环境准备
| Elk平台环境 | |
| 系统 | 版本 |
| 服务器操作系统 | Centos release 6.7 (Final) |
| ElasticSearch | 2.3.4 |
| Logstash | 2.3.4 |
| Kibana | 4.5.3 |
| Jdk | 1.8 |
软件下载
wget https://download.elastic.co/logstash/logstash/logstash-2.3.4.tar.gz
wget https://download.elastic.co/kibana/kibana/kibana-4.5.3-linux-x64.tar.gz
wget http://download.oracle.com/otn-pub/java/jdk/8u45-b14/jdk-8u45-linux-x64.tar.gz
安装EStar zxvf elasticsearch-2.3.4.tar.gz
cd elasticsearch-2.3.4
安装head插件
./bin/plugin install mobz/elasticsearch-head
配置单点ES
修改elasticsearch.yml
cluster.name、node.name、network.host、path.logs、path.data
启动ES
查看ES web
http://10.0.2.199:9200/_plugin/head/
安装redis(做为缓存)
wget http://download.redis.io/releases/redis-3.2.5.tar.gz
tar xvzf redis-3.2.5.tar.gz
cd redis-3.2.5
make && make install
安装logstash
解压logstash tar包即可
添加config文件增加需要往ES添加数据的索引index.conf
示例:
input {
redis {
host => "10.0.2.199"
port => "6379"
data_type => "list"
key => "mysql"
type => "mysql"
}
redis {
host => "10.0.2.199"
port => "6379"
data_type => "list"
key => "nlp"
type => "nlp"
}
}
output {
if [type] == "mysql"{
elasticsearch {
hosts => "10.0.2.199"
index => "yantai_mysql"
}
}
else if [type] == "nlp"{
elasticsearch {
hosts => "10.0.2.199"
index => "yantai_nlp"
}
}
}
logstash客户端示例
input {
file {
type => "mysql"
path => "/opt/docker_data/docker_mnt/mysql/mysqld.log"
start_position => "beginning"
}
file {
type => "nlp"
path => "/opt/docker_data/docker_mnt/nlp-disease/nlp.log"
start_position => "beginning"
}
}
filter {
}
output {
stdout {
}
if [type] == "mysql"{
redis {
host => "10.0.2.199"
port => 6379
data_type => "list"
key => "mysql"
}
}
else if [type] == "nlp"{
redis {
host => "10.0.2.199"
port => 6379
data_type => "list"
key => "nlp"
}
}
}
启动kibana
在kibana中添加ES当中索引的名字即可看到数据
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
