碼上快樂

相關內容    簡體    繁體

ubuntu 16.4 安裝 filebeat+Logstash+ElasticSearch+Kibana

本文轉載自   查看原文   2018-07-09 20:24   1485 

ubuntu 16.4 安裝 filebeat+Logstash+ElasticSearch+Kibana(ELK)

安裝java 8

sudo add-apt-repository -y ppa:webupd8team/java
	
sudo apt-get update
	
sudo apt-get -y install oracle-java8-installer

elasticsearch

mkdir elasticsearch; cd elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.deb

sudo dpkg -i elasticsearch-6.3.0.deb

  

下面這幾行去掉注釋

cluster.name:   #  自定義 下同
node.name:
path.data:
path.logs:
network.host: 127.0.0.1
http.port: 9200

  

啟動

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl restart elasticsearch

  

測試:

curl -XGET "http://localhost:9200" 會出現以下內容

{
  "name" : "luOq_eh",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "mIcflXKsR3-ER66MCTSJzA",
  "version" : {
    "number" : "5.2.1",
    "build_hash" : "db0d481",
    "build_date" : "2017-02-09T22:05:32.386Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.1"
  },
  "tagline" : "You Know, for Search"
}

  

Logstash

wget  https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.deb
sudo dpkg -i logstash-6.3.0.deb

  

配置

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => "127.0.0.1:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

  

啟動

sudo systemctl daemon-reload
sudo systemctl enable logstash
sudo systemctl restart logstash

  

Kibana

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-amd64.deb 

sudo dpkg -i kibana-6.3.0-amd64.deb

  

配置:修改下面內容

server.port: 5601
server.host: "0.0.0.0"
server.name: "127.0.0.1"
elasticsearch.url: "http://127.0.0.1:9200"

  

啟動

sudosu  systemctl daemon-reload

sudo systemctl enable kibana

sudo systemctl start kibana

  

filebeat

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-amd64.deb
 
sudo dpkg -i filebeat-6.3.0-amd64.deb

  

修改配置

#  設置input
- input_type: log
 enabled: true
 paths:
   - /var/log/test.log
   
#  設置output  
#  注釋掉 elacsearch的輸出  開放logstash
   
output.logstash:
 hosts: ["127.0.0.1:5044"]

  

啟動

sudosu  systemctl daemon-reload

sudo systemctl enable filebeat

sudo systemctl start filebeat

  

測試:

  • 修改 /var/log/test.log (所監控log)內容
echo "這是第一條測試" >> /var/log/test.log
  • 瀏覽器訪問http://localhost:5601
  • 然后 依次點擊菜單management Index Patterns Add New 輸入 filebeat-* 點擊確定 然后點擊菜單Discover 就會發現 剛剛添加的內容


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 filebeat+logstash+elasticsearch+kibana多來源日志收集平台 Ubuntu 16.04安裝Elasticsearch,Logstash和Kibana(ELK)Filebeat Filebeat+Logstash+ElasticSearch+Kibana搭建Apache訪問日志解析平台 Docker安裝部署ELK教程 (Elasticsearch+Kibana+Logstash+Filebeat) Docker安裝部署ELK教程 (Elasticsearch+Kibana+Logstash+Filebeat) Docker安裝部署ELK教程(Elasticsearch+Kibana+Logstash+Filebeat) Docker安裝部署ELK教程 (Elasticsearch+Kibana+Logstash+Filebeat) Docker安裝部署ELK (Elasticsearch+Kibana+Logstash+Filebeat) Docker安裝部署ELK教程 (Elasticsearch+Kibana+Logstash+Filebeat) ELK搭建(filebeat、elasticsearch、logstash、kibana)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM