一.elasticsearch安装部署
https://www.elastic.co/downloads
1.下载,解压,以elasticsearch-6.0.1为例(基于jdk1.8及以上)
https://www.elastic.co/downloads/elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.1.tar.gz
tar -zxvf elasticsearch-6.0.1.tar.gz2.修改配置文件elasticsearch.yml,进入elk/elasticsearch-6.0.1/config文件夹下
vi elasticsearch.yml
#配置如下 集群名称;节点名称;供外网访问的ip(xxx.xxx.xxx.xxx或0.0.0.0);端口(注意空格)
cluster.name: my-application
node.name: node-1
network.host: ip
http.port: 92003.启动/关闭
#进入bin目录
./elasticsearch -d 启动
./elasticsearch -q 关闭4.访问 ip:9200
详情可参见 https://blog.csdn.net/zhaojiweiwin/article/details/80053573 快速查看
部署可能遇到的问题参见 https://blog.csdn.net/zhaojiweiwin/article/details/80262935 快速查看
二.kibana安装部署
1.下载解压
https://www.elastic.co/downloads/kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.0.1-linux-x86_64.tar.gz
tar -zxvf kibana-6.0.1-linux-x86_64.tar.gz2.修改配置文件kibana.yml,进入elk/kibana-6.0.1/config目录下
vi kibana.yml
#配置信息 服务端口;kibana服务ip;es的外网访问ip;index
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://xxx.xxx.xxx.xxx:9200"
kibana.index: ".kibana"
3.启动 进入bin目录下执行 ./kibana 启动 (./kibana & 后台启动)
三.Logstash安装部署
1.下载解压
https://www.elastic.co/downloads/logstash
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.0.1.tar.gz
tar -zxvf logstash-6.0.1.tar.gz2.简单管道测试
#管道测试代码
bin/logstash -e 'input{stdin {}} output{stdout{}}'
#输入
zhaojiwei
#输出
2018-05-10T11:51:20.985Z iZ283jrawloZ zhaojiwei 3.配置管道输入输出,在config目录下建立logs_to_es.conf
input {
file {
type => "tomcat-catalina"
path => "/opt/apps/apache-tomcat7/logs/catalina.log"
codec => multiline {
pattern => "^\s"
what => "previous"
}
}
}
filter {
#Only matched data are send to output.
}
output {
elasticsearch {
action => "index" #The operation on ES
hosts => "xxx.xxx.xxx.xxx:9200" #ElasticSearch host, can be array.
index => "tomcat_log" #The index to write data to.
}
}https://www.elastic.co/guide/en/logstash/current/input-plugins.html 输入插件
https://www.elastic.co/guide/en/logstash/current/filter-plugins.html 过滤器插件
https://www.elastic.co/guide/en/logstash/current/output-plugins.html 输出插件
https://www.elastic.co/guide/en/logstash/current/codec-plugins.html 编码解码插件
4.启动logstash
./logstash -f ../config/logs_to_es.conf (使用-f指定配置文件,后台启动加 & )说明:如果你的linux环境默认不是jdk1.8,可选择指定jdk方式
elasticsearch指定jdk:进入bin目录下,vi elasticsearch-env添加JAVA_HOME和PATH