• ELK 搭建


    https://blog.51cto.com/zero01/2079879

    https://blog.51cto.com/zero01/2082794

    1.安装ES:  

    rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

    vim /etc/yum.repos.d/elastic.repo  # 增加以下内容
      
    [elasticsearch-6.x]
    name=Elasticsearch repository for 6.x packages
    baseurl=https://artifacts.elastic.co/packages/6.x/yum
    gpgcheck=1
    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    autorefresh=1
    type=rpm-md
    
    
     yum install -y elasticsearch
    
    

    或者:

    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm
    rpm -ivh elasticsearch-6.0.0.rpm

    启动:

    systemctl start elasticsearch.service

    2.安装kibana

     yum -y install kibana 

    wget https://artifacts.elastic.co/downloads/kibana/kibana-6.0.0-x86_64.rpm
    rpm -ivh kibana-6.0.0-x86_64.rpm

    对kibana进行配置:

     vim /etc/kibana/kibana.ym

    启动

    systemctl start kibana

    3.安装logstash

    yum install -y  logstash

    wget https://artifacts.elastic.co/downloads/logstash/logstash-6.0.0.rpm
    rpm -ivh logstash-6.0.0.rpm

    配置

    vim /etc/logstash/conf.d/syslog.conf 

    检出配置文件

     ./logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d/syslog.conf --config.test_and_exit
    • --path.settings 用于指定logstash的配置文件所在的目录
    • -f 指定需要被检测的配置文件的路径
    • --config.test_and_exit 指定检测完之后就退出,不然就会直接启动了

    启动

    systemctl start logstash
    (sudo /usr/share/logstash/bin/system-install /etc/logstash/startup.options systemd)

    启动失误时:

    chown logstash /var/log/logstash/logstash-plain.log 

    logstash 配置

    input {  # 定义日志源
     # syslog {
     #   type => "system-syslog"  # 定义类型
     #   port => 10514    # 定义监听端口
     # }
      http {
        type => "http-log"  # 定义类型
        host => "0.0.0.0"
        port => 8010
        ssl => false
        additional_codecs => {"application/x-www-form-urlencoded" => "json"}
        codec => plain {
          charset => "GB2312"
         }
       }
    }
    filter {
      urldecode {
        field => "message"
      }
      mutate {
        remove_field => ["headers"]
      }
      kv {
        source => "message"
        field_split => "&?"
      }
    }
    output {  # 定义日志输出
     # if [type] == "http-log" {
     #   elasticsearch { 
     #     hosts => ["192.168.123.194:9200"]  # 定义es服务器的ip
     #     index => "http-log-%{+YYYY.MM}" # 定义索引
     #   }
       stdout {
         codec => rubydebug #输出到终端
       } 
     # }
     # if [type] == "system-syslog" {
     #   elasticsearch {
     #     hosts => ["192.168.123.194:9200"]  # 定义es服务器的ip
     #     index => "system-syslog-%{+YYYY.MM}" # 定义索引
     #   }
     # }
    }
  • 相关阅读:
    CloudAlibaba
    搭建一个Vue项目
    命令合集
    luoguP3224 [HNOI2012]永无乡【线段树,并查集】
    luoguP3521 [POI2011]ROTTree Rotations【线段树】
    luoguP4556 [Vani有约会]雨天的尾巴 /【模板】线段树合并 (线段树权值动态开点,树链剖分)
    字符串类模板及总结(随缘更新)
    codeforces600E Lomsat gelral【线段树合并/DSU】
    codeforces963D. Frequency of String【哈希】
    "蔚来杯"2022牛客暑期多校训练营9 G Magic Spells【马拉车+哈希】
  • 原文地址:https://www.cnblogs.com/qingyibusi/p/11239749.html
Copyright © 2020-2023  润新知