2. 技术博客
  3. 搭建elasticsearch+kibana+logstash+filebeat

搭建elasticsearch+kibana+logstash+filebeat

tech2026-02-22  1
由于资源有限,所以我暂时将elk部署在同一台主机,生产环境可以部署在多台主机上,只需要多台主机可以相互连通

elk原理

下载资源

elastic中文官网

环境准备

# 关闭防火墙和selinux [root@VM-0-17-centos ~]# systemctl stop firewalld [root@VM-0-17-centos ~]# systemctl disable firewalld [root@VM-0-17-centos ~]# vim /etc/sysconfig/selinux SELINUX=disabled [root@VM-0-17-centos ~]# getenforce Disabled # 下载软件包 [root@VM-0-17-centos ~]# mkdir /elk [root@VM-0-17-centos ~]# cd /elk [root@VM-0-17-centos elk]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.9.0-linux-x86_64.tar.gz # 下载极其慢,建议下载国内镜像站华为云等的elasticsearch ## 可以执行以下命令: [root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/elasticsearch/7.8.0/elasticsearch-7.8.0-linux-x86_64.tar.gz [root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/kibana/7.8.0/kibana-7.8.0-linux-x86_64.tar.gz [root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/logstash/7.8.0/logstash-7.8.0.tar.gz [root@VM-0-17-centos elk]# wget https://mirrors.huaweicloud.com/filebeat/7.8.0/filebeat-7.8.0-linux-x86_64.tar.gz [root@VM-0-17-centos elk]# ls elasticsearch-7.9.0-linux-x86_64.tar.gz kibana-7.9.0-linux-x86_64.tar.gz filebeat-7.9.0-linux-x86_64.tar.gz logstash-7.9.0.tar.gz

安装部署 Elasticsearch

# 解压软件包 [root@VM-0-17-centos elk]# tar -xf elasticsearch-7.9.0-linux-x86_64.tar.gz -C /usr/local/ [root@VM-0-17-centos elk]# cd /usr/local/elasticsearch-7.9.0/ # 修改yml格式的配置文件 [root@VM-0-17-centos elasticsearch-7.9.0]# vim config/elasticsearch.yml 23 node.name: node-1 # 节点名称 33 path.data: /DATA/elasticsearch/esdata 37 path.logs: /DATA/elasticsearch/eslogs 43 bootstrap.memory_lock: true 44 bootstrap.system_call_filter: false 55 network.host: 0.0.0.0 # 允许外部ip访问 60 http.port: 9200 61 http.cors.enabled: true 62 http.cors.allow-origin: "*" 63 xpack.security.enabled: false 64 xpack.monitoring.enabled: true 65 xpack.monitoring.collection.cluster.stats.timeout: 10s 66 indices.memory.index_buffer_size: 30% 67 indices.recovery.max_bytes_per_sec: 10000mb 68 indices.fielddata.cache.size: 30% 69 indices.breaker.fielddata.limit: 35% 70 indices.breaker.request.limit: 20% 71 indices.breaker.total.limit: 55% 72 cluster.initial_master_nodes: ["node-1"] # 设置集群初始主节点 # 新建用户并赋权 ES为了安全考虑不允许使用root用户启动ElasticSearch,所以需要新建一个普通用户启动程序。 [root@VM-0-17-centos ~]# useradd es # 创建es用户 [root@VM-0-17-centos ~]# passwd es # 给es用户设置密码,此处密码为es Changing password for user es. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. # 将对应的文件夹的权限赋给es用户 [root@VM-0-17-centos ~]# chown -R es /usr/local/elasticsearch-7.9.0/ [root@VM-0-17-centos ~]# mkdir -p /DATA/elasticsearch/{esdata,eslogs} [root@VM-0-17-centos ~]# chown -R es /DATA/elasticsearch # 在es用户下启动 [root@VM-0-17-centos ~]# su - es Last failed login: Wed Sep 2 02:22:39 CST 2020 from 106.52.119.75 on ssh:notty There were 8 failed login attempts since the last successful login. [es@VM-0-17-centos ~]$ cd /usr/local/elasticsearch-7.9.0/ [es@VM-0-17-centos elasticsearch-7.9.0]$ ./bin/elasticsearch -d # 在后台启动 [root@VM-0-17-centos ~]# ss -nutlp | grep 9200 tcp LISTEN 0 128 [::]:9200 [::]:* users:(("java",pid=32065,fd=249))

