標籤:配置 elk
ELK部署完成後,出現了一些問題,需要調整及最佳化。
1.elasticsearch 調節堆記憶體大小:
Elasticsearch預設設定的記憶體是1GB,對於業務較小,所以需要將機器一半記憶體配置給jvm
查看系統記憶體:
# free -m total used free shared buffers cachedMem: 24028 20449 3579 0 185 8151-/+ buffers/cache: 12112 11916Swap: 0 0 0
系統為24G計劃將12G分配給jvm
修改方式
(1).修改ES_HEAP_SIZE環境變數
vim /etc/profileexport ES_HEAP_SIZE=12Gsource /etc/profile
(2).啟動指定分配記憶體
./bin/elasticsearch -Xmx12G -Xms12G
重啟查看配置是否生效:
/etc/init.d/elasticsearch restart
查看:
650) this.width=650;" src="http://s4.51cto.com/wyfs02/M00/80/3A/wKioL1c750Hh0kFnAABXfVcRjGc858.png" title="el2.png" alt="wKioL1c750Hh0kFnAABXfVcRjGc858.png" />
2.設定檔修改
vim elasticsearch.ymlootstrap.mlockall: true
設定為true來鎖住記憶體。因為當jvm開始swapping時es的效率會降低,所以要保證它不swap,可以把ES_MIN_MEM和ES_MAX_MEM兩個環境變數設定成同一個值,並且保證機器有足夠的記憶體配置給es。 同時也要允許elasticsearch的進程可以鎖住記憶體.
3.錯誤:[[FIELDDATA] Data too large, data for [proccessDate]
資料說明如下:
fielddata的大小是在資料被載入之後才校正的。假如下一個查詢準備載入進來的fieldData讓緩衝區超過可用堆大小會發生什嗎?很遺憾的是,它將產生一個OOM異常。
斷路器就是用來控制cache載入的,它預估當前查詢申請使用記憶體的量,並加以限制。
# curl -XGET http://localhost:9200/_cluster/settings?pretty{ "persistent" : { "indices" : { "breaker" : { "fielddata" : { "limit" : "40%" } }, "store" : { "throttle" : { "max_bytes_per_sec" : "100mb" } } } }, "transient" : { "cluster" : { "routing" : { "allocation" : { "enable" : "all" } } } }}
說明:fielddata 斷路器限制fielddata的大小,預設情況下為堆大小的60%。這裡設定為40%
4.修改logstash 的refresh intervel
預設設定的5秒,根據業務判斷太頻繁,所以希望改小:
# curl -XGET http://localhost:9200/_template/logstash?pretty{ "logstash" : { "order" : 0, "template" : "logstash-*", "settings" : { "index" : { "refresh_interval" : "5s" } },.....
修改為20秒:
cd /opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-1.0.7-java/lib/logstash/outputs/elasticsearchvim elasticsearch-template.json{ "template" : "logstash-*", "settings" : { "index.refresh_interval" : "20s" }, ....
重啟服務
/etc/init.d/logstash restart
5.設定代理及認證
使用nginx 反向 Proxykibana及認證
#vim kibana.conf server { listen 80; server_name ckl.kibana.com; error_log /data/log/kibana_error.log; proxy_headers_hash_max_size 5120; proxy_headers_hash_bucket_size 640; location / { proxy_pass http://0.0.0.0:5601; auth_basic "Restricted"; auth_basic_user_file /usr/local/nginx/conf/ssl/site_pass; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $http_x_forwarded_for; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}
cat /usr/local/nginx/conf/ssl/site_passckl:1TFEeTtLwlF7ZgMG
認證密碼為htpasswd產生的密碼:
如果別人知道你的5601直接存取怎麼辦,最簡單,做個連接埠轉寄吧
iptables -t nat -A PREROUTING -p tcp --dport 5601 -j REDIRECT --to-port 80
本文出自 “深呼吸再出擊” 部落格,請務必保留此出處http://ckl893.blog.51cto.com/8827818/1774668
ELK 根據業務配置及最佳化
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
