續(xù)上篇

安裝logstash?

下載地址：wgethttps://artifacts.elastic.co/downloads/logstash/logstash-6.1.0.rpm?

#安裝rpm -ivh logstash-6.1.0.rpm?

啟動服務(wù)

systemctl? restart logstash.service?

systemctl? status logstash.service?

systemctl? enable logstash.service?

測試基本輸入輸出

[root@elk2 ~]# /usr/share/logstash/bin/logstash -e? 'input { stdin{} } output { stdout{} }'

WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

Abc? ? ? ? #輸入這個

2020-06-17T05:38:32.783Z elk2 abc? ? #輸出這個

使用rubydebug詳細(xì)輸出

[root@elk2 ~]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { stdout{ codec => rubydebug} }'?

WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

Hello? ? ?#輸入

{"host"=>"elk2",? ? ? ? ?#輸出?

"@timestamp"=>2020-06-17T05:40:38.039Z,"

message"=>"hello","@version"=>"1"}

???[root@elk2 ~]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { elasticsearch { hosts => ["192.168.0.208:9200"]} }'?

WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

123456

wangshibohuanqiu

hahaha

logstash的配置

配置地址

/etc/logstash/conf.d下，以*.conf結(jié)尾

vim /etc/logstash/conf.d/elk1.conf?

input { stdin { } }

output?

? {elasticsearch {hosts=>["192.168.0.208:9200"]}

? stdout {codec=>rubydebug }

}

執(zhí)行

[root@elk2 ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/elk1.conf

?WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

Beijing????????#輸入

{"@version"=>"1",????????#輸出"

host"=>"elk2","

message"=>"beijing",

"@timestamp"=>2020-06-17T05:48:29.275Z

}?

更多用法后續(xù)列出

安裝kibana

下載地址：wgethttps://artifacts.elastic.co/downloads/kibana/kibana-6.1.0-x86_64.rpm?

#安裝rpm -ivh kibana-6.1.0-x86_64.rpm

修改配置文件

vim/etc/kibana/kibana.yml?

2server.port:5601? ? ? #端口

7server.host:"0.0.0.0"????#服務(wù)監(jiān)聽地址

21elasticsearch.url:"http://192.168.0.213:9200"????????#聲明地址氢橙，從哪里查尸疆，集群里面隨便選一個30kibana.index:".kibana"????????#kibana自己創(chuàng)建的索引

33kibana.defaultAppId:"discover"????#打開kibana頁面時有巧，默認(rèn)打開discover

62elasticsearch.pingTimeout:1500????#ping檢測超時時間

66elasticsearch.requestTimeout:30000????#請求超時時間

80elasticsearch.startupTimeout:5000????#啟動超時時間

?114i18n.locale:"zh-CN"????#啟用中文

啟動服務(wù)

systemctl? restart? kibana.service

systemctl? status? kibana.service

systemctl? enable? kibana.service

查看端口

netstat-utnlp | grep5601

訪問服務(wù)

http://192.168.0.208:5601

如果起不來

curl -XDELETE http://localhost:9200/.kibana*

到這里我們的elk就搭建成功了招盲，下一篇教大家安裝es 的插件愿题，方便后續(xù)更好的維護(hù)免胃。

? 沒有理論粉楚，只有實(shí)戰(zhàn)

更多干貨? ?公總耗【大隆愛分享】

那就趕緊來關(guān)我們?