ELK 搭建-白红宇

ELK 搭建

阅读量：4557 次

发布时间：2019-06-08

本文共 2222 字，大约阅读时间需要 7 分钟。

1.安装ES：　　

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

vim /etc/yum.repos.d/elastic.repo  # 增加以下内容

[elasticsearch-6.x]name=Elasticsearch repository for 6.x packagesbaseurl=https://artifacts.elastic.co/packages/6.x/yumgpgcheck=1gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearchenabled=1autorefresh=1type=rpm-md

yum install -y elasticsearch

或者：

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm

rpm -ivh elasticsearch-6.0.0.rpm

启动：

systemctl start elasticsearch.service

2.安装kibana

yum -y install kibana

或

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.0.0-x86_64.rpm

rpm -ivh kibana-6.0.0-x86_64.rpm

对kibana进行配置：

vim /etc/kibana/kibana.ym

启动

systemctl start kibana

3.安装logstash

yum install -y  logstash

或

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.0.0.rpm

rpm -ivh logstash-6.0.0.rpm

配置

vim /etc/logstash/conf.d/syslog.conf

检出配置文件

./logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/syslog.conf --config.test_and_exit

--path.settings 用于指定logstash的配置文件所在的目录

-f 指定需要被检测的配置文件的路径

--config.test_and_exit 指定检测完之后就退出，不然就会直接启动了

启动

systemctl start logstash

（sudo /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd）

启动失误时：

chown logstash /var/log/logstash/logstash-plain.log

logstash 配置

input {  # 定义日志源 # syslog { #   type => "system-syslog"  # 定义类型 #   port => 10514    # 定义监听端口 # }  http {    type => "http-log"  # 定义类型    host => "0.0.0.0"    port => 8010    ssl => false    additional_codecs => {
   "application/x-www-form-urlencoded" => "json"}    codec => plain {      charset => "GB2312"     }   }}filter {  urldecode {    field => "message"  }  mutate {    remove_field => ["headers"]  }  kv {    source => "message"    field_split => "&?"  }}output {  # 定义日志输出 # if [type] == "http-log" { #   elasticsearch {  #     hosts => ["192.168.123.194:9200"]  # 定义es服务器的ip #     index => "http-log-%{+YYYY.MM}" # 定义索引 #   }   stdout {     codec => rubydebug #输出到终端   }  # } # if [type] == "system-syslog" { #   elasticsearch { #     hosts => ["192.168.123.194:9200"]  # 定义es服务器的ip #     index => "system-syslog-%{+YYYY.MM}" # 定义索引 #   } # }}

转载于:https://www.cnblogs.com/qingyibusi/p/11239749.html

你可能感兴趣的文章

HDU-4288 Coder 线段树

查看>>

HDU-1878 欧拉回路判定是否存在欧拉回路

[国嵌攻略][119][Linux中断处理程序设计]

查看>>