ELK操作手册----安装elasticssearch

将软件上传到服务器192.168.1.21上
$ cd /usr/local/src/
$ ls
elasticsearch-6.5.1.rpm jdk-8u191-linux-x64.rpm
准备硬盘用于存储日志数据
$ fdisk -l
$ fdisk /dev/sdb
$ fdisk -l
$ blkid /dev/sdb1
$ mkfs.xfs /dev/sdb1
$ blkid /dev/sdb1
$ vim /etc/fstab
UUID="15210161-83f7-48eb-8b79-40e94911a31b" /data xfs defaults 0 0
$ ount -a
$ reboot
安装配置elasticssearch
$ cd /usr/local/src/
$ yum -y install jdk-8u191-linux-x64.rpm
$ yum -y install elasticsearch-6.5.1.rpm
$ java -version
$ vim /etc/elasticsearch/elasticsearch.yml
cluster.name: elk-cluster
node.name: server21
path.data: /data/elasticsearch
path.logs: /data/log/elasticsearch
#bootstrap.memorylock: true #打开内存锁定后，服务可能无法启动
network.host: 192.168.1.21
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.1.21","192.168.1.22"]
$ grep "^[a-Z]" /etc/elasticsearch/elasticsearch.yml
$ vim /usr/lib/systemd/system/elasticsearch.service
LimitMEMLOCK=infinity
$ vim /etc/elasticsearch/jvm.options
-Xms3g #设置为内存的一半，都不要超过32G
-Xmx3g
$ mkdir -p /data/elasticsearch
$ mkdir -p /data/log/elasticsearch
$ chown elasticsearch.elasticsearch /data/elasticsearch/ /data/log/elasticsearch/
$ systemctl enable elasticsearch.service
$ systemctl start elasticsearch.service
$ ss -tnl #必须有9200和9300端口才表示启动成功
LISTEN 0 128 ::ffff:192.168.1.21:9200 :::
LISTEN 0 128 ::ffff:192.168.1.21:9300 :::
$ curl http://192.168.1.21:9200

安装head插件
$ yum -y install git
$ yum -y install npm
$ git clone git://github.com/mobz/elasticsearch-head.git
$ cd elasticsearch-head/
$ npm install grunt -save
$ npm install
$ npm run start &
$ vim /etc/elasticsearch/elasticsearch.yml
#在最下方添加
http.cors.enabled: true
http.cors.allow-origin: ""
$ systemctl restart elasticsearch
访问带插件的es
http://192.168.1.21:9100 (http://192.168.1.21:9200/---连接)