elk部署(實操二)
阿新 • • 發佈:2020-07-29
續上篇
https://www.cnblogs.com/wangql/p/13373022.html
安裝logstash
下載地址:wget https://artifacts.elastic.co/downloads/logstash/logstash-6.1.0.rpm #安裝 rpm -ivh logstash-6.1.0.rpm #啟動服務 systemctl restart logstash.service systemctl status logstash.service systemctl enable logstash.service
測試基本輸入輸出
[root@elk2 ~]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { stdout{} }'
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using defaultconfig which logs errors to the consoleThe stdin plugin is now waiting for
input:Abc #輸入這個
2020-06-17T05:38:32.783Z elk2 abc #輸出這個
使用rubydebug詳細輸出
[root@elk2 ~]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { stdout{ codec => rubydebug} }'
WARNING: Could not find logstash.yml whichis typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the consoleThe stdin plugin is now waiting for
input:Hello #輸入
{ "host" => "elk2", #輸出
"@timestamp" => 2020-06-17T05:40:38.039Z,
"message" => "hello",
"@version" => "1"
} [root@elk2 ~]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { elasticsearch { hosts => ["192.168.0.208:9200"]} }'
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the consoleThe stdin plugin is now waiting for
input:123456
wangshibo
huanqiu
hahaha
logstash的配置
配置地址
/etc/logstash/conf.d下,以*.conf結尾
vim /etc/logstash/conf.d/elk1.conf input { stdin { } } output { elasticsearch { hosts => ["192.168.0.208:9200"]} stdout { codec => rubydebug } }
執行
[root@elk2 ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/elk1.conf
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the consoleThe stdin plugin is now waiting for
input:Beijing #輸入
{ "@version" => "1", #輸出
"host" => "elk2",
"message" => "beijing",
"@timestamp" => 2020-06-17T05:48:29.275Z
}
更多用法後續列出
安裝kibana
下載地址:wget https://artifacts.elastic.co/downloads/kibana/kibana-6.1.0-x86_64.rpm #安裝 rpm -ivh kibana-6.1.0-x86_64.rpm
修改配置檔案
vim /etc/kibana/kibana.yml
2 server.port: 5601 #埠
7 server.host: "0.0.0.0" #服務監聽地址
21 elasticsearch.url: "http://192.168.0.213:9200" #宣告地址,從哪裡查,叢集裡面隨便選一個
30 kibana.index: ".kibana" #kibana自己建立的索引
33 kibana.defaultAppId: "discover" #開啟kibana頁面時,預設開啟discover
62 elasticsearch.pingTimeout: 1500 #ping檢測超時時間
66 elasticsearch.requestTimeout: 30000 #請求超時時間
80 elasticsearch.startupTimeout: 5000 #啟動超時時間 114 i18n.locale: "zh-CN" #啟用中文
啟動服務
systemctl restart kibana.service
systemctl status kibana.service
systemctl enable kibana.service
檢視埠
netstat -utnlp | grep 5601
訪問服務
http://192.168.0.208:5601
如果起不來
curl -XDELETE http://localhost:9200/.kibana*
到這裡我們的elk就搭建成功了,下一篇教大家安裝es 的外掛,方便後續更好的維護。
本文為我自己的學習筆記,難免有些遺漏,歡迎指正。遇事不慌,大隆來幫,也請大家關注我,支援我,謝謝!
沒有理論,只有實戰
更多幹貨
來關注我