1.elasticsearch启动问题：

如果elasticsearch开启https登录则第一次启动的时候需要前台启动，前台启动的时候会自己创建相应的token等登录信息,如果是后台启动则没有这些登录信息：

./elasticsearch

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Elasticsearch security features have been automatically configured!
✅ Authentication is enabled and cluster connections are encrypted.ℹ️  Password for the elastic user (reset with `bin/elasticsearch-reset-password -u elastic`):uQIrmGkSPEDybGehN7Owℹ️  HTTP CA certificate SHA-256 fingerprint:c5ef1227cf14a593d41a24388b4d710dc819c6dd4c3accd0a354b49ac6f28b4fℹ️  Configure Kibana to use this cluster:
• Run Kibana and click the configuration link in the terminal when Kibana starts.
• Copy the following enrollment token and paste it into Kibana in your browser (valid for the next 30 minutes):eyJ2ZXIiOiI4LjEyLjIiLCJhZHIiOlsiMTAuMTAwLjIwOC4yMTo5MjAwIl0sImZnciI6ImM1ZWYxMjI3Y2YxNGE1OTNkNDFhMjQzODhiNGQ3MTBkYzgxOWM2ZGQ0YzNhY2NkMGEzNTRiNDlhYzZmMjhiNGYiLCJrZXkiOiJKelg2Wkk0QmU5cXRJWmF5VzRCbzotOGVyTEUtbVJyT0ZTbzh1UTktQkV3In0=ℹ️  Configure other nodes to join this cluster:
• On this node:⁃ Create an enrollment token with `bin/elasticsearch-create-enrollment-token -s node`.⁃ Uncomment the transport.host setting at the end of config/elasticsearch.yml.⁃ Restart Elasticsearch.
• On other nodes:⁃ Start Elasticsearch with `bin/elasticsearch --enrollment-token <token>`, using the enrollment token that you generated.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

2.参数设置问题 

1.报错：max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决：
vim /etc/sysctl.conf
在文件末尾添加以下一行内容：vm.max_map_count=262144
使文件立即生效：sudo sysctl -p2.报错：max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
解决：
vim /etc/security/limits.conf
在文件最后面添加下面内容
* soft nofile 65535
* hard nofile 65535

elasticsearch-setup-passwords interactive设置密码时报错： 

[deployer@master1 bin]$ ./elasticsearch-setup-passwords interactiveFailed to authenticate user 'elastic' against http://xxxxxx:9200/_security/_authenticate?pretty
Possible causes include:* The password for the 'elastic' user has already been changed on this cluster* Your elasticsearch node is running against a different keystoreThis tool used the keystore at /usr/local/ES/elasticsearch-8.12.2/config/elasticsearch.keystoreYou can use the `elasticsearch-reset-password` CLI tool to reset the password of the 'elastic' userERROR: Failed to verify bootstrap password, with exit code 78

 

解决：
删除 .security-7 索引 

删除好像没什么用，只能通过命令：[deployer@master1 bin]$ ./elasticsearch-reset-password -u elastic -i 来重新自定义elastic的用户密码。

3.kibana设置

kibana配置：

server.port: 5601 #默认端口
server.host: “0.0.0.0” #对外访问
elasticsearch.hosts: [“http://10.10.10.10:9200”] #elasticsearch地址
i18n.locale: "zh-CN" #设置中文

后台启动：

[root@master1 node_modules]# cd /usr/local/ES
[root@master1 ES]# ls
elasticsearch-8.12.2  elasticsearch-8.12.2-linux-x86_64.tar.gz  elasticsearch-head-master  kibana-8.12.2  kibana-8.12.2-linux-x86_64.tar.gz  master.zip
[root@master1 ES]# cd kibana-8.12.2
nohup bin/kibana &

4. 如果出现集群"健康值:未连接"  请参考 <<<

elasticsearch-head-master也需要使用普通用户启动。
如果之前使用过root用户启动过elasticsearch-head-master或者elasticsearch，需要将elasticsearch-head-master和elasticsearch重新添加普通用户属组和属主。因为使用root启动之后有部分文件的属组合属主变成了root。
（先停掉elasticsearch-head-master和elasticsearch然后再赋权）

[root@master1 ES]# ls
elasticsearch-8.12.2  elasticsearch-8.12.2-linux-x86_64.tar.gz  elasticsearch-head-master  kibana-8.12.2  kibana-8.12.2-linux-x86_64.tar.gz  master.zip
[root@master1 ES]# chown deployer:deployer -R elasticsearch-head-master
[root@master1 ES]# chown deployer:deployer -R elasticsearch-8.12.2

注意：elasticsearch-8.12.2启动后默认开启了密码和ssl设置，需要将true改成false

然后重启启动elasticsearch-head-master和elasticsearch

报错：

received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/xxxxx:9200, remoteAddress=/xxxx:57926}

5.ES8默认开启了ssl认证，导致无法访问9200端口

elasticsearch.yml配置:xpack.security.enabled:把true改成false

6.kibana设置账号密码

kibana没有自己的登录账号需要使用elasticsearch中添加的账号才行

vim /etc/kibana/kibana.yml

elasticsearch.username: "kibana"
elasticsearch.password: "123456"
用户说明：
elastic：内置超级用户
kibana：仅可用于kibana用来连接elasticsearch并与之通信, 不能用于kibana登录logstash_system：用于Logstash在Elasticsearch中存储监控信息时使用

 kibana安装后验证：

# 查看所有节点
GET _cat/nodes# 查看customer索引数据
GET customer/_search

elasticsearch-head登录截图