ELK使用搜索tomcat nginx日志

elasticsearch安装问题

一定要使用子账户登陆！！！

https://blog.csdn.net/xiaoying0531/article/details/78941631

==========================

/home/elasticresearch/soft/apache-tomcat-8.5.24

安装tomcat

日志位置

/home/elasticresearch/soft/apache-tomcat-8.5.24/logs

----------------------------------

yum install nginx

nginx在etc/nginx下nginx.conf配置端口号

nginx日志在：

/var/log/nginx

----------------------------------logstash配置

/home/elasticresearch/soft/logstash-5.1.1

配置 logstash：tomcat_access.conf

input {
file{
   path => ["/home/elasticresearch/soft/apache-tomcat-8.5.24/logs/localhost_access_log.*.txt"]
       start_position => "beginning"
}
}
filter {
date {
   match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch{
   hosts => ["10.130.24.111:9200"]

index =>   "tomcat-access-%{+YYYY.MM.dd}"

   }
   stdout {
   codec => rubydebug
}
}

-------------------------------kibana配置

vim /usr/local/kibana/config/kibana.yml 添加一个

elasticsearch.url: "http://10.149.11.226:9200"

server.host: "0.0.0.0"

logging.dest: "/usr/local/kibana/kibana.log"

----------------------------------

elasticsearch后台运行

./elasticsearch -d

logstash后台运行

./logstash -f ./my.conf &

kibana后台运行

/bin/kibana &

关闭：

netstat -anltp|grep elasticsearch

9200

netstat -anltp|grep logstash

9601

netstat -anltp|grep kibana

5601

--------------------------

filebeat替代logstash

https://blog.csdn.net/saga_gallon/article/details/79397557

---------------------------------

/home/appinstall/logHandler/logstash-5.1.1

配置logstash：nginx_access.conf

在logstash安装后解压目录下

创建 nginx_access.conf

--------------------------------

测试界面

--------------------------------

elastic

http://10.130.24.111:9200

localhost:9200/_cat/indices?v

kibana：

http://10.130.24.111:5601/status

http://10.130.24.111:5601/app/kibana

获取elk的部署状态

http://10.130.24.111:9200/_cluster/health?level=indices&pretty

ELK使用 搜索tomcat nginx日志

猜你喜欢

ELK使用搜索tomcat nginx日志