正文

elk部署详解--elasticsearch

luoyan01  luoyan01  2023-01-04  589

关键词：

#Elasticsearch 是一个实时的分布式搜索和分析引擎，它可以用于全文搜索，结构化搜索以及分析。它是一个建立在全文搜索引擎 Apache Lucene 基础上的搜索引擎，使用 Java 语言编写。

elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#配置es的集群名称，默认是elasticsearch，es会自动发现在同一网段下的es，如果在同一网段下有多个集群，就可以用这个属性来区分不同的集群。
cluster.name: ELK
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#节点名
node.name: Jarvis

#新添加的集群设置，指定该节点是否有资格被选举成为node，默认是true，es是默认集群中的第一台机器为master，如果这台机挂了就会重新选举master。
#node.master: true

#指定该节点是否存储索引数据，默认为true
#node.data: true
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#设置索引数据的存储路径，默认是es根目录下的data文件夹，可以设置多个存储路径，用逗号隔开，例：
path.data: /var/lib/elasticsearch, /var/lib/elasticsearch1
#
# Path to log files:
#设置日志所存位置
path.logs: /var/log/elasticsearch
#
#index.number_of_shards: 5 #shard的数目

#index.number_of_replicas: 3 #数据副本的数目

# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#设置为true来锁住内存。因为当jvm开始swapping时es的效率会降低，所以要保证它不swap，
#可以把ES_MIN_MEM和ES_MAX_MEM两个环境变量设置成同一个值，并且保证机器有足够的内存分配给es。
#同时也要允许elasticsearch的进程可以锁住内存，linux下可以通过`ulimit -l unlimited`命令。

bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#设置绑定的IP地址，最好设置为0.0.0.0方便通信。
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#端口默认9200
http.port: 9200

#transport.tcp.port: 9300
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#设置集群中master节点的初始列表，可以通过这些节点来自动发现新加入集群的节点。
discovery.zen.ping.unicast.hosts: ["0.0.0.0:9300","0.0.0.0:9301","0.0.0.0:9302"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#设置这个参数来保证集群中的节点可以知道其它N个有master资格的节点。默认为1，对于大的集群来说，可以设置大一点的值（2-4）
discovery.zen.minimum_master_nodes: 1

#discovery.zen.ping.timeout: 120s #设置集群中自动发现其他节点时ping连接的超时时间

#discovery.zen.ping.multicast.enabled: true #设置是否打开多播发现节点
#
# For more information, consult the zen discovery module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
http.cors.enabled: true
http.cors.allow-origin: "*"
#http.cors.allow-headers: Authorization,Content-Type
#xpack认证，设置为false
xpack.security.enabled: false
#action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
#es默认创建的索引，以下配置是所有
action.auto_create_index: +*

jvm.options

## JVM configuration

################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space

-Xms1g
-Xmx1g

################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don‘t tamper with them unless
## you understand what you are doing
##
################################################################

## GC configuration
-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75
-XX:+UseCMSInitiatingOccupancyOnly

## optimizations

# pre-touch memory pages used by the JVM during initialization
-XX:+AlwaysPreTouch

## basic

# explicitly set the stack size
-Xss1m

# set to headless, just in case
-Djava.awt.headless=true

# ensure UTF-8 encoding by default (e.g. filenames)
-Dfile.encoding=UTF-8

# use our provided JNA always versus the system one
-Djna.nosys=true

# turn off a JDK optimization that throws away stack traces for common
# exceptions because stack traces are important for debugging
-XX:-OmitStackTraceInFastThrow

# flags to configure Netty
-Dio.netty.noUnsafe=true
-Dio.netty.noKeySetOptimization=true
-Dio.netty.recycler.maxCapacityPerThread=0

# log4j 2
-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true

-Djava.io.tmpdir=$ES_TMPDIR

## heap dumps

# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError

# specify an alternative path for heap dumps
# ensure the directory exists and has sufficient space
-XX:HeapDumpPath=/var/lib/elasticsearch

## JDK 8 GC logging

8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:/var/log/elasticsearch/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m

# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise
# time/date parsing will break in an incompatible way for some date patterns and locals
9-:-Djava.locale.providers=COMPAT

elk企业级日志分析系统（elasticsearchlogstash和kiabana详解）(代码片段)

...使用ELK3、完整日志系统基本特征4、ELK的工作原理二、ELKElasticsearch集群部署（在Node1、Node2节点上操作）1．环境准备2．部署Elasticsearch软件3．安装Elasticsearch-head插件三、ELKLogstash部署（在Ap 查看详情

linux12elk--＞02elasticsearch部署(代码片段)

