ubuntu 16.4 安装 filebeat+Logstash+ELK
1.安装java 8
sudo add-apt-repository -y ppa:webupd8team/java
sudo apt-get update
sudo apt-get -y install oracle-java8-installer
elasticsearch
mkdir elasticsearch; cd elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.3.0.deb
sudo dpkg -i elasticsearch-6.3.0.deb
下面这几行去掉注释
cluster.name: # 自定义 下同
node.name: path.data: path.logs: network.host: 127.0.0.1 http.port: 9200
启动
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl restart elasticsearch
测试:
curl -XGET "http://localhost:9200"
会出现以下内容
{
"name" : "luOq_eh",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "mIcflXKsR3-ER66MCTSJzA", "version" : { "number" : "5.2.1", "build_hash" : "db0d481", "build_date" : "2017-02-09T22:05:32.386Z", "build_snapshot" : false, "lucene_version" : "6.4.1" }, "tagline" : "You Know, for Search" }
Logstash
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.3.0.deb
sudo dpkg -i logstash-6.3.0.deb
配置
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => "127.0.0.1:9200" manage_template => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" document_type => "%{[@metadata][type]}" } }
启动
sudo systemctl daemon-reload
sudo systemctl enable logstash
sudo systemctl restart logstash
Kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.3.0-amd64.deb
sudo dpkg -i kibana-6.3.0-amd64.deb
配置:修改下面内容
server.port: 5601
server.host: "0.0.0.0"
server.name: "127.0.0.1" elasticsearch.url: "http://127.0.0.1:9200"
启动
sudo systemctl daemon-reload
sudo systemctl enable kibana
sudo systemctl start kibana
filebeat
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.3.0-amd64.deb
sudo dpkg -i filebeat-6.3.0-amd64.deb
修改配置
# 设置input
- input_type: log
enabled: true paths: - /var/log/test.log # 设置output # 注释掉 elacsearch的输出 开放logstash output.logstash: hosts: ["127.0.0.1:5044"]
启动
sudo systemctl daemon-reload
sudo systemctl enable filebeat
sudo systemctl start filebeat
测试:
- 修改
/var/log/test.log
(所监控log)内容
echo "这是第一条测试" >> /var/log/test.log
- 浏览器访问
http://localhost:5601
- 然后 依次点击菜单management Index Patterns Add New 输入 filebeat-* 点击确定 然后点击菜单Discover 就会发现 刚刚添加的内容