環境:
CentOS 7,JDK1.8,Elasticsearch6.3.2,Logstash6.3.2,Kibana6.3.2
摘要說明:
前面幾節已經簡單的介紹了elk各個組件之間的作用及基礎使用,這裏在總結下服務器無網下的安裝及配置實例
步驟:
一.下載ELK
由於無網情況下,且jdk爲1.8這裏選擇6.3.2:
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.2.tar.gz
https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.tar.gz
https://artifacts.elastic.co/downloads/kibana/kibana-6.3.2-linux-x86_64.tar.gz
二、安裝elasticsearch
1、解壓elasticsearch;
tar -zxvf elasticsearch-6.3.2.tar.gz
目錄如下:
2、修改配置:
vi config/elasticsearch.yml
修改內容如下:
path.data: /app/elk/path/to/data
path.logs: /app/elk/path/to/logs
network.host: 0.0.0.0
http.port: 9200
3、啓動:
cd bin
nohup ./elasticsearch &
4.訪問http://ip:9200/查看是否完成配置
三、安裝logstash
1、解壓logstash
tar -zxvf logstash-6.3.2.tar.gz
創建config.d:
2、下面是監控多個日誌文件輸入,將日誌輸出到elasticsearch並指定多個index
input {
file {
type => "app"
path => ["/home/appuser/app/logs/info.log","/home/appuser/app/logs/error.log"]
start_position => "end"
ignore_older => 0
codec => multiline {
pattern => "^\["
negate => true
what => "previous"
}
sincedb_path => "/dev/null"
}
file {
type => "claim"
path => ["/home/appuser/claimPlatform/logs/info.log","/home/appuser/claimPlatform/logs/error.log"]
start_position => "end"
ignore_older => 0
codec => multiline {
pattern => "^\["
negate => true
what => "previous"
}
sincedb_path => "/dev/null"
}
}
filter {
mutate {
rename => { "[host][name]" => "host" }
}
}
output {
stdout { codec => "rubydebug" }
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "%{type}-%{+YYYY.MM.dd}"
action => "index"
template_name => "%{type}"
}
}
3、啓動logstash;
cd bin
nohup ./logstash -f /app/logstash-6.3.2/config.d/ &
三、安裝Kibana
1、解壓Kibana
tar -zxvf kibana-6.3.2-linux-x86_64.tar.gz
2、修改配置
vi config/kibana.yml
修改配置如下:
server.port: 5601
server.host: "xxx.xxx.xxx.xxx"
elasticsearch.url: "http://localhost:9200"
3、啓動
cd bin
nohup ./kibana &
4、訪問:http://ip:5601配置index:
5、搜索日誌,注意說明輸入整詞匹需添加””:
四、總結
1、jdk版本決定elk版本;
2、elk版本需要一致;
3、搜索日誌整詞需要使用“”;