下载 Elastic 产品 | Elastic 官网下载
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.8.0.tar.gz
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.8.0-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.8.0-linux-x86_64.tar.gz
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.8.0-linux-x86_64.tar.gz
vi /etc/security/limits.conf #末尾追加 es soft nofile 65536 es hard nofile 65536 es soft nproc 65536 es hard nproc 65536 vi /etc/security/limits.d/20-nproc.conf #将*改为用户名es es soft nproc 4096 root soft nproc unlimited vi /etc/sysctl.conf vm.max_map_count=655360 sysctl -p
tar -zxvf elasticsearch-7.8.0-linux-x86_64.tar.gz
vi /data/elasticsearch-7.8.0/config/elasticsearch.yml #追加配置文件
discovery.type: single-node #单节点模式
network.host: 0.0.0.0
useradd es
passwd es
chown -R es:es elasticsearch-7.8.0
cd /data/elasticsearch-7.8.0
su es
./elasticsearch -d
curl 127.0.0.1:9200/_cluster/health?pretty
2.kibana安装部署
tar -zxvf kibana-7.8.0-linux-x86_64.tar.gz
vi /data/kibana-7.8.0-linux-x86_64/config/kibana.yml
server.host: 0.0.0.0 #任何ip都可访问
elasticsearch.hosts: ["http://10.100.10.190:9200"] #elas服务地址
i18n.locale: "zh-CN" #修改为中文
cd /data
chown -R es:es kibana-7.8.0-linux-x86_64
cd kibana-7.8.0-linux-x86_64/bin
su es
./kibana & #后台启动
3.logstash安装部署
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.8.0.tar.gz
tar -zxvf logstash-7.8.0.tar.gz
cd logstash-7.8.0
bin/logstash -e 'input { stdin { }} output { stdout {} }' #测试输出是否正常
4.filebeat安装部署
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.8.0-linux-x86_64.tar.gz
tar -zxvf filebeat-7.8.0-linux-x86_64.tar.gz
vi /data/filebeat-7.8.0-linux-x86_64/filebeat.yml #配置文件指定监听日志路径
paths:
- /var/log/*.log #日志搜集目录
enabled: true #改成true
output.logstash:
hosts: ["10.100.10.190:5044"]
#output.elasticsearch: #日志输出位置可以注释掉写一个到logstash的配置
# Array of hosts to connect to.
# hosts: ["localhost:9200"]
output.logstash:
# The Logstash hosts
hosts: ["10.100.10.190:5044"]
改成日志输出到logstash
vi /data/logstash-7.8.0/config/logstash-sample.conf #测试输出到终端
input {
beats {
port => 5044
}
}
output {
stdout { codec => rubydebug }
}
/data/logstash-7.8.0/bin/logstash -f /data/logstash-7.8.0/config/logstash-sample.conf --config.reload.automatic #logstash启动
cd /data/filebeat-7.8.0-linux-x86_64
sudo ./filebeat -e -c filebeat.yml -d "publish" #启动filebeat
vi /data/logstash-7.8.0/config/logstash-sample.conf #测试输出到elasticsearch
input {
beats {
port => 5044
}
}
#output {
# stdout { codec => rubydebug }
#}
output {
elasticsearch {
hosts => ["http://10.100.10.190:9200"]
# index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
# #user => "elastic"
# #password => "changeme"
}
}
/data/logstash-7.8.0/bin/logstash -f /data/logstash-7.8.0/config/logstash-sample.conf --config.reload.automatic
sudo ./filebeat -e -c filebeat.yml -d "publish" #启动filebeat
复制所有名称到dev tools 查询看是否有数据
无过滤字段都会显示出来,实际只有两格,但是全部显示出来了
找出实际需要字段 message
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)