文章目录ELKElasticsearch部署ElasticSearch一、ELK部署1、环境准备2、优化3、下载安装包4、设置elastcsearch内存锁定5、修改elastcsearch内存大小6、修复elastcsearch配置文件（单台测试）7、启动服务二、安装集群head插件1、docker安装2... 查看详情

elk部署步骤最后filebeat+elk

ELK结构ELK由ElasticSearch、Logstash、Kiabana组成。ElasticSearchLogstashKiabana补充Elasticsearch集群部署一、环境准备（在Node1、Node2节点上操作，只展示node1）更改node节点主机名配置域名解析安装java二、部署Elasticsearch软件安装软件... 查看详情

elk部署步骤最后filebeat+elk

elk中的elasticsearch集群的部署

本文内容背景ES集群中第一个master节点ESslave节点本文总结Elasticsearch（以下简称ES）搭建集群的经验。以Elasticsearch-rtf-2.2.1版本为例。我搭过三个集群：研究ELK时搭了一个；测试环境搭了一个；生产环境搭了一个。回想起来，搭建... 查看详情

日志分析系统elk之elasticsearch(代码片段)

Elasticsearch什么是ELKElasticsearchElasticsearch基础模块elasticsearch应用场景Elasticsearch单节点部署Elasticsearch集群的部署集群简介elasticsearch节点角色集群部署可视化工具cerebro可视化工具elasticsearch-head插件索引、分片和副本Elasticsearch节点优... 查看详情

日志分析系统elk之elasticsearch(代码片段)

elk实时日志分部署(代码片段)

ELK简介“ELK”是三个开源项目的首字母缩写：Elasticsearch，Logstash和Kibana。Elasticsearch是一个搜索和分析引擎。Logstash是一个服务器端数据处理管道，它同时从多个源中提取数据，对其进行转换，然后将其发送到像Elasticsearch这样的... 查看详情

elk部署详解--filebeat

filebeat.yml######################FilebeatConfigurationExample##########################Thisfileisanexampleconfigurationfilehighlightingonlythemostcommon#options.Thefilebeat.reference.ymlfilefromthesa 查看详情

elk部署elk+filebeat日志收集分析系统(代码片段)

说明：此安装流程只适用于8.0.0以下的版本1.ElasticSearch部署1.1下载ElasticSearch的wget指令：wgethttps://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.13.4-linux-x86_64.tar.gz1.2解压安装包到指定目录指定解压缩到/usr/ 查看详情

elk部署详解--kibana

kibana.yml#Kibanaisservedbyabackendserver.Thissettingspecifiestheporttouse.#端口server.port:5601#SpecifiestheaddresstowhichtheKibanaserverwillbind.IPaddressesandhostnamesarebothvalidvalues.#Thedefaultis 查看详情

elk日志分析平台部署实录

[[email protected]~]#rpm--importhttps://artifacts.elastic.co/GPG-KEY-elasticsearch[[email protected]~]#vim/etc/yum.repos.d/elasticsearch.repo[elasticsearch-5.x]name=Elasticsearchrepositoryfo 查看详情

elk部署详解--logstash

logstash.yml#SettingsfileinYAML##Settingscanbespecifiedeitherinhierarchicalform,e.g.:##pipeline:#batch:#size:125#delay:5##Orasflatkeys:##pipeline.batch.size:125#pipeline.batch.delay:5##------------Nod 查看详情

elk进阶部署

虚拟机两台：192.168.1.42192.168.1.46系统环境保持一致：cat/etc/redhat-releaseuname-a elk准备环境保持一致：elasticsearch安装：下载并安装GPGkeyrpm--importhttps://packages.elastic.co/GPG-KEY-elasticsearch添加yum源：安装elasticsearc 查看详情

centos8部署elk日志分析平台(代码片段)

...部署ELK平台ELK介绍ELK是三个开源软件的缩写，分别表示：Elasticsearch,Logstash,Kibana,它们都是开源软件。新增了一个FileBeat，它是一个轻量级的日志收集处理工具(Agent)，Filebeat占用资源少，适合于在各个服务器上搜集日志后传输给Logs... 查看详情

elk日志分析系统（理论+部署）(代码片段)

...全性集中存放日志缺陷对日志的分析困难ELK日志分析系统ElasticsearchLogstashKibana日志处理步骤将日志进行集中化管理将日志格式化(Logstash)并输出到Elasticsearch对格式化后的数据进行索弓|和存储(Elasticsearch)前端数据的展示(Kibana)Elastic... 查看详情

elk部署实施

ELK核心组成简介![]1.2、核心组成ELK由Elasticsearch、Logstash和Kibana三部分组件组成；Elasticsearch是个开源分布式搜索引擎，它的特点有：分布式，零配置，自动发现，索引自动分片，索引副本机制，restful风格接口，多数据源，自动搜... 查看详情

elasticsearch（elk）集群环境部署(代码片段)

...、概述二、准备1）机器环境准备2）创建elsearch用户三、elasticsearch部署1）下载并安装2）修改配置文件以支持集群四、启动出现的问题及解决方案1）JDK版本过低2）配置过低3）JVM内存大小指定太大，但本机内存不够用五、安装elast... 查看详情