1、安装JDK
2、安装Elasticsearch
下载地址:https://www.elastic.co/cn/downloads/
3 、安装Kibana
4、安装Logstash
6.8.4 https://www.elastic.co/cn/downloads/past-releases/logstash-6-8-4
tar -zxvf logstash-6.8.4.tar.gz
cd logstash-6.8.4
bin/logstash -e " input { stdin {} } output { stdout {} }"
如下提示安装成功
The stdin plugin is now waiting for input:
[2020-06-22T17:05:11,048][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2020-06-22T17:05:11,462][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
接着在终端下面继续输入下面的内容
hello world
/tools/logstash-6.8.4/vendor/bundle/jruby/2
{
"message" => "hello world\r",
"@version" => "1",
"host" => "USER-20171119KN",
"@timestamp" => 2020-06-22T09:06:44.651Z
}
输入源定义为 filebeat的tcp端口,参考示例config/logstash-sample.conf
# 定义日志源
input {
# 指定filebeat作为输入源
beats {
port => 5044
}
}
# 配置过滤器
filter {
# 定义日志的输出格式
}
# 定义日志输出
output {
elasticsearch {
hosts => ["http://localhost:9200"] # 定义es服务器的ip
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" # 定义索引
#user => "elastic"
#password => "changeme"
}
}
启动
cd /software/logstash/bin/
./logstash --path.settings /software/logstash/config/ -f /software/logstash/config/filebeat.conf
5、安装Filebeat
https://www.elastic.co/cn/downloads/past-releases/filebeat-6-8-4
tar -zxvf filebeat-6.8.4-linux-x86_64.tar.gz
#启动
./filebeat -e -c filebeat.yml
-c:配置文件位置
-path.logs:日志位置
-path.data:数据位置
-path.home:家位置
-e:关闭日志输出
-d 选择器:启用对指定选择器的调试。 对于选择器,可以指定逗号分隔的组件列表,也可以使用-d“*”为所有组件启用调试.例如,-d“publish”显示所有“publish”相关的消息。
后台启动
nohup ./filebeat -e -c filebeat.yml >/dev/null 2>&1 &
默认filebeat输出到elasticsearch
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["localhost:9200"]
# Enabled ilm (beta) to use index lifecycle management instead daily indices.
#ilm.enabled: false
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
#output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
修改为输出到Logstash,由Logstash输出到Elasticsearch
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["localhost:9200"]
# Enabled ilm (beta) to use index lifecycle management instead daily indices.
#ilm.enabled: false
# Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"