搭建es+kibana+logstash+filebeat 日志收集分析

最新推荐文章于 2024-07-26 17:08:58 发布
最新推荐文章于 2024-07-26 17:08:58 发布
阅读量2.1k 收藏 8
点赞数 1
分类专栏: 数据分析 服务搭建
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u011932355/article/details/88794976
版权

实现目标:

使用elasticsearch+kibana+logstash+filebeat搭建服务,以支持(日志收集切分展示查找)

架构:

10.6.14.77 es,kibana,logstash  (三项默认的配置均为localhost,起在同一台服务器不再需要修改)

logstash 在单服务器上起多个实例,分别收集每个服务的日志,以隔离各个服务的日志收集

filebeat (起在各个需要收集日志的服务器上)

通过supervisor控制各个服务器上的响应服务

版本:

es 6.2.3 (基础日志数据存储)

kibana 6.2.3 (可视化web端服务)

logstash 6.2.3 (日志切分及归类)

filebeat 6.3.2 (各服务器日志收集)

 

前置:

需要安装java8

elastic stack 官网:https://www.elastic.co/products/

 

elasticsearch:

1.unzip elasticsearch-6.2.3.zip

2.启动  ./bin/elasticsearch  

   后台启动  ./bin/elasticsearch -d

   检测是否启动成功:curl localhost:9200

3.若报错:can not run elasticsearch as root 

   原因:这是出于系统安全考虑设置的条件。由于ElasticSearch可以接收用户输入的脚本并且执行,为了系统安全考虑, 建议创建一个单独的用户用来运行ElasticSearch

   解决方案:创建elsearch用户组及elsearch用户

   groupadd elsearch

   useradd elsearch -g elsearch -p elasticsearch

   chown -R elsearch:elsearch elasticsearch

4.若报错:max virtual memory areas vm.maxmapcount [65530] is too low

   sudo sysctl -w vm.max_map_count=262144

   在本机查看启动信息:curl localhost:9200

5. 配置外网访问:

config/elasticsearch.yml

修改为:network.host: 0.0.0.0

    

filebeat:

下载地址:https://www.elastic.co/cn/downloads/beats/filebeat

1.修改filebeat.yml配置

hint: filebeat.yml的默认配置是将数据output至elasticsearch,需要将其注释掉,并启用logstash output

filebeat.inputs: # 设置输入源
  # Change to true to enable this input configuration.
  enabled: true 
  paths:
        - /data/log/* # 读取日志路径
output.logstash: # 设置输出至logstash
  hosts: ["10.6.14.77:5044"]

tail_files: true #从文件末尾开始读取,否则在启动时会读取全文件

# hint: 将es的output注释掉

2.命令行测试启动:

./filebeat -e -c filebeat.yml

 

logstash:

下载地址:https://www.elastic.co/cn/downloads/logstash

1.unzip logstash-6.2.3.zip

2.命令行测试启动:

./bin/logstash -e "input {stdin{}} output {stdout{}}"

可在命令行输入,并输出至命令行

3.配置文件测试启动:

-e:指定logstash的配置信息,可以用于快速测试;
-f :指定logstash的配置文件;可以用于生产环境;

配置文件样例:

input { stdin { } }

filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
  date {
    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}

output {
  stdout { codec => rubydebug }
}
.bin/logstash -f test.conf

4.配置启动

input {
    beats {
        port => "5044"
    }
} # 配置输入源为5044端口,filebeat默认打到5044端口

