ELK本地安装尝试

本地环境

• 操作系统：ubuntu16
• jdk: 1.8

elasticsearch

• 获取安装包

  wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.6.1.tar.gz

• 解压

  tar -zxf  elasticsearch-6.6.1.tar.gz

• 编辑elasticsearch-6.6.1下的配置文件

vi config/elasticsearch.yml 

修改下面这部分配置，其中/home/sanhong/Documents/soft/elasticsearch-6.6.1这处需要改成当前es的安装目录

cluster.name: my-application
node.name: node-1
path.data: /home/sanhong/Documents/soft/elasticsearch-6.6.1/data
path.logs: /home/sanhong/Documents/soft/elasticsearch-6.6.1/logs
network.host: 127.0.0.1
http.port: 9200

• 启动es

./bin/elasticsearch

• 测试是否启动成功

curl http://127.0.0.1:9200

返回结果类似下面

{
  "name" : "node-1",
  "cluster_name" : "my-application",
  "cluster_uuid" : "2GZqiLq6QeCDEeOATN6QMw",
  "version" : {
    "number" : "6.6.1",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "1fd8f69",
    "build_date" : "2019-02-13T17:10:04.160291Z",
    "build_snapshot" : false,
    "lucene_version" : "7.6.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

Logstash

• 获取安装包

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.6.1.tar.gz

• 解压

tar -zvf logstash-6.6.1.tar.gz

• 新增并编辑logstash-6.6.1下的配置文件config/javalog.conf

input {
    beats {
       port => 5044
    }  
}
filter {
  #Only matched data are send to output.
}
output {
  # For detail config for elasticsearch as output, 
  # See: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
  elasticsearch {
    action => "index"          #The operation on ES
    hosts  => "127.0.0.1:9200"   #ElasticSearch host, can be array.
    index  => "applog"         #The index to write data to.
  }
}

• 启动

./bin/logstash -f config/javalog.conf

Filebeat

• 获取安装包

wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.6.1-linux-x86_64.tar.gz

• 解压安装包

tar -zxf  filebeat-6.6.1-linux-x86_64.tar.gz

• 修改配置文件filebear.yml
  先找到以下这块内容修改，注意/home/sanhong/Documents/HowTomcatWorks/sanhongrabbitlearn/src/main/resources/logs/*.log这处是你要监听的日志路径

  # Change to true to enable this input configuration.
  enabled: true
  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /home/sanhong/Documents/HowTomcatWorks/sanhongrabbitlearn/src/main/resources/logs/*.log

再找到以下这块修改，关闭直接输出到es的配置

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

最后找到以下这块修改，输出日志到logstash

#----------------------------- Logstash output --------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

• 启动filebeat

./filebeat

kibana

• 获取安装包

wget https://artifacts.elastic.co/downloads/kibana/kibana-6.6.1-linux-x86_64.tar.gz

• 解压

tar -zxf kibana-6.6.1-linux-x86_64.tar.gz

• 修改目录下config/kibana.yml

server.port: 5601
server.host: locahost
elasticsearch.url: http://127.0.0.1:9200

• 启动kibana

./bin/kibana

• 浏览器访问http:127.0.0.1:5601，然后在Managment添加index-pattern，找到applog，最后再去Discover即可发现日志

以上参考自

• https://my.oschina.net/itblog/blog/547250/