1.先到網站上下載 https://www.elastic.co/cn/downloads,需要的工具
Elasticsearch,Kibana,Logstash,Filebeat。
先把redis安裝好。安裝redis略過。
2.主要是每個工具的配置文件:
Elasticsearch 直接解壓后啟動即可:./bin/elasticsearch
做成啟動文件如下:startup.sh
#!/bin/bash nohup $HOME/apps/elk/elasticsearch-4.5.0/bin/elasticsearch 2>&1 &
Kibana:修改配置文件elasticsearch的地址,之后啟動,./bin/kibana
做成啟動文件startup.sh:
#!/bin/bash path1=$HOME/apps/elk/kibana-5.5.0-linux-x86_64 nohup ${path1}/bin/kibana >${path1}/kibana.out 2>&1 & exit
Filebeat:修改配置文件后,啟動為: ./filebeat -e -c filebeat.yml
啟動文件startup.sh
#!/bin/bash path1=$HOME/apps/elk/filebeat-5.5.0-linux-x86_64 nohup ${path1}/filebeat -e -c filebeat.yml >${path1}/filebeat.out 2>&1 &
filebeat配置文件,配置不同文件類型;
- input_type: log # Paths that should be crawled and fetched. Glob based paths. paths: - /home/lambert/apps/tomcat7-web/tomcat-7-*/logs/catalina.out document_type: apache - input_type: log paths: - /home/lambert/apps/elk/kibana-5.5.0-linux-x86_64/kibana.out document_type: kibana
Logstash:配置文件
input { beats { port => "5044" tags=> "beat" } redis { host => "127.0.0.1" port => 6379 data_type => "list" key => "logstash-list" tags => "redis" } } output { if "beat" in [tags] and "redis" not in [tags] { redis { host => "127.0.0.1" port => "6379" data_type => "list" key => "logstash-list" } }else { elasticsearch { hosts => ["localhost:9200"] } } stdout { codec => rubydebug } }
啟動為:./bin/logstash -f ./logstash.conf
做成啟動文件startup.sh
#!/bin/bash path1=$HOME/apps/elk/logstash-5.5.0 nohup ${path1}/bin/logstash -f ${path1}/logstash.conf>${path1}/logstash.out 2>&1 &
好了啟動之后就可以訪問
kibana了默認訪問地址是:5061端口