1.先到网站上下载 https://www.elastic.co/cn/downloads,需要的工具
Elasticsearch,Kibana,Logstash,Filebeat。
先把redis安装好。安装redis略过。
2.主要是每个工具的配置文件:
Elasticsearch 直接解压后启动即可:./bin/elasticsearch
做成启动文件如下:startup.sh
#!/bin/bash nohup $HOME/apps/elk/elasticsearch-4.5.0/bin/elasticsearch 2>&1 &
Kibana:修改配置文件elasticsearch的地址,之后启动,./bin/kibana
做成启动文件startup.sh:
#!/bin/bash path1=$HOME/apps/elk/kibana-5.5.0-linux-x86_64 nohup ${path1}/bin/kibana >${path1}/kibana.out 2>&1 & exit
Filebeat:修改配置文件后,启动为: ./filebeat -e -c filebeat.yml
启动文件startup.sh
#!/bin/bash path1=$HOME/apps/elk/filebeat-5.5.0-linux-x86_64 nohup ${path1}/filebeat -e -c filebeat.yml >${path1}/filebeat.out 2>&1 &
filebeat配置文件,配置不同文件类型;
- input_type: log # Paths that should be crawled and fetched. Glob based paths. paths: - /home/lambert/apps/tomcat7-web/tomcat-7-*/logs/catalina.out document_type: apache - input_type: log paths: - /home/lambert/apps/elk/kibana-5.5.0-linux-x86_64/kibana.out document_type: kibana
Logstash:配置文件
input { beats { port => "5044" tags=> "beat" } redis { host => "127.0.0.1" port => 6379 data_type => "list" key => "logstash-list" tags => "redis" } } output { if "beat" in [tags] and "redis" not in [tags] { redis { host => "127.0.0.1" port => "6379" data_type => "list" key => "logstash-list" } }else { elasticsearch { hosts => ["localhost:9200"] } } stdout { codec => rubydebug } }
启动为:./bin/logstash -f ./logstash.conf
做成启动文件startup.sh
#!/bin/bash path1=$HOME/apps/elk/logstash-5.5.0 nohup ${path1}/bin/logstash -f ${path1}/logstash.conf>${path1}/logstash.out 2>&1 &
好了启动之后就可以访问
kibana了默认访问地址是:5061端口