Graylog2 0.20.x requires ElasticSearch 0.90.10. To fullfil this requirement, you will need to manually download and install the RPM for ElasticSearch.
Download ElasticSearch 0.90.10 from the ElasticSearch Downloads page here.
Save the file and upload it to your CentOS 6 server.
Install Java 1.7:
#yum install java-1.7.0-openjdk.x86_64
Install the RPM:
#rpm -ivh elasticsearch-0.90.10.noarch.rpm
Stop the elasticsearch service so that we can update the cluster name:
#service elasticsearch stop
Edit the /etc/elasticsearch/elasticsearch.yml file to update your cluster.name variable. Ex:
Update any additional settings needed and save the file. I recommend updating the path.data and path.logs to custom directories.
Start the elasticsearch service and set it to run on startup:
#service elasticsearch start
#chkconfig elasticsearch on
Check your logs to make sure that it started properly and joined the cluster (if there is an existing one).
For Graylog2, the recommended settings are also to increase the open file limit to at least 64000 as seen in the Configuring and tuning ElasticSearch for Graylog2 >v0.20.0 documentation. I did this by increasing the max number of ulimit open file below.
Edit /etc/sysctl.conf and add the following line at the end:
fs.file-max = 65536
Save the file. Next edit /etc/security/limits.conf and add the following lines:
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
Save the file and restart the server.
#shutdown -r now
Once restarted, verify that the max open file ulimit has been increased.
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 30507
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65535
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 65535
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
Additional recommended settings are to increase the ES_HEAP_SIZE. I did this by editing /etc/init.d/elasticsearch and adding the following line after checkJava under start():
They recommend that you leave 50% of your memory for other system functions, and I had 4 Gig of RAM, hence the 2g setting.