logstash和kibana安装

es已在上篇文章安装过

http://blog.csdn.net/feifeichongtian/article/details/79088274

本章我们来学习安装logstash和kibana。

1:logstash安装

1，下载

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.1.0.tar.g

2.解压

tar -zxvf logstash-5.6.0.tar.g

3.修改配置文件

[master@node0 soft]$ vi logstash-6.1.0/config/logstash.conf 

input{stdin {} file { path => "/home/master/soft/test.log"  start_position => "beginning" }}
output { elasticsearch { hosts => ["node0:9200"] }}

4.启动

[master@node0 logstash-6.1.0]$ ./bin/logstash -f config/logstash.conf 

Sending Logstash's logs to /home/master/soft/logstash-6.1.0/logs which is now configured via log4j2.properties
[2018-01-14T20:14:26,639][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/home/master/soft/logstash-6.1.0/modules/netflow/configuration"}
[2018-01-14T20:14:26,689][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/home/master/soft/logstash-6.1.0/modules/fb_apache/configuration"}
[2018-01-14T20:14:27,836][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-01-14T20:14:29,376][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.1.0"}
[2018-01-14T20:14:30,369][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2018-01-14T20:14:36,827][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://node0:9200/]}}
[2018-01-14T20:14:36,859][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://node0:9200/, :path=>"/"}
[2018-01-14T20:14:37,434][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://node0:9200/"}
[2018-01-14T20:14:37,606][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>nil}
[2018-01-14T20:14:37,614][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>6}
[2018-01-14T20:14:37,664][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-01-14T20:14:37,714][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-01-14T20:14:37,826][INFO ][logstash.outputs.elasticsearch] Installing elasticsearch template to _template/logstash
[2018-01-14T20:14:38,264][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//node0:9200"]}
[2018-01-14T20:14:38,362][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>125, :thread=>"#<Thread:0x7df41267 run>"}
[2018-01-14T20:14:39,432][INFO ][logstash.pipeline        ] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2018-01-14T20:14:39,815][INFO ][logstash.agent           ] Pipelines running {:count=>1, :pipelines=>["main"]}

启动成功！

2:kibana安装

1.下载

wget wget https://download.elastic.co/kibana/kibana/kibana-6.1.1-linux-x86_64.tar.gz
tar -xzvf  kibana-6.1.1-linux-x86_64.tar.gz

2.配置文件

[master@node0 kibana-6.1.1-linux-x86_64]$ vi config/kibana.yml 

#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 0

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
#elasticsearch.startupTimeout: 5000

# Specifies the path where Kibana creates the process ID file.
#pid.file: /var/run/kibana.pid

# Enables you specify a file where Kibana stores log output.
#logging.dest: stdout

# Set the value of this setting to true to suppress all logging output.
#logging.silent: false

# Set the value of this setting to true to suppress all logging output other than error messages.
#logging.quiet: false

# Set the value of this setting to true to log all events, including system usage information
# and all requests.
#logging.verbose: false

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000.
#ops.interval: 5000

# The default locale. This locale can be used in certain circumstances to substitute any missing
# translations.
#i18n.defaultLocale: "en"
server.port: 5601
server.host: "node0"
elasticsearch.url: http://node0:9200
kibana.index: ".kibana"

3.启动

[master@node0 kibana-6.1.1-linux-x86_64]$ bin/kibana &
[master@node0 kibana-6.1.1-linux-x86_64]$   log   [11:54:38.662] [info][status][plugin:kibana@6.1.1] Status changed from uninitialized to green - Ready
  log   [11:54:38.759] [info][status][plugin:elasticsearch@6.1.1] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [11:54:38.793] [info][status][plugin:console@6.1.1] Status changed from uninitialized to green - Ready
  log   [11:54:38.824] [info][status][plugin:metrics@6.1.1] Status changed from uninitialized to green - Ready
  log   [11:54:39.533] [info][status][plugin:timelion@6.1.1] Status changed from uninitialized to green - Ready
  log   [11:54:39.542] [fatal] Port 5601 is already in use. Another instance of Kibana may be running!
FATAL Port 5601 is already in use. Another instance of Kibana may be running!

4.看效果

这是我的es因为只有一个节点，所以有undifind

elk的搭建完成了