elasticsearch安装问题
一定要使用子账户登陆!!!
https://blog.csdn.net/xiaoying0531/article/details/78941631
==========================
/home/elasticresearch/soft/apache-tomcat-8.5.24
安装tomcat
日志位置
/home/elasticresearch/soft/apache-tomcat-8.5.24/logs
----------------------------------
yum install nginx
nginx在etc/nginx下nginx.conf配置端口号
nginx日志在:
/var/log/nginx
----------------------------------logstash配置
/home/elasticresearch/soft/logstash-5.1.1
配置 logstash:tomcat_access.conf
input {
file{
path => ["/home/elasticresearch/soft/apache-tomcat-8.5.24/logs/localhost_access_log.*.txt"]
start_position => "beginning"
}
}
filter {
date {
match => [ "timestamp" , "YYYY-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch{
hosts => ["10.130.24.111:9200"]
index => "tomcat-access-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
-------------------------------kibana配置
vim /usr/local/kibana/config/kibana.yml 添加一个
elasticsearch.url: "http://10.149.11.226:9200"
server.host: "0.0.0.0"
logging.dest: "/usr/local/kibana/kibana.log"
----------------------------------
elasticsearch后台运行
./elasticsearch -d
logstash后台运行
./logstash -f ./my.conf &
kibana后台运行
/bin/kibana &
关闭:
netstat -anltp|grep elasticsearch
9200
netstat -anltp|grep logstash
9601
netstat -anltp|grep kibana
5601
--------------------------
filebeat替代logstash
https://blog.csdn.net/saga_gallon/article/details/79397557
---------------------------------
/home/appinstall/logHandler/logstash-5.1.1
配置logstash:nginx_access.conf
在logstash安装后解压目录下
创建 nginx_access.conf
--------------------------------
测试界面
--------------------------------
elastic
http://10.130.24.111:9200
localhost:9200/_cat/indices?v
kibana:
http://10.130.24.111:5601/status
http://10.130.24.111:5601/app/kibana
获取elk的部署状态
http://10.130.24.111:9200/_cluster/health?level=indices&pretty