前言

本人新手褐奥，本文記錄簡單的ELKB單機部署，ELKB分別指elasticsearch翘簇、logstash撬码、kibana、filebeat版保，用的當(dāng)前官網(wǎng)最新版本7.2.0呜笑，日志用的Java-log4j產(chǎn)生的日志。

一彻犁、準(zhǔn)備工作

需要下載的安裝包叫胁，下載完后解壓備用：

• elasticsearch-7.2.0-windows-x86_64
• kibana-7.2.0-windows-x86_64
• filebeat-7.2.0-windows-x86_64
• logstash-7.2.0

下載地址：
https://www.elastic.co/cn/downloads/

二、啟動elasticsearch

• 修改config/elasticsearch.yml汞幢，改數(shù)據(jù)和日志的位置

path.data: E:/upload/elk/data
path.logs: E:/upload/elk/logs

• cmd中執(zhí)行

.\bin\elasticsearch

• 瀏覽器輸入http://localhost:9200驗證驼鹅，返回如下結(jié)果則為正確

{
"name" : "DESKTOP-RLMLLD1",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "Rv7GIwE5QDSkJJuCj_rHiw",
"version" : {
"number" : "7.2.0",
"build_flavor" : "default",
"build_type" : "zip",
"build_hash" : "508c38a",
"build_date" : "2019-06-20T15:54:18.811730Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}

三、啟動logstash

• cmd中執(zhí)行

.\bin\logstash -f .\config\logstash-sample.conf

看打印的log中，success則為成功

四输钩、啟動kibana

• 修改config/kibana.yml豺型，改本地IP和超時的時長

server.host: "0.0.0.0" (改為自己的IP，下同)
elasticsearch.requestTimeout: 90000

• cmd中執(zhí)行

.\bin\kibana

瀏覽器中买乃，輸入http://0.0.0.0:5601触创，能訪問則啟動成功

五、啟動filebeat

• 修改filebeat.yml配置

1为牍、開啟input

filebeat.inputs:
- type: log
  paths:
    - e:\upload\logs\*

2哼绑、關(guān)閉output.logstash（注釋掉）

#output.elasticsearch:
  #hosts: ["localhost:9200"]

3、開啟output.logstash

output.logstash:
  hosts: ["localhost:5044"]

• cmd中執(zhí)行

.\filebeat -e -c filebeat.yml

六碉咆、log4j打印日志程序

• 配置引用最新的log4j包

        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
            <version>1.2.17</version>
        </dependency>

• resources中配置log4j.properties

### 設(shè)置###
log4j.rootLogger = debug,stdout,D,E

### 輸出信息到控制抬 ###
log4j.appender.stdout = org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target = System.out
log4j.appender.stdout.layout = org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern = [%-5p] %d{yyyy-MM-dd HH:mm:ss,SSS} method:%l%n%m%n

### 輸出DEBUG 級別以上的日志到=/Users/bee/Documents/elk/log4j/debug.log###
log4j.appender.D = org.apache.log4j.DailyRollingFileAppender
log4j.appender.D.File = E:/upload/logs/debug.log
log4j.appender.D.Append = true
log4j.appender.D.Threshold = DEBUG
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss}  [ %t:%r ] - [ %p ]  %m%n

### 輸出ERROR 級別以上的日志到=/Users/bee/Documents/elk/log4j/error.log  ###
log4j.appender.E = org.apache.log4j.DailyRollingFileAppender
log4j.appender.E.File =E:/upload/logs/error.log
log4j.appender.E.Append = true
log4j.appender.E.Threshold = ERROR
log4j.appender.E.layout = org.apache.log4j.PatternLayout
log4j.appender.E.layout.ConversionPattern = %-d{yyyy-MM-dd HH:mm:ss}  [ %t:%r ] - [ %p ]  %m%n

• 編寫并執(zhí)行Java main函數(shù)

public class Main {

    private static final Logger logger = Logger.getLogger(Main.class);

    public static void main(String[] args) {
        // 記錄debug級別的信息
        logger.debug("This is debug message.");
        // 記錄info級別的信息
        logger.info("This is info message.");
        // 記錄error級別的信息
        logger.error("This is error message.");
    }
}

七抖韩、執(zhí)行后看結(jié)果

image.png