防火墙策略

[root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=9200/tcp success [root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=9200/udp success [root@VM-0-17-centos ~]# firewall-cmd --reload success

报错解决

------------------------------------------------------------------------------------------------------------ ERROR: [3] bootstrap checks failed [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535] [2]: max number of threads [3795] for user [es] is too low, increase to at least [4096] [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144] [4]:什么都不报,在执行启动之后迅速failed [5]:error: OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000e0000000, 536870912, 0) failed; error='Not enough space' (errno=12) [6]:failed to obtain node locks 解决: 需切换到root用户解决错误: # 切换到 root 用户 [es@localhost elasticsearch-7.8.0]$ su root [1][2] 的解决方法: # 修改 /etc/security/limits.conf 文件 [root@VM-0-17-centos ~]# vim /etc/security/limits.conf # 添加以下四行 * soft nofile 65536 * hard nofile 131072 * soft nproc 2048 * hard nproc 4096 [3] 的解决方法: # 修改 /etc/sysctl.conf 文件 [root@VM-0-17-centos ~]# vim /etc/sysctl.conf # 添加下面一行 vm.max_map_count=655360 # 执行命令 [root@VM-0-17-centos ~]# sysctl -p net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 net.ipv4.conf.all.promote_secondaries = 1 net.ipv4.conf.default.promote_secondaries = 1 net.ipv6.neigh.default.gc_thresh3 = 4096 net.ipv4.neigh.default.gc_thresh3 = 4096 kernel.softlockup_panic = 1 kernel.sysrq = 1 net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0 kernel.numa_balancing = 0 kernel.shmmax = 68719476736 kernel.printk = 5 vm.max_map_count = 655360 切换到用户 es 重新启动程序就可以了。 [4]的解决办法: 原本执行: [es@VM-0-17-centos ~]$ cd /usr/local/elasticsearch-7.9.0/bin/ [es@VM-0-17-centos bin]$ ./elasticsearch Killed # 虚拟机占用堆内存大小问题 # 做集群的时候可能内存不够, vim jvm.options,生产环境下仍要有1G 解决: [es@VM-0-17-centos bin]$ cd .. [es@VM-0-17-centos elasticsearch-7.9.0]$ vim config/jvm.options 22 -Xms512m 23 -Xmx512m [5]的解决办法: # 创建交换空间 [root@VM-0-17-centos ~]# free -m total used free shared buff/cache available Mem: 1838 1389 88 1 360 293 Swap: 0 0 0 [root@VM-0-17-centos ~]# dd if=/dev/zero of=swapfile bs=1024 count=5000000 # count=空间大小 of空间名字 5000000+0 records in 5000000+0 records out 5120000000 bytes (5.1 GB) copied, 45.4506 s, 113 MB/s [root@VM-0-17-centos ~]# mkswap swapfile # 将swapfile设置为swap空间 Setting up swapspace version 1, size = 4999996 KiB no label, UUID=9bbf462e-0101-47ae-9ffb-6118c2615427 [root@VM-0-17-centos ~]# swapon swapfile # 启用交换空间,这个操作有点类似于mount操作 swapon: /root/swapfile: insecure permissions 0644, 0600 suggested. [root@VM-0-17-centos ~]# free -m # 使用free命令查看swap空间大小是否发生变化 total used free shared buff/cache available Mem: 1838 1286 68 0 482 392 Swap: 4882 0 4882 [6]的解决办法: # 可以简单理解为绑定节点失败 解决: [root@VM-0-17-centos ~]# ps aux | grep elastic # 查看进程 [root@VM-0-17-centos ~]# kill -9 29109 [es@VM-0-17-centos ~]$ cd /usr/local/elasticsearch-7.9.0/bin/ [es@VM-0-17-centos bin]$ ./elasticsearch -d

