Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to use Elastic Stack. The introduction in this article is very detailed and has certain reference value. Interested friends must read it!

Step by Step Introduction & Preparation

Elastic Stack, mainly includes Elasticsearch (data storage) and Kibana (visual management) and a series of plug-ins. The plug-in finally realizes the extraction of various indicators, logs and data into elasticsearch, and visual display and data analysis through Kibana.

As the foundation of the entire technology stack, the first things to install are elasticsearch and kibana.

Although it can also be installed on windows, but in line with the principle of not finding trouble for yourself, and finding a solution when there is a problem, here you choose to install Elastic Stack on CentOS 7.6.

Because I am using RPM to install, due to some reasons, the official website provides the download address of the component package, if there is no special means, it may be downloaded to the end of time, so here you can use the domestic mirror address to download, I am using the Tsinghua mirror to download (link direct), you can choose the mirror address according to your preferences.

Download component packages

Log in to the server, download elasticsearch and kibana or directly by wget command, and then throw them to the server. Note here that the versions of elasticsearch, kibana and subsequent plug-ins must be consistent, otherwise there may be some inexplicable problems.

1

2

3

4

5

--Download elasticsearch

wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/7.9.0/elasticsearch-7.9.0-x86_64.rpm

Download Kibana

wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/7.9.0/kibana-7.9.0-x86_64.rpm

Installation and Configuration Configuration elasticsearch

When the component download is complete, you can start the installation of the program, because I am using the RPM package, so here you can directly complete the installation of elasticsearch through the rpm command.

1

sudo rpm --install elasticsearch-7.9.0-x86_64.rpm

When the command is executed, you can see that the console has clearly reminded us that the systemctl command can complete the management of elasticsearch services.

1

2

3

4

5

6

--Set the boot to start automatically

sudo systemctl daemon-reload

sudo systemctl enable elasticsearch.service

Start elasticsearch service

sudo systemctl start elasticsearch.service

After startup, you can verify whether our elasticsearch has been successfully installed by curling 127.0.0.1: 9200 on the server. If the relevant information of the service can be displayed, it means that elasticsearch has been successfully installed.

As with mysql and mongodb, elasticsearch is by default a service that does not allow remote access, but in view of actual usage, the configuration file needs to be modified to allow remote access to the elasticsearch service on the server

First, find the installation path of the program through the whereis elasticsearch command. There will be two paths here. By consulting the official documentation, you can know that/etc/elasticsearch is the path where the configuration file is located, and/usr/share/elasticsearch is the running path of elasticsearch.

Switch to/etc/elasticsearch, open elasticsearch.yml, locate the Network node, and adjust the configuration below to allow remote access to the service. PS, because the configuration file is a yml file, so here for the content format has very strict requirements, must not forget: after the space

1

network.host: 0.0.0.0

When the configuration file is modified, you need to restart elasticsearch service. Restart the service through systemctl command. If nothing unexpected happens, you will find that the service does not start up:smirk:

1

2

--Restart elasticsearch

systemctl restart elasticsearch.service

Here we can check the reason why the service cannot start normally through systemctl status

1

systemctl status elasticsearch.service -l

In the message printed on the console, we focus on this sentence in the error message. You can see that we need to configure the node for elasticsearch, because only a single node is used here, and clusters will not be built. Therefore, reopen the elasticsearch.yml file and modify the following configuration items.

the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

1

2

3

4

5

6

7

8

#Set cluster name

cluster.name: elastic-cluster

#Set node name

node.name: node-mater

#Default initialized node name

cluster.initial_master_nodes: ["node-mater"]

Of course, you can also modify the configuration file directly to indicate that the current elasticsearch service runs as a single node, but this is not recommended

1

discovery.type: single-node

Save the modifications to the configuration file and re-execute the command to start the service. You can see that the service has been started. Of course, if you want to access the service remotely at this time, please also ensure that the firewall of the server has an open port 9200. At this time, you can open the following page by accessing it through the browser.

1

2

3

4

5

--permanently open port 9200

sudo firewall-cmd --zone=public --add-port=9200/tcp --permanent

--Restart firewall

firewall-cmd --reload

Install Kibana

Similar to installing elasticsearch, go back to the path where the file is located. You can complete the installation of kibana by using rpm command, and then you can control the startup of kibana through systemctl.

1

2

3

4

5

6

7

8

9

10

11

12

--Go back to the user's root directory

cd ~

--install kibana

sudo rpm --install kibana-7.9.0-x86_64.rpm

--Set the boot to start automatically

sudo systemctl daemon-reload

sudo systemctl enable kibana.service

Start elasticsearch service

sudo systemctl start kibana.service

Because kibana is used to visually manage the data in elasticsearch, you need to modify the kibana configuration file to complete the concatenation with elasticsearch. Similar to the path where the elasticsearch configuration file is located, the kibana configuration file is located under the/etc/kibana path. Find the kibana.yml file. The configuration items to be adjusted are as follows

1

2

3

4

5

6

7

8

9

10

11

##Allow remote access

server.host: "0.0.0.0"

##Set the name of the service

server.name: "elastic-kibana"

##Set the elasticsearch service address to be connected

elasticsearch.hosts: ["localhost:9200"]

##Settings page displayed in Chinese

i18n.locale: "zh-CN"

Of course, don't forget to open port 5601 on the server to allow remote access

1

2

3

4

5

--permanently open port 5601

sudo firewall-cmd --zone=public --add-port=5601/tcp --permanent

--Restart firewall

firewall-cmd --reload

After restarting kibana, if you immediately access it through your browser, you may be prompted with the following content, um, sit down and relax, wait a while, refresh a few times, if the following prompt keeps appearing, you can check the specific elasticsearch or kibana problem through systemctl status command. After all, only these two services:smile:

Kibana server is not ready yet

When installing kibana on my Cloud Virtual Machine, I kept reporting this error after the kibana installation started. Finally, I found that elasticsearch could not start up. I looked at the error message and found that the jvm memory used by elasticsearch was not enough. Hmm, a host with 1 core and 2G memory. If you also encounter such a problem, you can modify the jvm.options file under the/etc/elasticsearch path at this time. To adjust elasticsearch jvm virtual machine configuration, after the restart can be

At this point, the installation of elasticsearch and kibana is completed, and some functions can be implemented based on elasticsearch. In addition, the authority-related control and how to implement some functions based on actual requirements are reflected in the following occasional articles.

That's all for "How to use Elastic Stack". Thank you for reading! Hope to share the content to help everyone, more relevant knowledge, welcome to pay attention to the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.