<a href="http://blog.jimliu.xyz/2017/07/28/install-elk/">原文地址</a>

一.安装java环境

由于Elasticsearch和Logstash的要求，在服务器首先安装jdk 1.8

1.下载

Linux环境下的jdk1.8，请去（<a href="http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html">官网</a>）中下载你服务器对应jdk的安装文件

2.创建目录

创建/usr/java目录 将jdk文件粘贴至该目录下，并且在该目录下解压。

3.配置java环境变量

编辑 /etc/profile 文件 添加java环境变量

export JAVA_HOME=/usr/java/jdk1.8.0_25 
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin

注意jdk必须是你下载的版本。

二.安装并运行ELasticsearch

1.下载

去<a href="https://www.elastic.co/downloads/elasticsearch">Elastic官网</a>下载tar安装包

2.解压

tar -xzvf elasticsearch-5.5.1.tar.gz

3.运行

cd elasticsearch-5.5.1

./bin/elasticsearch

4.验证

crul http://localhost:9200

得到

{
    name: "oN3cxGg",
    cluster_name: "elasticsearch",
    cluster_uuid: "VMLohqVCQNClek3iPa000A",
    version: {
        number: "5.5.1",
        build_hash: "19c13d0",
        build_date: "2017-07-18T20:44:24.823Z",
        build_snapshot: false,
        lucene_version: "6.6.0"
    },
    tagline: "You Know, for Search"
}

这样表明已经安装和启动成功了！

5.问题

a.启动后无法通过服务器所在ip访问：

修改config/elasticsearch.yml 中network.host: '你的服务器ip'

b.修改成ip后无法启动：

$ ./elasticsearch
...
ERROR: bootstrap checks failed
max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]
max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
[2016-10-31T04:55:45,240][INFO ][o.e.n.Node               ] [vJDcSkt] stopping ...
[2016-10-31T04:55:45,249][INFO ][o.e.n.Node               ] [vJDcSkt] stopped
[2016-10-31T04:55:45,249][INFO ][o.e.n.Node               ] [vJDcSkt] closing ...
[2016-10-31T04:55:45,257][INFO ][o.e.n.Node               ] [vJDcSkt] closed

问题1：

max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]

解决办法： 修改/etc/security/limits.conf文件，添加或修改如下行：

 * soft nofile 65536
 * hard nofile 131072
 * soft nproc 2048
 * hard nproc 4096

问题2：

max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]

解决办法：修改 /etc/sysctl.conf 文件，添加 “vm.max_map_count”设置

vm.max_map_count = 262144

这样就可以成功启动了。

安装logstash

安装步骤与Elasticsearch 基本相同，下载软件包，解压.

1. 启动

a. 新建配置文件 yourname.conf

input {
    file {
        path => "你的日志文件"
        start_position => end
    }
}
filter {
      if ([message] =~ "^debug") {
             drop {}
          }
}
output {
    stdout { codec => json}
         elasticsearch { hosts =>["http://127.0.0.1:9200"] }
}

b. 执行命令

./bin/logstash -f yourname.conf

<a href="http://blog.jimliu.xyz/2017/07/28/install-elk/">原文地址</a>