浏览器访问

安装部署kibana

[root@VM-0-17-centos ~]# cd /elk/ [root@VM-0-17-centos elk]# ls elasticsearch-7.9.0-linux-x86_64.tar.gz kibana-7.9.0-linux-x86_64.tar.gz filebeat-7.9.0-linux-x86_64.tar.gz logstash-7.9.0.tar.gz [root@VM-0-17-centos elk]# tar -xf kibana-7.9.0-linux-x86_64.tar.gz -C /usr/local/ [root@VM-0-17-centos elk]# cd /usr/local/kibana-7.9.0-linux-x86_64/ [root@VM-0-17-centos kibana-7.9.0-linux-x86_64]# vim config/kibana.yml 2 server.port: 5601 # 服务端口 7 server.host: "0.0.0.0" # 服务器的ip,此处为本机 28 elasticsearch.hosts: ["http://localhost:9200"] # Elasticsearch 服务地址 115 i18n.locale: "zh-CN" # 授权并切换用户 给 es 用户授予 kibana 目录的权限。 [root@VM-0-17-centos ~]# chown -R es /usr/local/kibana-7.9.0-linux-x86_64/ [root@VM-0-17-centos ~]# su - es # 启动 Kibana 注意:启动 Kibana 之前需要先启动 Elasticsearch 需要先配置防火墙打开5601端口: [root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=5601/tcp success [root@VM-0-17-centos ~]# firewall-cmd --permanent --add-port=5601/udp success [root@VM-0-17-centos ~]# firewall-cmd --reload success # 启动kibana [es@VM-0-17-centos ~]$ cd /usr/local/kibana-7.9.0-linux-x86_64/ [es@VM-0-17-centos kibana-7.9.0-linux-x86_64]$ ./bin/kibana # 前台启动 [es@VM-0-17-centos kibana-7.9.0-linux-x86_64]$ nohup ./bin/kibana & # 后台启动 [1] 3284 [es@VM-0-17-centos kibana-7.9.0-linux-x86_64]$ nohup: ignoring input and appending output to ‘nohup.out’ # 出现此行代表忽略输入输出,将信息化信息记录到nohup.out文件中。敲击回车,就退出了nohup.out当前的界面,进入正常的命令行 [root@VM-0-17-centos ~]# ss -nutlp | grep 5601 # 查看端口 tcp LISTEN 0 128 *:5601 *:* users:(("node",pid=3284,fd=18))

浏览器访问

安装部署logstash

[root@VM-0-17-centos ~]# mkdir /DATA/logstash [root@VM-0-17-centos ~]# chown -R es /DATA/logstash [root@VM-0-17-centos ~]# cd /elk/ [root@VM-0-17-centos elk]# tar -xf logstash-7.9.0.tar.gz -C /usr/local/ [root@VM-0-17-centos elk]# cd /usr/local/logstash-7.9.0/ [root@VM-0-17-centos logstash-7.9.0]# vim config/logstash.yml 28 path.data: /DATA/logstash 73 path.config: /usr/local/logstash-7.9.0/config/* 118 http.host: "0.0.0.0" 241 path.logs: /usr/local/logstash-7.9.0/log [root@VM-0-17-centos logstash-7.9.0]# cp config/logstash-sample.conf config/logstash-es.conf [root@VM-0-17-centos logstash-7.9.0]# vim config/logstash-es.conf input { # input输入源配置 tcp { # 使用tcp输入源 port => 9601 # 服务器监听端口9061接收日志,默认ip localhost codec => json_lines # 使用json解析日志 需要安装json解析插件 } } output { # output 数据输出配置 elasticsearch { # 使用elasticsearch接收 hosts => ["http://localhost:9200"] # 集群地址 多个用逗号隔开 #user => "elastic" #password => "changeme" } stdout { codec => rubydebug # 输出到命令窗口 } } # 安装插件 由于国内无法访问默认的gem source,需要将gem source改为国内的源。 [root@VM-0-17-centos logstash-7.9.0]vim Gemfile source "https://ruby.taobao.org" # 如果报错Could not fetch specs from http://ruby.taobao.org/,则将源改成如下: source "https://gems.ruby-china.com/" [root@VM-0-17-centos logstash-7.9.0]# ./bin/logstash-plugin install --no-verify logstash-codec-json_lines OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N Installing logstash-codec-json_lines Installation successful # 启动 [root@VM-0-17-centos logstash-7.9.0]# nohup ./bin/logstash -f ./config/logstash-es.conf & # 后台启动 [1] 8206 [root@VM-0-17-centos logstash-7.9.0]# nohup: ignoring input and appending output to ‘nohup.out’ nohup: ignoring input and appending output to ‘nohup.out’ [root@VM-0-17-centos logstash-7.9.0]# cd config/ [root@VM-0-17-centos config]# vim test.conf input { beats { port => 5044 } } output{ stdout { codec => rubydebug } } [root@VM-0-17-centos config]# cd - /usr/local/logstash-7.9.0 [root@VM-0-17-centos logstash-7.9.0]# ./bin/logstash -f config/test.conf [root@VM-0-17-centos logstash-7.9.0]# cd bin [root@VM-0-17-centos bin]# ./logstash -f /usr/local/logstash-7.9.0/config/test.conf --path.data=/logdata/filebeat & [1] 25582 成功部署后logstash就能成功输出日志信息了 ------------------------------------------------------------------------------------------------------------ 其他相关操作: 测试filebeat启动后,查看相关输出信息: ./filebeat -e -c filebeat.yml -d "publish" 后台方式启动filebeat: ./filebeat -e -c filebeat.yml >/dev/null 2>&1 & 将所有标准输出及标准错误输出到/dev/null空设备,即没有任何输出 ./filebeat -e -c filebeat.yml > filebeat.log & 停止filebeat:查找进程ID并kill掉: ps -ef |grep filebeat<br>kill -9 进程号

安装filebeat

注释:在inputs中配置了两个目录的.log文件,在output中也配置了两个会在es中产生的index

[root@VM-0-17-centos ~]# cd /elk/ [root@VM-0-17-centos elk]# tar -xf filebeat-7.9.0-linux-x86_64.tar.gz -C /usr/local/ [root@VM-0-17-centos elk]# cd /usr/local/filebeat-7.9.0-linux-x86_64/ [root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# vim filebeat.yml 15 filebeat.inputs: 16 - type: log 17 enabled: true 18 paths: 19 - /usr/local/nginx/logs/*.log 146 # ---------------------------- Elasticsearch Output ---------------------------- 147 #output.elasticsearch: 148 # Array of hosts to connect to. 149 # hosts: ["localhost:9200"] 159 # ------------------------------ Logstash Output ------------------------------- 160 output.logstash: 161 # The Logstash hosts 162 hosts: ["localhost:5044"] [root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# nohup ./filebeat -e -c filebeat.yml & [1] 11733 [root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# nohup: ignoring input and appending output to ‘nohup.out’ [root@VM-0-17-centos filebeat-7.9.0-linux-x86_64]# ps -elf | grep filebeat 0 S root 11733 7222 0 80 0 - 228233 futex_ 09:06 pts/0 00:00:00 ./filebeat -e -c filebeat.yml 0 S root 12434 7222 0 80 0 - 28203 pipe_w 09:09 pts/0 00:00:00 grep --color=auto filebeat 13 # ============================== Filebeat inputs =============================== 14 15 filebeat.inputs: 16 - type: log 17 enabled: true 18 paths: 19 - /var/log/test.log 20 multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Exception|^Caused by' 21 multiline.negate: false 22 max_lines: 20 23 multiline.match: after 24 document_type: "osquery" 25 tags: ["osquery"] 26 fields: 27 type: 'osquery' 28 29 - type: log 30 enabled: true 31 paths: 32 - /var/log/ida/ida-restful-api/*.log 33 multiline.pattern: '^[[:space:]]+(at|\.{3})\b|^Exception|^Caused by' 34 multiline.negate: false 35 max_lines: 20 36 multiline.match: after 37 document_type: "restful" 38 tags: ["restful"] 39 fields: 40 type: 'restful' 123 # ---------------------------- Elasticsearch Output ---------------------------- 124 output.elasticsearch: 125 hosts: ["localhost:9200"] 126 indices: 127 - index: "osquery-%{+yyyy.MM.dd}" 128 when.equals: 129 fields.type: "osquery" 130 - index: "restful-%{+yyyy.MM.dd}" 131 when.equals: 132 fields.type: "restful"

