通过ELK快速搭建集中化日志平台(2)

groupadd elsearch                  #新建elsearch组
useradd elsearch -g elsearch -p elasticsearch  #新建一个elsearch用户
chown -R elsearch:elsearch  ./elasticsearch    #指定elasticsearch所属elsearch组

接下来我们默认启动就好了，什么也不用配置，然后在日志中大概可以看到开启了9200，9300端口。

[elsearch@slave1 bin]$ ./elasticsearch
[2017-11-28T17:19:36,893][INFO ][o.e.n.Node              ] [] initializing ...
[2017-11-28T17:19:36,973][INFO ][o.e.e.NodeEnvironment    ] [0bC8MSi] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [17.9gb], net total_space [27.6gb], spins? [unknown], types [rootfs]
[2017-11-28T17:19:36,974][INFO ][o.e.e.NodeEnvironment    ] [0bC8MSi] heap size [1.9gb], compressed ordinary object pointers [true]
[2017-11-28T17:19:36,982][INFO ][o.e.n.Node              ] node name [0bC8MSi] derived from node ID [0bC8MSi_SUywaqz_Zl-MFA]; set [node.name] to override
[2017-11-28T17:19:36,982][INFO ][o.e.n.Node              ] version[5.6.4], pid[12592], build[8bbedf5/2017-10-31T18:55:38.105Z], OS[Linux/3.10.0-327.el7.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_144/25.144-b01]
[2017-11-28T17:19:36,982][INFO ][o.e.n.Node              ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionSUSECanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/usr/myapp/elasticsearch]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [aggs-matrix-stats]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [ingest-common]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [lang-expression]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [lang-groovy]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [lang-mustache]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [lang-painless]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [parent-join]
[2017-11-28T17:19:37,780][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [percolator]
[2017-11-28T17:19:37,781][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [reindex]
[2017-11-28T17:19:37,781][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [transport-netty3]
[2017-11-28T17:19:37,781][INFO ][o.e.p.PluginsService    ] [0bC8MSi] loaded module [transport-netty4]
[2017-11-28T17:19:37,781][INFO ][o.e.p.PluginsService    ] [0bC8MSi] no plugins loaded
[2017-11-28T17:19:39,782][INFO ][o.e.d.DiscoveryModule    ] [0bC8MSi] using discovery type [zen]
[2017-11-28T17:19:40,409][INFO ][o.e.n.Node              ] initialized
[2017-11-28T17:19:40,409][INFO ][o.e.n.Node              ] [0bC8MSi] starting ...
[2017-11-28T17:19:40,539][INFO ][o.e.t.TransportService  ] [0bC8MSi] publish_address {192.168.23.151:9300}, bound_addresses {[::]:9300}
[2017-11-28T17:19:40,549][INFO ][o.e.b.BootstrapChecks    ] [0bC8MSi] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
[2017-11-28T17:19:43,638][INFO ][o.e.c.s.ClusterService  ] [0bC8MSi] new_master {0bC8MSi}{0bC8MSi_SUywaqz_Zl-MFA}{xcbC53RVSHajdLop7sdhpA}{192.168.23.151}{192.168.23.151:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2017-11-28T17:19:43,732][INFO ][o.e.h.n.Netty4HttpServerTransport] [0bC8MSi] publish_address {192.168.23.151:9200}, bound_addresses {[::]:9200}
[2017-11-28T17:19:43,733][INFO ][o.e.n.Node              ] [0bC8MSi] started
[2017-11-28T17:19:43,860][INFO ][o.e.g.GatewayService    ] [0bC8MSi] recovered [1] indices into cluster_state
[2017-11-28T17:19:44,035][INFO ][o.e.c.r.a.AllocationService] [0bC8MSi] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana][0]] ...]).

4. kibana

它的配置也非常简单，你需要在kibana.yml文件中指定一下你需要读取的elasticSearch地址和可供外网访问的bind地址就可以了。

[root@slave1 config]# pwd
/usr/myapp/kibana/config

[root@slave1 config]# vim kibana.yml

elasticsearch.url: "http://localhost:9200"
server.host: 0.0.0.0

然后就是启动，从日志中可以看出，当前开了5601端口。