input {
	beats {
		add_field => {"log_type" => "pisces"} # 对于不同服务的filebeat打来的log,添加不同的log_type
		port => 5044
	}
	beats {
		add_field => {"log_type" => "aries"}
		port => 5043
	}
	beats {
		add_field => {"log_type" => "aquarius"}
		port => 5045
	}
}
filter {
	if "pisces" in [tags]{
		grok {
			match => { "message" => "\[%{WORD:info_level} %{DATESTAMP:timestamp} %{WORD:temp}:%{NUMBER:temp}\] %{NUMBER:status} %{WORD:method} %{URIPATHPARAM:request} \(%{IP:ip}\) %{GREEDYDATA:C}"
			}
		} # 切分规则,grok中大写字母为grok规则中的匹配关键字
		mutate {
			split => ["request", "?"] # 将grok中匹配的”request“按”?“分隔
			add_field => {
				"uri" => "%{[request][0]}"
			}
			add_field => {
				"param" => "%{[request][1]}"
			}
            convert => ["C", "float"] # 将入库数据类型改为float,方便后续的kibana统计
		}

	    kv { # 将mutate中添加的”param“以“field_split”切分并按”include_keys"中的键值进行汇总
			source => "param"
            field_split => "&?"
			include_keys => ["subject", "paper_id", "session_key"]
			target => "kv"
		}
        date { # 将时间改为服务日志的时间,(否则会为进入es的时间)
			match => ["timestamp", "dd-MM-YY HH:mm:ss"]
	                timezone => "+08:00"
		}
        if "_grokparsefailure" in [tags] { # 抛弃掉不符合grok规则的日志
			drop {}
		}
        if ([uri] =~ "^\/klx") { # 抛弃掉某些无用的日志
			drop {}
		}
		if ([uri] == "/api/student/check_vip" or [uri] == "/api/correction/practice" or [uri] == "/api/student/recent_paper") {
			drop {} # 抛弃掉某些无用的日志
		}
		mutate {
			add_field => {"par" => "%{kv}"}
		}
		json {
			source => "par"
			remove_field => ["par"]
		}
	}
	if [log_type] == "aries" {
		grok {
			match => { "message" => "\[%{WORD:info_level} %{DATESTAMP:timestamp} %{WORD:temp}:%{NUMBER:temp}\] %{NUMBER:status} %{WORD:method} %{URIPATHPARAM:request} \(%{IP:ip}\) %{GREEDYDATA:C}"
			}
		}
		mutate {
			split => ["request", "?"]
			add_field => {
				"uri" => "%{[request][0]}"
			}
			add_field => {
				"param" => "%{[request][1]}"
			}
		}

	    kv {
			source => "param"
                	field_split => "&?"
			include_keys => ["subject", "paper_id", "username", "gourp_id", "role"]
			target => "kv"
		}
		mutate {
			add_field => {"par" => "%{kv}"}
		}
 		json {
			source => "par"
			remove_field => ["par"]
		}
        date {
			match => ["timestamp", "dd-MM-YY HH:mm:ss"]
	                timezone => "+08:00"
		}
		if "_grokparsefailure" in [tags]{
			drop {}
		}
        	if ([uri] =~ "^\/klx") {
			drop {}
		}
		if ([uri] == "/analysis_authority") {
			drop {}
		}
		if ([uri] =~ "\/class_compare$") {mutate {replace => {"uri" => "/subject_analysis/class_compare"}}} # 将某些符合的uri替换掉
		if ([uri] =~ "\/subject_compare$") {mutate {replace => {"uri" => "/subject_analysis/subject_compare"}}}
		if ([uri] =~ "\/result_report$") {mutate {replace => {"uri" => "/subject_analysis/result_report"}}}
		if ([role] == "%E5%AD%A6%E7%A7%91%E8%80%81%E5%B8%88") {mutate {replace => {"role" => "teacher"}}} # 中文码替换
		if ([role] == "%E5%AD%A6%E7%A7%91%E7%BB%84%E9%95%BF") {mutate {replace => {"role" => "subject_leader"}}}
		if ([role] == "%E7%8F%AD%E4%B8%BB%E4%BB%BB") {mutate {replace => {"role" => "class_manager"}}}
		if ([role] == "%E5%B9%B4%E7%BA%A7%E4%B8%BB%E4%BB%BB") {mutate {replace => {"role" => "grade_manager"}}}
	}
        if "gardener" in [tags] {
		grok {
			match => { "message" => "\[%{WORD:info_level} %{DATESTAMP:timestamp} %{WORD:temp}:%{NUMBER:temp}\] %{NUMBER:status} %{WORD:method} %{URIPATHPARAM:request} \(%{IP:ip}\) %{GREEDYDATA:C}"
			}
		}
		mutate {
			split => ["request", "?"]
			add_field => {
				"uri" => "%{[request][0]}"
			}
			add_field => {
				"param" => "%{[request][1]}"
			}
		}
		kv {
			source => "param"
			field_split => "&?"
			include_keys => ["session_key", "group_id", "subject", "paper_id", "username"]
			target => "kv"
		}
		mutate {
			add_field => {"par" => "%{kv}"}
		}
		json {
			source => "par"
			remove_field => ["par"]
		}
		date {
			match => ["timestamp", "dd-MM-yy HH:mm:ss"]
			timezone => "+08:00"
		}
		if "_grokparsefailure" in [tags] {
			drop {}
		}
	}