安装elasticsearch-head插件

# 安装nodejs [root@VM-0-17-centos ~]# wget https://npm.taobao.org/mirrors/node/latest-v7.x/node-v7.9.0.tar.gz [root@VM-0-17-centos ~]# tar -xf node-v7.9.0.tar.gz [root@VM-0-17-centos ~]# cd node-v7.9.0/ [root@VM-0-17-centos node-v7.9.0]# ./configure --prefix=/usr/local/node [root@VM-0-17-centos node-v7.9.0]# make && make install [root@VM-0-17-centos ~]# vim /etc/profile export NODE_HOME=/usr/local/node export PATH=$PATH:$NODE_HOME/bin:$PATH export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH [root@VM-0-17-centos ~]# source /etc/profile [root@VM-0-17-centos node-v7.9.0]# node -v v7.9.0 [root@VM-0-17-centos node-v7.9.0]# npm -v 4.2.0 # 下载elasticsearch-head [root@VM-0-17-centos ~]# git clone https://github.com/mobz/elasticsearch-head.git [root@VM-0-17-centos ~]# cd elasticsearch-head/ [root@VM-0-17-centos elasticsearch-head]# npm install [root@VM-0-17-centos elasticsearch-head]# vim Gruntfile.js 97 hostname: '0.0.0.0', # 修改es主机地址 [root@VM-0-17-centos elasticsearch-head]# vim ./_site/app.js 4371 init: function(parent) { 4372 this._super(); 4373 this.prefs = services.Preferences.instance(); 4374 this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://localhost:9200"; # 修改为es主机的地址,此处我是本机,所以不做修改 # 后台启动 [root@VM-0-17-centos elasticsearch-head]# nohup ./node_modules/grunt/bin/grunt server & [1] 743 [root@VM-0-17-centos elasticsearch-head]# nohup: ignoring input and appending output to ‘nohup.out’

访问浏览器

排错

# 如果访问页面出现集群健康值:未连接,可以进行如下操作 [root@VM-0-17-centos ~]# vim /usr/local/elasticsearch-7.9.0/config/elasticsearch.yml # 在文件的末尾添加 http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE http.cors.allow-headers: "X-Requested-With, Content-Type, Content-Length, X-User" [es@VM-0-17-centos ~]$ /usr/local/elasticsearch-7.9.0/bin/elasticsearch -d # 后台重启 或者最简单的办法,把es的ip由localhost改为ip本机

# 集群健康值为yellow状态的解决办法 正常情况下,Elasticsearch 集群健康状态分为三种: green 最健康得状态,说明所有的分片包括备份都可用; 这种情况Elasticsearch集群所有的主分片和副本分片都已分配, Elasticsearch集群是 100% 可用的。 yellow 基本的分片可用,但是备份不可用(或者是没有备份); 这种情况Elasticsearch集群所有的主分片已经分片了,但至少还有一个副本是缺失的。不会有数据丢失,所以搜索结果依然是完整的。不过,你的高可用性在某种程度上被弱化。如果 更多的 分片消失,你就会丢数据了。把 yellow 想象成一个需要及时调查的警告。 red 部分的分片可用,表明分片有一部分损坏。此时执行查询部分数据仍然可以查到,遇到这种情况,还是赶快解决比较好; 这种情况Elasticsearch集群至少一个主分片(以及它的全部副本)都在缺失中。这意味着你在缺少数据:搜索只能返回部分数据,而分配到这个分片上的写入请求会返回一个异常。 Elasticsearch 集群不健康时的排查思路 -> 首先确保 es 主节点最先启动,随后启动数据节点; -> 允许 selinux(非必要),关闭 iptables; -> 确保数据节点的elasticsearch配置文件正确; -> 系统最大打开文件描述符数是否够用; -> elasticsearch设置的内存是否够用 ("ES_HEAP_SIZE"内存设置 和 "indices.fielddata.cache.size"上限设置); -> elasticsearch的索引数量暴增 , 删除一部分索引(尤其是不需要的索引); [root@VM-0-17-centos ~]# curl http://localhost:9200/_cluster/health?pretty { "cluster_name" : "elasticsearch", # 集群名 "status" : "yellow", # 集群健康状态,正常的话是“green”,缺少副本分片为“yellow”,缺少主分片为“red” "timed_out" : false, "number_of_nodes" : 1, # 集群节点数 "number_of_data_nodes" : 1, # 数据节点数 "active_primary_shards" : 1, # 主分片数 "active_shards" : 1, # 可用的分片数 "relocating_shards" : 0, # 正在迁移的分片数 "initializing_shards" : 0, # 正在初始化的分片数 "unassigned_shards" : 1, # 未分配的分片,但在集群中存在 "delayed_unassigned_shards" : 0, # 延时待分配到具体节点上的分片数 "number_of_pending_tasks" : 0, # 待处理的任务数,指主节点创建索引并分配 "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 50.0 # 可用分片数占总分片的比例 } [root@VM-0-17-centos ~]# curl -XGET http://localhost:9200/_cat/indices\?v health status index uuid pri rep docs.count docs.deleted store.size pri.store.size yellow open .kibana ixYbdO9ARHmTtCx6FgaP2Q 1 1 2 0 8.2kb 8.2kb 解决办法: 添加请求头 [root@VM-0-17-centos ~]# curl -H "Content-Type: application/json" -XPUT localhost:9200/_settings -d '{ "index" : { "number_of_replicas" : 0 } }' {"acknowledged":true} [root@VM-0-17-centos ~]# curl -XGET http://localhost:9200/_cat/indices\?v health status index uuid pri rep docs.count docs.deleted store.size pri.store.size green open .kibana ixYbdO9ARHmTtCx6FgaP2Q 1 0 2 0 8.2kb 8.2kb [root@VM-0-17-centos ~]# curl http://localhost:9200/_cluster/health?pretty { "cluster_name" : "elasticsearch", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "active_primary_shards" : 1, "active_shards" : 1, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 }

# 如果curl访问9200端口可以访问但9100端口无法访问,可以进行如下操作: [root@VM-0-17-centos ~]# curl -get localhost:9200 { "name" : "node-1", "cluster_name" : "elasticsearch", "cluster_uuid" : "yaYvP4NyQiSX-jIBPCLvaA", "version" : { "number" : "7.9.0", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "a479a2a7fce0389512d6a9361301708b92dff667", "build_date" : "2020-08-11T21:36:48.204330Z", "build_snapshot" : false, "lucene_version" : "8.6.0", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" } [root@VM-0-17-centos ~]# curl http://localhost:9200/_cluster/health?pretty { "cluster_name" : "elasticsearch", "status" : "green", "timed_out" : false, "number_of_nodes" : 1, "number_of_data_nodes" : 1, "active_primary_shards" : 9, "active_shards" : 9, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 } 但在浏览器访问ip:9100被拒绝,解决: [root@VM-0-17-centos ~]# vim /usr/local/elasticsearch-7.9.0/config/elasticsearch.yml network.host: 172.17.0.17 # 将此行改为本机的ip,如果是云服务器,建议改成云服务器的内网ip,否则可能会出现Cannot assign requested address [es@VM-0-17-centos ~]$ /usr/local/elasticsearch-7.9.0/bin/elasticsearch -d # 重启 [root@VM-0-17-centos ~]# ss -nutlp | grep 9200 tcp LISTEN 0 128 [::ffff:172.17.0.17]:9200 [::]:* users:(("java",pid=9558,fd=251)) 也可能会出现如下问题: [root@VM-0-17-centos elasticsearch-head]# nohup ./node_modules/grunt/bin/grunt server & [4] 14409 [root@VM-0-17-centos elasticsearch-head]# nohup: ignoring input and appending output to ‘nohup.out’ [Exit]....... /root/node_modules/chalk/source/index.js:106 ...styles, ^^^ SyntaxError: Unexpected token ... at createScript (vm.js:53:10) at Object.runInThisContext (vm.js:95:10) at Module._compile (module.js:543:28) at Object.Module._extensions..js (module.js:580:10) at Module.load (module.js:488:32) at tryModuleLoad (module.js:447:12) at Function.Module._load (module.js:439:3) at Module.require (module.js:498:17) at require (internal/module.js:20:19) at Object.<anonymous> (/root/node_modules/grunt-legacy-log-utils/index.js:12:13) 解决办法: 其实这是因为npm和node的版本比较低的原因 进行如下的操作: [root@VM-0-17-centos ~]# npm uninstall npm -g # 卸载npm [root@VM-0-17-centos ~]# yum install gcc gcc-c++ # 安装gcc [root@VM-0-17-centos ~]# wget https://npm.taobao.org/mirrors/node/v10.14.1/node-v10.14.1-linux-x64.tar.gz # 下载高版本的node [root@VM-0-17-centos ~]# tar -xvf node-v10.14.1-linux-x64.tar.gz # 解压 [root@VM-0-17-centos ~]# mv node-v10.14.1-linux-x64 /usr/local/node [root@VM-0-17-centos ~]# vim /etc/profile export NODE_HOME=/usr/local/node export PATH=$PATH:$NODE_HOME/bin:$PATH export NODE_PATH=$NODE_HOME/lib/node_modules:$PATH [root@VM-0-17-centos ~]# source /etc/profile [root@VM-0-17-centos ~]# ls /usr/local/node bin CHANGELOG.md include lib LICENSE README.md share [root@VM-0-17-centos ~]# source /etc/profile [root@VM-0-17-centos ~]# node -v v10.14.1 [root@VM-0-17-centos ~]# npm -v 6.4.1

浏览器访问

成功!!

最新回复(0)