Difference between revisions of "ElasticSearch"

Line 17: Line 17:
 
* '''Firewall rule'''
 
* '''Firewall rule'''
  
Open the port 9200. See [[Firewall INPUT filters#ElasticSearch|FW input]] && [[Firewall OUTPUT filters#IT_ports|FW output]]
+
Open the ports 9200 + 9300, allow multicast too. See [[Firewall INPUT filters#ElasticSearch|FW input]] && [[Firewall OUTPUT filters#IT_ports|FW output]]
  
  
Line 125: Line 125:
 
* Very good webinar from the ElasticSearch team: http://www.elasticsearch.org/webinars/introduction-to-logstash/?watch=1  
 
* Very good webinar from the ElasticSearch team: http://www.elasticsearch.org/webinars/introduction-to-logstash/?watch=1  
 
* Official ElasticSearch documentation: http://www.elasticsearch.org
 
* Official ElasticSearch documentation: http://www.elasticsearch.org
 
 
 
 
TO BE CONTINUED...
 
 
user & group "elasticsearch"
 
 
>> CONF_DIR=/etc/elasticsearch
 
>> LOG_DIR=/var/log/elasticsearch
 
>> DATA=/var/lib/elasticsearch
 

Revision as of 11:39, 18 November 2014


Requirements

To install and use ELK you need:

  • JAVA 1.7.55+
java -version

Java version must be > 1.7.0_55


  • Firewall rule

Open the ports 9200 + 9300, allow multicast too. See FW input && FW output


  • Apache2 server

See Apache2 setup


ElasticSearch

Installation

Source: http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup-repositories.html


  • Add ELK repository: see Sources#ELK
  • Install application
apt-get install elasticsearch

>> Binaries in /usr/share/elasticsearch

>> Configuration in /etc/elasticsearch

>> Logs in /var/log/elasticsearch


  • Register application as a service
cd /etc/init.d
update-rc.d elasticsearch defaults 95 10


Configuration

Edit the configuration file:

vim /etc/elasticsearch/elasticsearch.yml


Set your CLUSTER and NODE name + allow Kibana access.

cluster.name: VEHCO         # line 33
node.name: "VEHCO_MASTER"   # line 40

                            ### [...] At the end
http.cors.enabled: true
http.cors.allow-origin: http://192.168.1.203

!! You need to adjust your IP || hostname according to your needs.


Extensions (plugins)

You need to install some extensions (plugins) to get the full power of ElasticSearch. The following plugin list is the one recommended by ElasticSearch team.

cd /usr/share/elasticsearch/
./plugin -install karmi/elasticsearch-paramedic
./plugin -install mobz/elasticsearch-head
./plugin -install royrusso/elasticsearch-HQ


More information about each plugin:


You can access the plugins using the /_plugin/ URL:


You can search for more plugins on Google or the official ElasticSearch web-site.

Checkout http://www.elasticsearch.org/download to get a list of plugins available per official developer.


Start ElasticSearch

service elasticsearch start 

## OR ##
/etc/init.d/elasticsearch start


References