	mutate {
		remove_field => ["request", "param", "beat", "input", "offset", "timestamp", "ip", "source", "prospector", "temp", "kv"]
	}
	translate { # 对切分出的uri进行type汇总
		field => "[uri]"
		destination => "[uri_type]"
		dictionary => {
			"/analysis/exam_list" => "学情列表"
			"/analysis_v2/general" => "总体分析"
			"/analysis_v2/report" => "成绩报表"
			"/analysis_v2/title" => "加载单科学情"
			"/analysis_v2/item_detail" => "讲评单题统计"
			"/analysis_v2/paper" => "试卷讲评"
			"/analysis_v2/report_card_download" => "下载成绩单"
			"/my_students/student_answer" => "查看学生成绩"
			"/analysis_v2/result" => "考试分析"
			"/learning_tracking/generic" => "学情追踪基本学情"
			"/learning_tracking/students_score" => "学情追踪学生成绩"
			"/analysis_v2/check_explain" => "选中讲解"
			"/analysis_v2/paper_setting" => "单科学情自定义"
			"/analysis_v2/report_search" => "成绩单搜索"
			"/union_exam_analysis/statement_list" => "联考报告列表"
			"/analysis_v2/aim_item" => "举一反三"
			"/analysis_v2/report_download" => "单科学情报表下载"
			"/analysis_v2/wrong_item_download" => "单科学情错题号下载"
			"/subject_analysis/class_compare" => "多科学情班级对比"
			"/subject_analysis/subject_compare" => "多科学情学科对比"
			"/subject_analysis/result_report" => "多科学情成绩报表"
			"/subject_analysis/result_report_data" => "多科学情其他报表"

			"/api/student/paper_list" => "单科考试列表"
			"/api/student/analysis_report" => "学情报告"
			"/api/correction/subjects" => "错题本首页"
			"/api/student/situation_analysis" => "考情分析"
			"/api/student/subject_wrong_knowledge" => "报告错题本按知识点"
			"/api/student/subject_wrong_paper" => "报告错题本按考试"
			"/api/student/items_analysis" => "报告试题详情"
			"/api/correction/correct" => "提交订正"
			"/api/correction/subject_book" => "错题本列表"
			"/api/student/statement_list" => "多科考试列表"
			"/api/correction/items_list" => "错题本试题列表"
			"/api/student/depth_analysis" => "报告深度分析"
			"/api/student/SW_subject" => "报告优劣势学科"
			"/api/student/report_trend" => "报告成绩变化趋势"
			"/api/correction/image_upload" => "上传订正图片"
			"/api/student/item_grasp" => "报告试题标记掌握"
			"/api/student/pdf_render" => "导出报告错题本"
			"/api/correction/pdf_render" => "导出错题本"
			"/api/correction/note" => "错题本笔记"

