ELK配置 | fzy-blog

logstash中文文档

https://doc.yonyoucloud.com/doc/logstash-best-practice-cn/filter/date.html



ELK原型与介绍：

http://www.cnblogs.com/aresxin/p/8035137.html



一、logstash配置 http://localhost:9600

sudo rpm -ivh logstash-5.2.2.rpm

# 默认安装在 /usr/share/logstash/

# 配置文件在/etc/logstash/

# 日志文件在/var/log/logstash/

配置监听5044端口：

sudo vi /etc/logstash/conf.d/filebeat_logstash_es.conf

input {

   beats {

        port => "5044"

   }

}

output {

    elasticsearch {

         hosts => "localhost:9200"

    }

}

配置方式一：

input {

    file{

        path => "/Users/zhaoyang10/Downloads/logs/*.log"

        start_position => "beginning"

    }

}

output {

   elasticsearch {

        hosts => "localhost:9200"

        index => "logstash-ams-%{+YYYY.MM.dd}"

   }

}



测试配置文件是否正确： bin/logstash -f first-pipeline.conf --config.test_and_exit

启动：bin/logstash -f first-pipeline.conf

比较常用的有：

bin/logstash-plugin list #查看已安装插件列表

bin/logstash-plugin install plugin_name #安装插件

bin/logstash-plugin update plugin_name #卸载插件

bin/logstash-plugin uninstall plugin_name #卸载插件

我们通过list命令查看插件列表时候，无非下列三种类型的插件：

logstash-codec-* #编码解码插件

logstash-filter-* #数据处理插件

logstash-input-* #输入插件

logstash-output-* #输出插件



二、filebeat配置

vi /etc/filebeat/filebeat.yml

paths:

    - /var/log/host.access.log

output.logstash:

  # The Logstash hosts

  hosts: ["10.10.36.128:5044"]



三、elastic search 配置 http://localhost:9200

get: http://localhost:9200/test01/_search

delete：http://localhost:9200/test01/doc/_xRJOGUBPpihVJpnsqWC/

put:  http://localhost:9200/song001/list001/5

data：{"number":32768,"singer":"杨坤","size":"777","song":"今夜20岁","tag":"中国好声音","timelen":319}



设置密码： bin/x-pack/setup-passwords auto

Changed password for user kibana

PASSWORD kibana = xtTAe0VGCaXfoo9jLGtd

Changed password for user logstash_system

PASSWORD logstash_system = TFxxvbvxgKcHEDbJrlvi

Changed password for user elastic

PASSWORD elastic = u2gxvTsHt8i5APS2F25T



四、kibana 配置  http://localhost:5601

安装x-pack

 bin/kibana-plugin install file://你的文件存放地址



es启动命令 9200
./bin/elasticsearch -d

kibana启动命令 5601
./bin/kibana

logstash启动命令 9600
安装 logstash-plugin install logstash-filter-multiline
./bin/logstash -f ./config/logstash_filebeat.conf --config.test_and_exit
./bin/logstash -f ./config/logstash_filebeat.conf --config.reload.automatic

filebeat启动命令 5044
./filebeat -e -c filebeat.yml -d "publish"
Tags: 分布式日志监控
← ELK 系统管理平台表设计 →
赏
使用支付宝打赏
使用微信打赏
若你觉得我的文章对你有帮助，欢迎点击上方按钮对我打赏
扫描二维码，分享此文章