ELKB5.3 遇到的问题介绍

问题1:

[elk@storm2 bin]$ OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000094cc0000, 1798569984, 0) failed; error='Cannot allocate memory' (errno=12)

#

# There is insufficient memory for the Java Runtime Environment to continue.

# Native memory allocation (mmap) failed to map 1798569984 bytes for committing reserved memory.

# An error report file with more information is saved as:

# /usr/local/elasticsearch-5.3.0/bin/hs_err_pid16731.log


解决方法:

You have configured a virtual machine with 1 GB of RAM, but elastic is trying to start with 2 GB of RAM (default for Elasticsearch version 5.X)

5.X版本 Elasticsearch安装需要2G以上内存


问题2:

max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]


解决方法:

echo "* soft nofile 65536" >> /etc/security/limits.conf

echo "* hard nofile 131072" >> /etc/security/limits.conf

echo "* soft nproc 2048" >> /etc/security/limits.conf

echo "* hard nproc 4096" >> /etc/security/limits.conf

sysctl -w vm.max_map_count=262144




filebeat中moduel的使用方法

filebeat.yml配置如下:

1
2
3
4
5
6
7
8
9
10
11
12
filebeat.modules:
#-------------------------------- Nginx Module -------------------------------
- module: nginx
  #Access logs
  access:
    enabled: true
  error:
    enabled: true
#-------------------------- Elasticsearch output -------------------------------
output.elasticsearch:
  enabled: true
  hosts: ["192.168.2.209:9200"]

elasticsearch安装如下插件  

1
2
bin/elasticsearch-plugin install ingest-user-agent
bin/elasticsearch-plugin install ingest-geoip

备注:使用模块的话必须使用 Elasticsearch output,否者会报错

1
Exiting: Filebeat modules configured but the Elasticsearch output is not configured/enabled



上一篇:删除指定目录下指定文件


下一篇:阿里云SaaS生态战略发布,用宜搭5分钟部署OCR文字识别