CentOS7下Elastic Stack 5.0日志分析系统搭建

原文链接：http://www.2cto.com/net/201612/572296_3.html

在http://localhost:5601下新建索引页面输入“metricbeat-*”，之后kibana会自动更新，在“Time-field name”下面的选项中选择“@timestamp”，最后点击“Create”创建即可。

最后呈现如下图所示:

注1:

关于ELK Stack的一些查询语句:

①查询filebeat

1	#curl-XGET'http://localhost:9200/filebeat-*/_search?pretty'

②查询packetbeat

1	#curl-XGET'http://localhost:9200/packetbeat-*/_search?pretty'

③查询metricbeat

1	#curl-XGET'http://localhost:9200/metricbeat-*/_search?pretty'

④查询集群健康度

1	#curl'localhost:9200/_cat/health?v'

⑤查看节点列表

1 2 3

#curl'localhost:9200/_cat/nodes?v' ipheap.percentram.percentcpuload_1mload_5mload_15mnode.rolemastername 127.0.0.1379330.050.070.41mdi*XVY0Ovb

⑥列出所有索引

1 2 3 4 5 6 7 8 9 10 11 12

#curl'localhost:9200/_cat/indices?v' healthstatusindexuuidprirepdocs.countdocs.deletedstore.sizepri.store.size yellowopenfilebeat-2016.11.28Mn4MzxdTRaCj9iseutcmqA512012kb12kb yellowopenfilebeat-2016.11.29iMrr710mT42mApxdV62k-A51159065.9kb65.9kb yellowopenpacketbeat-2016.11.29wkTcIwD6RgiiCFwlWBIILA51565201.6mb1.6mb yellowopencustomerNvxXLgHoREefJLRhot13Ug5100800b800b yellowopenpacketbeat-2016.11.28Beoe07S7QB-dntNV4nxJNQ5124460676.4kb676.4kb yellowopentestM7WbkYq2QNmeJ9NOyMfMZA5100800b800b yellowopenlogstash-2016.11.28pcb_84ChSBe9A7VRd-SQNw511610123.2kb123.2kb yellowopenmetricbeat-2016.11.29AmVeT1xCQGCnxlAFXUxhYw5194459037.6mb37.6mb yellowopenlogstash-2016.11.296PCKMYKCSVmPfdg-Sx2ARA5185772020.3mb20.3mb yellowopen.kibanaQYTg0I5KS-yc3d7GSey3Zw1150102kb102kb