			"/correction/list" => "错题本列表"
			"/correction/general" => "单科错题总览"
			"/correction/detail" => "单科单学生错题详情"
			"/correction/urge" => "催订正"
			"/analysis/paper_list" => "学情列表"
			"/analysis/paper_info" => "单科学情总览"
			"/analysis/paper_basic" => "单科学情基本信息"
			"/analysis/paper_special_student" => "单科学情关注学生"
			"/analysis/paper_items" => "单科学情逐题分析"
			"/analysis/paper_students" => "单科学情成绩单"
			"/analysis/paper_detail" => "单科试题详情"
		}
	}
}

output { # 按日志tags的不同存入es中不同的index中
	if "pisces" in [tags]{
	    elasticsearch {
			hosts => ["10.8.12.71:9200"]
			index => "pisces.log"
		}
	}
    if "gardener" in [tags]{
		elasticsearch {
			hosts => ["10.8.12.71:9200"]
			index => "gardener.log"
		}
	}
	if [log_type] == "aries" {
		elasticsearch {
			hosts => ["10.8.12.71:9200"]
			index => "aries.log"
		}
	}
    if [log_type] == "aquarius" {
        elasticsearch {
            hosts => ["10.8.12.71:9200"]
            index => "aquarius.log"
        }
    }

	stdout {}
}

grok切分规则:https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/grok-patterns

grok调试工具:https://grokdebug.herokuapp.com/

logstash规则官方文档:https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html

以上grok规则会将日志切分为以下结构存入es:

log:[I 26-03-2019 14:50:01 web:1971] 200 GET /api/student/situation_analysis?session_key=88d4faeacb0e97d24982405cf2e788b7&source=paper&subject=math&paper_id=5c9820af3eaeefc905030afa&t=1553583001380 (113.91.43.156) 40.97ms

{
             "C" => "40.97ms",
          "host" => "M7-10-6-12-27-14-77",
       "message" => "[I 26-03-2019 14:50:01 web:1971] 200 GET /api/student/situation_analysis?session_key=88d4faeacb0e97d24982405cf2e788b7&source=paper&subject=math&paper_id=5c9820af3eaeefc905030afa&t=1553583001380 (113.91.43.156) 40.97ms",
          "temp" => [
        [0] "web",
        [1] "1971"
    ],
        "method" => "GET",
       "request" => [
        [0] "/api/student/situation_analysis",
        [1] "session_key=88d4faeacb0e97d24982405cf2e788b7&source=paper&subject=math&paper_id=5c9820af3eaeefc905030afa&t=1553583001380"
    ],
            "ip" => "113.91.43.156",
        "status" => "200",
           "uri" => "/api/student/situation_analysis",
    "info_level" => "I",
     "timestamp" => "26-03-2019 14:50:01",
            "kv" => {
        "session_key" => "88d4faeacb0e97d24982405cf2e788b7",
            "subject" => "math",
           "paper_id" => "5c9820af3eaeefc905030afa"
    },
      "@version" => "1",
    "@timestamp" => 2019-03-26T06:50:01.000Z,
         "param" => "session_key=88d4faeacb0e97d24982405cf2e788b7&source=paper&subject=math&paper_id=5c9820af3eaeefc905030afa&t=1553583001380"
}

 

kibana:

下载地址:https://www.elastic.co/cn/downloads/kibana

1.tar zxvf kibana-6.2.3-linux-x86_64.tar.gz

2.启动 ./bin/kibana

   后台启动:nohup ./bin/kibana &

3.配置外网访问:

config/kibana.yml

修改为:server.host: 0.0.0.0

4.修改elasticsearch.url

启动后需在kibana web端management中配置添加index

 

HINT

一:采集同一台服务器上日志,并做区分采用不同logstash存入es不同index中

1.修改filebeat.yml配置

filebeat.inputs:
# 设置两个path源,对于不同源的日志文件,写入不同的tags标记
- type: log
  paths:
    - /data/log/pisces/*
  tags: ["pisces"]

- type: log
  paths:
    - /data/log/aries/*
  tags: ["aries"]

2.修改logstash.conf配置

#对于包含不同tags标签的来源数据存入不同index,同理可在filter中对不同日志源采取不同分词
output {
	if "pisces" in [tags] {
		elasticsearch {
			hosts => ["10.6.14.77:9200"]
			index => "pisces.log"
		}
	}
	if "aries" in [tags] {
		elasticsearch {
			hosts => ["10.6.14.77:9200"]
			index => "aries.log"
		}
	}
}

二:在同一台服务器上起多个logstash实例

在同一台服务器上直接起多个logstash实例时,在启动第二个时会直接报错,log信息:

Logstash could not be started because there is already another instance using the configured data directory.  If you wish to run multiple instances, you must change the "path.data" setting.

