ELK集群的搭建和Elasticsearchd api的简单使用

Elasticsearchd的安装，具体的安装步骤很简单不过有些配置还是需要注意的，下面简单介绍下安装步骤

第一步：从官网下载最新的版本：elasticsearch-5.4.1_1，安装前先安装jdk8,elasticsearch是java开发的，解压到你想放的位置：修改配置文件，配置文件的位置：/usr/local/elasticsearch-5.4.1_1/config/elasticsearch.yml,因为为了安全elasticsearch不能用root用户启动，需要从新建立新的用户，并且给文件夹赋值权限给新用户，例如用户名叫elasticsearch,在root用户下chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-5.4.1_1然后修改一下系统的参数：

a.添加 /etc/security/limits.conf

* soft nofile 65536

* hard nofile 131072

* soft nproc 2048

* hard nproc 4096

b./etc/security/limits.d/90-nproc.conf

把soft nproc 1024这行的1024改大就行了。

c.vi /etc/sysctl.conf

添加下面配置：

vm.max_map_count=262144

d.并执行命令：

sysctl -p

E.修改elasticsearch.yml

cluster.name: es_test_1

bootstrap.memory_lock: false
bootstrap.system_call_filter: false
node.name: esc_test_node_1
http.enabled: true
node.master: true
node.data: true
// 文件的位置
path.logs: /path/to/logs
// 日志的位置
path.logs: /home/data/elasticsearch/log/

//这个要设置下不然外网无法访问
network.host: 193.168.6.87
http.port: 9201
transport.tcp.port: 9301

http.cors.enabled: true
http.cors.allow-origin: /.*/
http.cors.allow-credentials: true

// 这个是集群的配置单机不需要配置
discovery.zen.ping.unicast.hosts: ["x.x.x.x"]
// 2个节点
node.max_local_storage_nodes: 2

bin目录启动服务：./elasticsearch -d，看日志/home/data/elasticsearch/log/，如果日志正常就说明启动成功

常见错误

at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) ~[elasticsearch-5.4.1.jar:5.4.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:106) ~[elasticsearch-5.4.1.jar:5.4.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:194) ~[elasticsearch-5.4.1.jar:5.4.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:350) ~[elasticsearch-5.4.1.jar:5.4.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.1.jar:5.4.

正常启动日志：

[2017-08-20T15:56:07,031][INFO ][o.e.n.Node               ] [esc_test_node_1] JVM arguments [-Xms512m, -Xmx512m, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+DisableExplicitGC, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/usr/local/elasticsearch-5.4.1_1]
[2017-08-20T15:56:07,889][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [aggs-matrix-stats]
[2017-08-20T15:56:07,889][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [ingest-common]
[2017-08-20T15:56:07,889][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [lang-expression]
[2017-08-20T15:56:07,890][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [lang-groovy]
[2017-08-20T15:56:07,890][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [lang-mustache]
[2017-08-20T15:56:07,890][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [lang-painless]
[2017-08-20T15:56:07,890][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [percolator]
[2017-08-20T15:56:07,890][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [reindex]
[2017-08-20T15:56:07,890][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [transport-netty3]
[2017-08-20T15:56:07,890][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] loaded module [transport-netty4]
[2017-08-20T15:56:07,891][INFO ][o.e.p.PluginsService     ] [esc_test_node_1] no plugins loaded
[2017-08-20T15:56:09,451][INFO ][o.e.d.DiscoveryModule    ] [esc_test_node_1] using discovery type [zen]
[2017-08-20T15:56:10,205][INFO ][o.e.n.Node               ] [esc_test_node_1] initialized
[2017-08-20T15:56:10,205][INFO ][o.e.n.Node               ] [esc_test_node_1] starting ...
[2017-08-20T15:56:10,387][INFO ][o.e.t.TransportService   ] [esc_test_node_1] publish_address {192.168.6.87:9300}, bound_addresses {192.168.6.87:9300}
[2017-08-20T15:56:10,394][INFO ][o.e.b.BootstrapChecks    ] [esc_test_node_1] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
[2017-08-20T15:56:13,446][INFO ][o.e.c.s.ClusterService   ] [esc_test_node_1] new_master {esc_test_node_1}{xSFrf7feRD25YuwgtBeSLw}{G4byr3dMRc6T1QN_PRxxDQ}{192.168.6.87}{192.168.6.87:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2017-08-20T15:56:13,465][INFO ][o.e.h.n.Netty4HttpServerTransport] [esc_test_node_1] publish_address {192.168.6.87:9200}, bound_addresses {192.168.6.87:9200}
[2017-08-20T15:56:13,468][INFO ][o.e.n.Node               ] [esc_test_node_1] started
[2017-08-20T15:56:14,573][INFO ][o.e.g.GatewayService     ] [esc_test_node_1] recovered [11] indices into cluster_state

第二步:安装logstash，这个安装很简单，从官网下载最新的版本解压

创建一个输入输出文件sample.conf

input {
stdin {}
}
output {
elasticsearch {
hosts => ["192.168.6.87:9201"] }
stdout {
codec => rubydebug }
}

启动服务：



第三步安装kibana-5.1.1-linux-x86_64，修改配置文件/usr/local/kibana-5.1.1-linux-x86_64/config/kibana.yml,修改一下server.host: "192.168.x"，不然无法访问的通过外网，启动服务

[root@localhost bin]# ./kibana
log   [08:09:06.517] [info][status][plugin:kibana@5.1.1] Status changed from uninitialized to green - Ready
log   [08:09:06.593] [info][status][plugin:elasticsearch@5.1.1] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log   [08:09:06.625] [info][status][plugin:console@5.1.1] Status changed from uninitialized to green - Ready
log   [08:09:06.648] [warning] You're running Kibana 5.1.1 with some different versions of Elasticsearch. Update Kibana or Elasticsearch to the same version to prevent compatibility issues: v5.4.1 @ 192.168.6.87:9200 (192.168.6.87)
log   [08:09:06.657] [error][status][plugin:elasticsearch@5.1.1] Status changed from yellow to red - Elasticsearch is still initializing the kibana index.
log   [08:09:06.865] [info][status][plugin:timelion@5.1.1] Status changed from uninitialized to green - Ready
log   [08:09:06.871] [info][listening] Server running at http://192.168.6.87:5601 log   [08:09:06.872] [error][status][ui settings] Status changed from uninitialized to red - Elasticsearch plugin is red

浏览器里打开kibana,然后输入“星儿”



Elasticsearchd的使用实际很简单的，一切都是resful，用postman简单的做个例子，插入一条消息到elsearch中



可以获取的到



下次博客会比较详细的介绍下elsearch的用法