簡(jiǎn)介
ELK = Elasticsearch + Logstash + Kibana 定页,是一套非常流行的分布式日志采集却汉、處理、匯總及展示工具满粗。
- Logstash - 日志采集、過(guò)濾,并轉(zhuǎn)發(fā)給Elasticsearch
- Elasticsearch - 搜索引擎毒返,存儲(chǔ)、索引凉敲、分析日志
- Kibana - WEB界面,查詢并展示Elasticsearch的數(shù)據(jù)
本文主要介紹ELK日志平臺(tái)初步搭建及配置寺旺。
Elastic官網(wǎng)
安裝Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.0.tar.gz
tar -zxvf elasticsearch-5.6.0.tar.gz
bin/elasticsearch-plugin install x-pack # 安裝XPack(可選)
網(wǎng)絡(luò)不穩(wěn)定時(shí)爷抓,可能需要掛$$代理+Proxifier
安裝Kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-5.6.0-darwin-x86_64.tar.gz
tar -zxvf kibana-5.6.0-darwin-x86_64.tar.gz
bin/kibana-plugin install x-pack # 安裝XPack(可選)
安裝Logstash
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.tar.gz
tar -zxvf logstash-5.6.1.tar.gz
配置Logstash
vi logstash.conf
input {
file {
path => "/opt/logs/busi/playground.log"
ignore_older => 0
sincedb_path => "/dev/null"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
user => "elastic"
password => "changeme"
}
stdout { codec => rubydebug }
}
注意如果安裝了XPack,在output中需要配置elasticsearch的用戶名及密碼
運(yùn)行
bin/elasticsearch
bin/kibana
bin/logstash -f logstash.conf
登錄Kibana控制臺(tái)
初始用戶名密碼: elastic/changeme
