我正在尝试安装ELK堆栈。 Elastic Search和Kibana已成功安装。效果很好。但是在安装Logstash时,无法正确安装它。当我启动logstash服务时,它表明没有logstash。我尝试搜索Google,但找不到合适的解决方案。我尝试重新安装该软件包。即使如此,它也无法解决。
这是错误:
paulsteven@smackcoders:~$ sudo apt-get install logstash
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
logstash
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/178 MB of archives.
After this operation, 307 MB of additional disk space will be used.
Selecting previously unselected package logstash.
(Reading database ... 293176 files and directories currently installed.)
Preparing to unpack .../logstash_1%3a6.7.0-1_all.deb ...
Unpacking logstash (1:6.7.0-1) ...
Setting up logstash (1:6.7.0-1) ...
Using provided startup.options file: /etc/logstash/startup.options
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000d4cc0000, 724828160, 0) failed; error='Not enough space' (errno=12)
/usr/share/logstash/bin/system-install: line 88: #: command not found
paulsteven@smackcoders:~$ sudo systemctl logstash status
Unknown operation logstash.
paulsteven@smackcoders:~$ sudo systemctl logstash status
Unknown operation logstash.
paulsteven@smackcoders:~$ sudo apt-get install logstash
Reading package lists... Done
Building dependency tree
Reading state information... Done
logstash is already the newest version (1:6.7.0-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
paulsteven@smackcoders:~$
答案 0 :(得分:2)
@Smack Alpha
我正在使用ELK堆栈1个月,并使用debian软件包在Ubuntu平台上安装了这些东西。
按照步骤安装Logstash并将其作为服务启动。
首先转到主目录
cd ~
使用 wget (请注意您的logstash版本)下载logstash的debian软件包
sudo wget https://artifacts.elastic.co/downloads/logstash/logstash-6.5.4.deb
我用dpkg安装Logstash
sudo dpkg -i logstash-6.5.4.deb
配置Logstash
更改logstash.yml的编辑权限
```sudo chmod 777 /etc/logstash/logstash.yml```
在文本编辑器中打开logstash.yml
sudo gedit /etc/logstash/logstash.yml
更改以下几行(删除#标记)
a) http.host:“ 0.0.0.0”(您的IP地址)
b) http.port:9600-9700
保存并退出。
评论任何安装方面的疑问和错误。
答案 1 :(得分:0)
该进程是否在 / etc / systemd / system / 下注册?您在 /etc/init.d / 中看到了logstash服务文件吗?
在某些系统上,您可能必须手动运行在 / usr / share / logstash / bin 中找到的 system-install 脚本。
答案 2 :(得分:0)
我尝试在Raspberry Pi上安装Logstash时遇到了完全相同的错误。可能一年后不再与您相关,但对其他人可能很有价值。
似乎您的系统没有足够的(可用)内存来运行JRE,如以下行所示:
Java HotSpot(TM) 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000d4cc0000, 724828160, 0) failed; error='Not enough space' (errno=12)
下一行显示系统安装脚本中的命令失败:
/usr/share/logstash/bin/system-install: line 88: #: command not found
第88行看起来像这样:
$(ruby_exec "${LOGSTASH_HOME}/lib/systeminstall/pleasewrap.rb" "${allopts[@]}" ${program} ${LS_OPTS})
要获得有关失败原因的更多信息,我们可以在命令之前插入一个小的debug-echo,这样,只是为了查看结果:
echo "debug: $(ruby_exec "${LOGSTASH_HOME}/lib/systeminstall/pleasewrap.rb" "${allopts[@]}" ${program} ${LS_OPTS})"
现在,如果我们再次运行系统安装脚本,则在发生错误时我们将获得更多了解:
debug: #
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 1006632960 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /usr/share/logstash/lib/systeminstall/hs_err_pid28575.log
其他信息在提到的错误日志中:
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 1006632960 bytes for committing reserved memory.
# Possible reasons:
# The system is out of physical RAM or swap space
# In 32 bit mode, the process size limit was hit
# Possible solutions:
# Reduce memory load on the system
# Increase physical memory or swap space
# Check if swap backing store is full
# Use 64 bit Java on a 64 bit OS
# Decrease Java heap size (-Xmx/-Xms)
# Decrease number of Java threads
# Decrease Java thread stack sizes (-Xss)
# Set larger code cache with -XX:ReservedCodeCacheSize=
# This output file may be truncated or incomplete.
#
# Out of Memory Error (os_linux.cpp:2757), pid=28588, tid=0xb512c460
那是我的错误,对于您来说可能有所不同,但是您应该能够像这样调查它。
因此,如果您有足够的内存或任何进程消耗过多的内存,则可能要检查可用的内存。
由于内存有限,我创建了一个临时交换文件作为一种解决方法,只是看它是否可以运行,并且对我有用。但这可能不是一个可行的解决方案。