一、Elasticsearch
1,從Elastic下載包到本地後解壓縮。
2,Elasticsearch不讓從root用戶啓動,所以需要單獨建個用戶
useradd elastic chown -R elastic:elastic elasticsearch-5.3.0
3,允許外網訪問,修改conf裏elasticsearch.yml,解註釋:
network.host: 0.0.0.0
4,啓動elasticsearch
su elastic sh elasticsearch-5.3.0/bin/elasticsearch -d
5,驗證,瀏覽器訪問服務器9200端口,應看到類似:
{
"name" : "ufJRIlo",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "_na_",
"version" : {
"number" : "5.3.0",
"build_hash" : "3adb13b",
"build_date" : "2017-03-23T03:31:50.652Z",
"build_snapshot" : false,
"lucene_version" : "6.4.1"
},
"tagline" : "You Know, for Search"
}二、LogStash
1,從elastic官網下包到本地解壓。
2,創建配置文件logstash.conf
input {
file {
path => [ "/tmp/*.log","/root/zhoulei/new/loginserver/logs/packages/*ACCOUNT.log" ]
exclude => [ "*DEBUG.log", "*INFO.log", "*ERROR.log" ]
start_position => "beginning"
}
}
filter{
grok{
match => { "message" => "%{DATA:logTime}\|%{DATA:gameId}\|%{DATA:serverId}\|%{DATA:version}\|%{DATA:logType}\|%{DATA:behavior}\|%{DATA:channelId}\|%{DATA:clientVersion}\|%{DATA:platform}\|%{DATA:accountId}\|%{DATA:accountName}\|%{DATA:roleId}\|%{DATA:roleName}\|%{DATA:etc}\|*" }
}
date{
match => [ "logTime","yyyy-MM-dd HH:mm:ss.SSS" ]
target => "@timestamp"
locale => "en"
remove_field => [ "logTime" ]
}
if ([logType]=="SERVER"){
mutate{
split=>["message","|"]
add_field =>{
"online" => "%{[message][22]}"
"onlineMax" => "%{[message][23]}"
}
remove_field =>["onlineNum"]
remove_field =>["maxNum"]
}
mutate{
convert => { "online" => "integer"}
convert => { "onlineMax" => "integer"}
}
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
}
}3,創建服務啓動後臺運行腳本
#!/bin/bash nohup ./logstash -f logstash.conf >nohup.out &
三、Kibana
1,下載安裝包,可以下windows版,解壓。
2,編輯conf裏kibana.yml,設置elasticsearch服務url
elasticsearch.url: "http://127.0.0.1:9200/"
3,驗證服務,瀏覽器訪問kibana所在機器的5601端口,可以看到Kibana頁面。