解决办法:

1.为每个服务单独创建一个path.data

  例:/opt/sites/logstash-6.2.3/aquarius_data

         /opt/sites/logstash-6.2.3/aries_data

2.运行logstash时指定 path.data

   /opt/sites/logstash-6.2.3/bin/logstash -f /opt/sites/logstash-6.2.3/conf/aries.conf --path.data /opt/sites/logstash-6.2.3/aries_data

   /opt/sites/logstash-6.2.3/bin/logstash -f /opt/sites/logstash-6.2.3/conf/aquarius.conf --path.data /opt/sites/logstash-6.2.3/aquarius_data

 

 

supervisor 运维配置

目标:所有服务使用supervisor启动,并管理相关log

相关配置:

Elasticsearch

[program: Elasticsearch]
command =/data/elasticsearch-6.2.3/bin/elasticsearch
process_name=%(process_num)d
stopsignal=KILL
user=elsearch
redirect_stderr=true
stdout_logfile_maxbytes=5MB
stdout_logfile_backups=20
stdout_logfile=/data/log/Elasticsearch/Elasticsearch.log
environment=PATH=/data/jdk1.8.0_201/bin:%(ENV_PATH)s

kibana

[program:kibana]
command = /data/kibana-6.2.3-linux-x86_64/bin/kibana
process_name=%(process_num)d
stopsignal=KILL
user=root
redirect_stderr=true
stdout_logfile_maxbytes=5MB
stdout_logfile_backups=20
stdout_logfile=/data/log/kibana/kibana.log
environment=PATH=/data/jdk1.8.0_201/bin:%(ENV_PATH)s

logstash (若在单服务器上启动多个logstash实例,需要为每个实例配置专用的 path.data,并在启动时指定

[program:logstash]
command =/data/logstash-6.2.3/bin/logstash -f /data/logstash-6.2.3/pisces.conf
directory=/data/logstash-6.2.3
process_name=%(process_num)d
stopsignal=KILL
user=root
redirect_stderr=true
stdout_logfile_maxbytes=5MB
stdout_logfile_backups=20
stdout_logfile=/data/log/logstash/logstash.log
environment=PATH=/data/jdk1.8.0_201/bin:/data/logstash-6.2.3/bin:%(ENV_PATH)s

filebeat

[program:filebeat]
command = /data/filebeat-6.3.2-linux-x86_64/filebeat -e -c /data/filebeat-6.3.2-linux-x86_64/filebeat.yml
process_name=%(process_num)d
stopsignal=KILL
user=root
redirect_stderr=true
stdout_logfile_maxbytes=5MB
stdout_logfile_backups=20
stdout_logfile=/data/log/filebeat/filebeat.log
environment=PATH=/data/jdk1.8.0_201/bin:%(ENV_PATH)s

 

2021-1-21新增:

堆栈报错日志收集

问题:由于日志收集为单行收集,无法收集服务器上的堆栈报错

解决:安装multiline插件,配置logstash切词规则,可将堆栈报错整体收集存入es

 

1.安装multiline插件 

./bin/logstash-plugin install logstash-filter-multiline

如遇到无法安装,可修改Gemfile中的source为http

2.logstash中修改添加切词规则

    multiline {
            pattern => "\[%{WORD:info_level} %{DATESTAMP:timestamp}"
            negate => true
            what => "previous"
    }
# 不符合pattern匹配规则的日志行会添加至what(上一行)统一当做一条存入es,negate设置正选或反选

