ubuntu 16.4 安装 filebeat+Logstash+ELK

其他 2018-07-09 20:58:55 阅读次数: 0

ubuntu 16.4 安装 filebeat+Logstash+ELK

1.安装java 8

sudo add-apt-repository -y ppa:webupd8team/java
	
sudo apt-get update
	
sudo apt-get -y install oracle-java8-installer

elasticsearch

mkdir elasticsearch; cd elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.deb

sudo dpkg -i elasticsearch-6.3.0.deb

下面这几行去掉注释

cluster.name:   #  自定义 下同
node.name: path.data: path.logs: network.host: 127.0.0.1 http.port: 9200

启动

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl restart elasticsearch

测试:

curl -XGET "http://localhost:9200" 会出现以下内容

{
  "name" : "luOq_eh",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "mIcflXKsR3-ER66MCTSJzA", "version" : { "number" : "5.2.1", "build_hash" : "db0d481", "build_date" : "2017-02-09T22:05:32.386Z", "build_snapshot" : false, "lucene_version" : "6.4.1" }, "tagline" : "You Know, for Search" }

Logstash

wget  https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.deb
sudo dpkg -i logstash-6.3.0.deb

配置

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => "127.0.0.1:9200" manage_template => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" document_type => "%{[@metadata][type]}" } }

启动

sudo systemctl daemon-reload
sudo systemctl enable logstash
sudo systemctl restart logstash

Kibana

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-amd64.deb 

sudo dpkg -i kibana-6.3.0-amd64.deb

配置:修改下面内容

server.port: 5601
server.host: "0.0.0.0"
server.name: "127.0.0.1" elasticsearch.url: "http://127.0.0.1:9200"

启动

sudo systemctl daemon-reload

sudo systemctl enable kibana

sudo systemctl start kibana

filebeat

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-amd64.deb
 
sudo dpkg -i filebeat-6.3.0-amd64.deb

修改配置

#  设置input
- input_type: log
 enabled: true  paths:  - /var/log/test.log # 设置output # 注释掉 elacsearch的输出 开放logstash output.logstash:  hosts: ["127.0.0.1:5044"]

启动

sudo systemctl daemon-reload

sudo systemctl enable filebeat

sudo systemctl start filebeat

测试:

  • 修改 /var/log/test.log (所监控log)内容
echo "这是第一条测试" >> /var/log/test.log
  • 浏览器访问http://localhost:5601
  • 然后 依次点击菜单management Index Patterns Add New 输入 filebeat-* 点击确定 然后点击菜单Discover 就会发现 刚刚添加的内容

猜你喜欢

转载自www.cnblogs.com/libinblogs/p/9285868.html
今日推荐
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
周排行
Metasploit文件目录与入侵基本概念
跨域(CORS)请求问题[No 'Access-Control-Allow-Origin' header is present on the requested resource]常见解决方案
CodeIgniter 源码解读之 CodeIgniter.php(二)
SAS入门之(四)改变数据类型
初识元组
[数学建模]数学建模算法和模型(B站视频)(二)
Nginx 服务器源码安装配置流程
C#实现语音视频录制 【基于MCapture + MFile】
开发进度4
下载安装vue的方法网址
每日归档
更多
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022