ELK环境部署

最新推荐文章于 2023-10-22 02:49:39 发布

JesJiang

最新推荐文章于 2023-10-22 02:49:39 发布

阅读量233

点赞数

分类专栏： ELK Elasticsearch

本文链接：https://blog.csdn.net/jiangshuanshuan/article/details/106903672

版权

Elasticsearch 同时被 2 个专栏收录

24 篇文章 0 订阅

订阅专栏

ELK

4 篇文章 0 订阅

订阅专栏

1、安装JDK

2、安装Elasticsearch

下载地址：https://www.elastic.co/cn/downloads/

3 、安装Kibana

4、安装Logstash

6.8.4 https://www.elastic.co/cn/downloads/past-releases/logstash-6-8-4

tar -zxvf logstash-6.8.4.tar.gz
cd logstash-6.8.4
bin/logstash -e " input  { stdin {} } output  { stdout {} }"
如下提示安装成功
The stdin plugin is now waiting for input:
[2020-06-22T17:05:11,048][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2020-06-22T17:05:11,462][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

接着在终端下面继续输入下面的内容

hello world
/tools/logstash-6.8.4/vendor/bundle/jruby/2
{
       "message" => "hello world\r",
      "@version" => "1",
          "host" => "USER-20171119KN",
    "@timestamp" => 2020-06-22T09:06:44.651Z
}

输入源定义为 filebeat的tcp端口，参考示例config/logstash-sample.conf

# 定义日志源
input {
# 指定filebeat作为输入源
  beats {
    port => 5044
  }
}
# 配置过滤器
filter {
    # 定义日志的输出格式
 }
# 定义日志输出
output {
  elasticsearch {
    hosts => ["http://localhost:9200"] # 定义es服务器的ip
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" # 定义索引
    #user => "elastic"
    #password => "changeme"
  }
}

启动

cd /software/logstash/bin/

./logstash --path.settings /software/logstash/config/ -f /software/logstash/config/filebeat.conf

5、安装Filebeat

https://www.elastic.co/cn/downloads/past-releases/filebeat-6-8-4

tar -zxvf filebeat-6.8.4-linux-x86_64.tar.gz
#启动
./filebeat -e -c filebeat.yml

-c：配置文件位置
-path.logs：日志位置
-path.data：数据位置
-path.home：家位置
-e：关闭日志输出
-d 选择器：启用对指定选择器的调试。对于选择器，可以指定逗号分隔的组件列表，也可以使用-d“*”为所有组件启用调试.例如，-d“publish”显示所有“publish”相关的消息。

后台启动

nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &

默认filebeat输出到elasticsearch

#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

  # Enabled ilm (beta) to use index lifecycle management instead daily indices.
  #ilm.enabled: false

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
#output.logstash:
  # The Logstash hosts
  #hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

修改为输出到Logstash,由Logstash输出到Elasticsearch

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Enabled ilm (beta) to use index lifecycle management instead daily indices.
  #ilm.enabled: false

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"