ELK 7.1 监控logstash

默认的安装的logstash是没有被kibana监控的,需要经过一些设置进行监控。
注释：以下配置文件的路径基于RPM安装的ELK7.1版本.

1.Elasticsearch需要修改加一些配置：
## vim /etc/elasticsearch/elasticsearch.yml
...
#action.destructive_requires_name: true
xpack.security.audit.enabled: true

xpack.security.enabled: false
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*

2.logstash 的配置文件：

# cat  /etc/logstash/logstash.yml   | grep -v ^#
path.data: /var/lib/logstash
http.host: "197.255.20.213"
path.logs: /var/log/logstash
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash
xpack.monitoring.elasticsearch.password: logstash
xpack.monitoring.elasticsearch.hosts: ["http://197.255.20.215:9200", "http://197.255.20.214:9200","http://197.255.20.213:9200"]
xpack.monitoring.elasticsearch.sniffing: true
xpack.monitoring.collection.interval: 5s
xpack.monitoring.collection.pipeline.details.enabled: true

注意启动logstash的时候需要有配置好的配置文件:(放置于/etc/logstash/conf.d/目录下，配置文件必须是以.conf文件结尾)
否则报错：
[2019-05-23T15:48:59,906][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
[2019-05-23T15:48:59,965][INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"/etc/logstash/conf.d/*.conf"}

-- logstash示例：


--重启Elasticsearch和logstash：
# sudo systemctl restart elasticsearch.service
# sudo systemctl restart logstash.service


--其他的报错信息：
[2019-05-23T14:37:03,092][ERROR][logstash.configmanagement.elasticsearchsource] X-Pack Security needs to be enabled in Elasticsearch. Please set xpack.security.enabled: true in elasticsearch.yml.

监控logstash的信息：