 

BSOD_aura
关注
  • 1
    点赞
  • 8
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
1、ELK部署(filebeatlogstash、elasticsearch、kibana
baidu_41614347的博客
10-26 635
1、 概述 性能测试为了分析日志,统计性能指标需要安装ELK作为性能分析filebeat :轻量级日志采集器; logstash收集日志、解析过滤日志logstash也可以收集日志但是其使用jvm资源消耗比较大) elasticsearch:存贮数据 kibana:开源的分析与可视化平(kibana搜索、查看、分析存放在Elasticsearch中的数据) 为了学习filebeatlogstash、elasticsearch、kibana部署到了一台服务器。(租了一台腾讯云的轻量...
K8s容器日志实时收集FileBeat+ES+Kibana
i4t abcdocker的博客
04-04 6210
K8s容器日志实时收集FileBeat+ES+Kibana www.i4t.com 标签(空格分隔): ELK 文章目录K8s容器日志实时收集FileBeat+ES+Kibana@[toc]一、FileBeat1.1 FileBeat工作原理harvesterprospectorFilebeat 保持文件状态二、环境配置2.1 Tomcat镜像制作2.2 Filebeat 制作镜像2.3 Elas...
Filebeat+Logstash+Es+Kibana 搭建记录
weixin_42545702的博客
06-15 686
整体结构图 : 1服务器2台: 1.1 (121.40.165.59): Filebeat-6.3.2 Logstash-6.3.2 Kibana-6.3.2 1.2 (47.99.139.182): ES -6.3.2 2搭建: 2.1 Filebeat: 官网下载压缩包,解压在 /usr/local/filebeat 目录下, 编辑目录下 filebeat.yml 文件: filebeat.inputs: - type: tcp enabled: true max_message_size:
ELK安装(Elasticsearch+Logstash+Kibana+Filebeat)
最新发布
snail_youth的博客
07-26 1096
ELK其实是Elasticsearch,LogstashKibana三个产品的首字母缩写,这三款都是开源产品。Elasticsearch 是一个分布式、高扩展、高实时的搜索与数据分析引擎。它能很方便的使大量数据具有搜索、分析和探索的能力。充分利用Elasticsearch的水平伸缩性,能使数据在生产环境变得更有价值。
centOS7 运用filebeat+logstash+es+kibana
码农的专栏
10-24 2408
一、配置:logstash server 的配置文件 nano /etc/logstash/logstash.conf ################################## # Sample Logstash configuration for creating a simple # Beats -> Logstash -> Elasticsearch pipeline. input { beats { port => 5044 } } filter
Elasticsearch+filebeat+logstash+kibana集群
ai418348851的博客
01-19 664
一、Elasticsearch+kibana部署server 注:此文档为傻瓜式安装,以避过所有坑,简单安装方便使用,如遇以外问题请度娘 环境部署&&版本需求 CentOS7 Elasticsearch-7.30 kibana-7.30 logstash-7.30 服务器需求两台 200.200.100.51 node1 200.200.100.52 node2 200.200.100.53 node3 1.关闭防火墙&&selinux systemctl stop fire
基于docker-compose构建filebeat + Logstash +Elasticsearch+ kibana日志系统
04-30
基于docker-compose构建filebeat + Logstash +Elasticsearch+ kibana日志系统 对nginx日志进行正则切割字段。 https://www.jianshu.com/p/f7927591d530
Centos7搭建Elasticsearch + Logstash + filebeat + Kibana
GGGoodLuck的博客
08-24 634
一、什么是ELK ELK是Elasticsearch + Logstash + Kibana 这种架构的简写。这是一种日志分平台析的架构。 二、ELK常见的几种架构 1 Elasticsearch + Logstash + Kibana 这是一种最简单的架构。这种架构,通过logstash收集日志,Elasticsearch分析日志,然后在Kibana(web界面)中展示。 2Elasticsearch + Logstash + filebeat + Kibana 与上一种架构相比,这种架构增.
【ELK企业级日志分析系统】部署Filebeat+Kafka+Logstash+Elasticsearch+Kibana集群详解(EFLFK)
陌上花开,静待绽放!
07-13 1569
需做白日梦。你要清楚地知道你到底是谁,要去哪里。要成为一个什么样的人,很多人浑浑噩噩,得过且过。你能清楚地意识到,或者梦想去到达彼岸,有时候,人生境遇就是如此,轻而易举滴到达你的彼岸。
FileBeat+Elasticsearch+Logstash+Kibana日志收集分析系统搭建
canthny的专栏
08-15 1874
准备阶段 6.0以上版本需要jdk1.8,自行安装 wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.0-linux-x86_64.tar.gz wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0...
linu 搭建ELK(es+kibana+logstash)安装包
12-02
新增了一个FileBeat,它是一个轻量级的日志收集处理工具(Agent),Filebeat占用资源少,适合于在各个服务器上搜集日志后传输给Logstash,官方也推荐此工具。 Elasticsearch是个开源分布式搜索引擎,提供搜集、分析、...
2021最新版7.X => filebeat+logstash+ES集群+kibana实战.txt
08-21
filebeat+logstash+ES集群+kibana实战.txt
docker efk(filebeat+logstash+es+kibana)
zhangdaweisuo的博客
10-08 315
1.系统架构 通常我们说的elastic stack,也就是elk,通过es 收集日志数据,存到elasticsearch,最后通过kibana进行统计分析,但是elastic公司后续又推出了新的日志收集产品beats,这里更推荐使用beats,性能更高 2.搭建es 2.1 创建docker 网络,用于不同容器间通信 之前常用--link container_name,因后面--link会被官方舍弃,故改用network方式 docker network creat efknetwo...
es+kibana+logstash快速安装上手
DoloresOOO的博客
06-18 518
Elasticsearch 安装上手 Elasticsearch安装与简单配置 目录结构 bin 脚本文件,启动脚本,安装插件,运行统计数据等 config 集群配置文件 JDK java运行环境 data 数据文件 lib java类库 logs 日志文件 modules 包含所有的ES模块 plugins 包含所有已安装的插件 JVM配置 修改jvm - config/jvm.options 7.1下载的默认是1GB 配置的建议
【有手就行】filebeat+es+kibana收集Nginx日志
wxd5617的博客
12-04 3948
使用filebeat收集Nginx到es,在kibana进行查询~
修改info-center的channel把日志发送到日志服务器_Elastic Stack 实现日志的自动采集、搜索和分析
weixin_39646405的博客
11-30 264
Elastic Stack 包括 Elasticsearch、Kibana、Beats 和 Logstash(也称为 ELK Stack)。能够安全可靠地获取任何来源、任何格式的数据,然后实时地对数据进行搜索、分析和可视化Elasticsearch 是一个分布式、RESTful 风格的搜索和数据分析引擎Kibana 是一个免费且开放的用户界面,能够让您对 Elasticsearch 数据进行可视化...
全网最全-ELK搭建教程(Filebeat+redis+Logstash+ES+Kibana)
troshin的博客
02-01 2371
"一定要按照顺序安装,否则会出现一些无法理解的错误。" 架构: 一、安装java 1、查看是否有自带的java java -version 如果有则卸载,个人是另外自行安装的。然后安装,具体安装JDK可参考我的另外一篇文章: https://blog.csdn.net/qq_33877149/article/details/73437749 二、安装ElasticSearch...
日志系统一(elasticsearch+filebeat+logstash+kibana
个人成长的轨迹记录
01-06 2177
背景:因业务需求需要将nginx、java、ingress日志进行收集
ELK Stack搭建教程:Filebeat+Logstash+Elasticsearch+kibana
ELK栈,即Elasticsearch、LogstashKibana的组合,是一个流行的开源日志分析解决方案,它提供了从收集到展示日志信息的全套流程。这个系统允许开发人员和运维人员实时监控和分析服务器、应用程序和服务的日志数据,...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值