zoukankan      html  css  js  c++  java

  • ubuntu 16.4 安装 filebeat+Logstash+ElasticSearch+Kibana

    ubuntu 16.4 安装 filebeat+Logstash+ElasticSearch+Kibana(ELK)

    安装java 8

    sudo add-apt-repository -y ppa:webupd8team/java
	
sudo apt-get update
	
sudo apt-get -y install oracle-java8-installer

    elasticsearch

    mkdir elasticsearch; cd elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.deb

sudo dpkg -i elasticsearch-6.3.0.deb

      

    下面这几行去掉注释

    cluster.name:   #  自定义 下同
node.name:
path.data:
path.logs:
network.host: 127.0.0.1
http.port: 9200

      

    启动

    sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl restart elasticsearch

      

    测试:

    curl -XGET "http://localhost:9200" 会出现以下内容

    {
  "name" : "luOq_eh",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "mIcflXKsR3-ER66MCTSJzA",
  "version" : {
    "number" : "5.2.1",
    "build_hash" : "db0d481",
    "build_date" : "2017-02-09T22:05:32.386Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.1"
  },
  "tagline" : "You Know, for Search"
}

      

    Logstash

    wget  https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.deb
sudo dpkg -i logstash-6.3.0.deb

      

    配置

    input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => "127.0.0.1:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

      

    启动

    sudo systemctl daemon-reload
sudo systemctl enable logstash
sudo systemctl restart logstash

      

    Kibana

    wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-amd64.deb 

sudo dpkg -i kibana-6.3.0-amd64.deb

      

    配置:修改下面内容

    server.port: 5601
server.host: "0.0.0.0"
server.name: "127.0.0.1"
elasticsearch.url: "http://127.0.0.1:9200"

      

    启动

    sudosu  systemctl daemon-reload

sudo systemctl enable kibana

sudo systemctl start kibana

      

    filebeat

    wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-amd64.deb
 
sudo dpkg -i filebeat-6.3.0-amd64.deb

      

    修改配置

    #  设置input
- input_type: log
 enabled: true
 paths:
   - /var/log/test.log
   
#  设置output  
#  注释掉 elacsearch的输出  开放logstash
   
output.logstash:
 hosts: ["127.0.0.1:5044"]

      

    启动

    sudosu  systemctl daemon-reload

sudo systemctl enable filebeat

sudo systemctl start filebeat

      

    测试:

    • 修改 /var/log/test.log (所监控log)内容
    echo "这是第一条测试" >> /var/log/test.log
    • 浏览器访问http://localhost:5601
    • 然后 依次点击菜单management Index Patterns Add New 输入 filebeat-* 点击确定 然后点击菜单Discover 就会发现 刚刚添加的内容
  • 相关阅读:
    POJ 1141 括号匹配 DP
    881. Boats to Save People
    870. Advantage Shuffle
    874. Walking Robot Simulation
    文件操作
    861. Score After Flipping Matrix
    860. Lemonade Change
    842. Split Array into Fibonacci Sequence
    765. Couples Holding Hands
    763. Partition Labels
  • 原文地址:https://www.cnblogs.com/libinblogs/p/9285868.html
Copyright © 2011-2022 走看看