问题1:
[elk@storm2 bin]$ OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000094cc0000, 1798569984, 0) failed; error='Cannot allocate memory' (errno=12)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 1798569984 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /usr/local/elasticsearch-5.3.0/bin/hs_err_pid16731.log
解决方法:
You have configured a virtual machine with 1 GB of RAM, but elastic is trying to start with 2 GB of RAM (default for Elasticsearch version 5.X)
5.X版本 Elasticsearch安装需要2G以上内存
问题2:
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决方法:
echo "* soft nofile 65536" >> /etc/security/limits.conf
echo "* hard nofile 131072" >> /etc/security/limits.conf
echo "* soft nproc 2048" >> /etc/security/limits.conf
echo "* hard nproc 4096" >> /etc/security/limits.conf
sysctl -w vm.max_map_count=262144
filebeat中moduel的使用方法
filebeat.yml配置如下:
1
2
3
4
5
6
7
8
9
10
11
12
|
filebeat.modules: #-------------------------------- Nginx Module ------------------------------- - module: nginx #Access logs
access:
enabled: true
error:
enabled: true
#-------------------------- Elasticsearch output ------------------------------- output.elasticsearch: enabled: true
hosts: [ "192.168.2.209:9200" ]
|
elasticsearch安装如下插件
1
2
|
bin /elasticsearch-plugin install ingest-user-agent
bin /elasticsearch-plugin install ingest-geoip
|
备注:使用模块的话必须使用 Elasticsearch output,否者会报错
1
|
Exiting: Filebeat modules configured but the Elasticsearch output is not configured /enabled
|