Elasticsearch

This is generally the first step, as you need a place to collect your logs. Elasticsearch itself is a NoSQL database and well suited for pure-web style integrations.

Java is required, and you may wish to deploy Oracle's java per the Elasticsearch team's recommendationYou may also want to dedicate a data partition. By default, data is stored in /var/lib/elasticsearch and that can fill up. We will also install the 'kopf' plugin that makes it easier to manage your data.

Install Java and Elasticsearch 

- (add a java repo)
sudo yum install java
sudo yum install elasticsearch

Change the storage location.

sudo mkdir /opt/elasticsearch
sudo chown elasticsearch:elasticsearch /opt/elasticsearch
sudo vim /etc/elasticsearch/elasticsearch.yml

...
path.data: /opt/elasticsearch/data
...

Allow connections on ports 9200, 9300-9400 and set the cluster IP

By design, Elasticsearch is open so control access with care
sudo iptables --insert INPUT --protocol tcp --source 10.18.0.0/16 --dport 9200 --jump ACCEPT
sudo iptables --insert INPUT --protocol tcp --source 10.18.0.0/16 --dport 9300:9300 --jump ACCEPT
sudo vim /etc/elasticsearch/elasticsearch.yml

...
# Failing to set the 'publish_host can result in the cluster auto-detecting an interface clients or other
# nodes can't reach. If you only have one interface you can leave commented out. 
network.publish_host: 10.18.3.1
...

Increase the heap size
sudo vim  /etc/sysconfig/elasticsearch

# Heap size defaults to 256m min, 1g max
# Set ES_HEAP_SIZE to 50% of available RAM, but no more than 31g
ES_HEAP_SIZE=2g


Install the kopf plugin and access it via your browser

sudo /usr/share/elasticsearch/bin/plugin -install lmenezes/elasticsearch-kopf
sudo service elasticsearch restart


#In your browser, navigate to
http://10.18.3.1:9200/_plugin/kopf/

If everything is working correctly you should see a web page with KOPF at the top. More on how to use that later.
Comments