很久没安装ELK。 从头来过
1、官网下载elastic+filebeat+kibana的安装包,进行安装
2、配置elastic
network.host: 0.0.0.0
xpack.security.enabled: false
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: false
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["abc-elk-1"]
启动elk:./elasticsearch -d
3、配置filebeat
注意
index: “cron-%{+yyyy-MM-dd}”
setup.template.name: “cron”
setup.template.pattern: “cron”
filebeat.inputs:
- type: log
id: my-filestream-id
enabled: true
paths:
- /var/log/cron
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
output.elasticsearch:
hosts: ["localhost:9200"]
index: "cron-%{+yyyy-MM-dd}"
setup.template.name: "cron"
setup.template.pattern: "cron"
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
systemctl start filebeat
3、配置kibana
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
pid.file: /run/kibana/kibana.pid
启动kibana: systemctl start kibana
关于使用kibana 过滤查询
http://xxx:5601/app/dev_tools#/console
GET /dnslog-2022-06-08/_search/
{
“query”: {“more_like_this”: {
“fields”: [
“message”
],
“like”: “10.1.222.104”,
“min_term_freq”: 1,
“max_query_terms”: 12
}}
}
303
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
