properties or command line
arguments.
curl -XPUT ‘http://localhost:9200/_all/_settings?preserve_existing=true’ -d ‘{
“index.number_of_shards” : “3”
}’
curl -XPUT ‘http://localhost:9200/_all/_settings?preserve_existing=true’ -d ‘{
“index.mapper.dynamic” : “false”,
“index.translog.durability” : “async”,
“index.translog.sync_interval” : “30s”
}’
即以index开头的配置删除。
unknown setting [bootstrap.mlockall]
修改为: bootstrap.memory_lock: trueunknown setting [action.disable_delete_all_indices]
新配置:action.destructive_requires_name: true相关文章推荐
- ELK日志分析系统实战(一)安装和部署
- 集中式日志分析系统ELK安装部署
- centos7.2 安装部署ElkStack 5.0日志分析系统
- ELK日志分析系统搭建部署
- ELK 集中日志分析 windows部署实战
- ELK日志分析系统部署
- ELK 日志分析系统 安装
- ELK日志分析系统 介绍 安装配置
- 搭建ELK日志分析系统(三)-Logstash安装和使用
- ELK学习10_ELK系列--实时日志分析系统ELK 部署与运行中的问题汇总
- Linux部署ELK日志分析系统与简单测试
- linux 部署ELK 日志分析系统与简单测试
- ELK学习10_ELK系列--实时日志分析系统ELK 部署与运行中的问题汇总
- ELK日志分析系统部署
- Linux环境下安装部署AWStats日志分析系统实例
- Linux环境下安装部署AWStats日志分析系统实例
- Linux环境下安装部署AWStats日志分析系统实例
- ELK系列--实时日志分析系统ELK 部署与运行中的问题汇总
- 搭建ELK日志分析系统(一)-Elasticsearch安装
- 开源日志分析系统ELK平台搭建部署