1、下载最新版本的各个安装包,当前最新为7.9,注意保持elk版本相同,它们是配套的。下载链接如下:
logstash:https://www.elastic.co/cn/downloads/logstash
elasticsearch:https://www.elastic.co/cn/downloads/elasticsearch
kibana:https://www.elastic.co/cn/downloads/kibana
2、解压到指定目录,如D盘的elk目录
3、启动前准备:
logstash:修改配置文件。打开D:/elk/logstash-7.9.0/config目录,里面有一个配置文件logstash-sample.conf,我们换成官网上简单的配置,新增logstash-simple.conf,内容为:
input { stdin { } } output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug } }
elasticsearch:IK分词器插件安装(可选步骤)。到https://github.com/medcl/elasticsearch-analysis-ik/releases下载跟es匹配的7.9.0版本压缩包,到D:elkelasticsearch-7.9.0plugins目录下新建ik目录,解压到ik目录即可。先下载:
再解压到pluginik目录:
kibana:不用做啥。
4、启动:先启动es,再启动logstash和kibana。
elasticsearch:到D:elkelasticsearch-7.9.0in双击elasticsearch.bat(注意,该版本要求至少JDK11,不过只是提示一下,JDK8也能起),启动报错的话到D:elkelasticsearch-7.9.0logs目录打开elasticsearch.log查看详细信息。正常启动日志如下:
[2020-08-25T12:57:00,151][INFO ][o.e.n.Node ] [WULF00] version[7.9.0], pid[18708], build[default/zip/a479a2a7fce0389512d6a9361301708b92dff667/2020-08-11T21:36:48.204330Z], OS[Windows 10/10.0/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/14.0.1/14.0.1+7] [2020-08-25T12:57:00,166][INFO ][o.e.n.Node ] [WULF00] JVM home [D:DevJavajdk-14.0.1] [2020-08-25T12:57:00,169][INFO ][o.e.n.Node ] [WULF00] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=C:UserswulfAppDataLocalTempelasticsearch, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Delasticsearch, -Des.path.home=D:elkelasticsearch-7.9.0, -Des.path.conf=D:elkelasticsearch-7.9.0config, -Des.distribution.flavor=default, -Des.distribution.type=zip, -Des.bundled_jdk=true] [2020-08-25T12:57:10,782][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [aggs-matrix-stats] [2020-08-25T12:57:10,783][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [analysis-common] [2020-08-25T12:57:10,783][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [constant-keyword] [2020-08-25T12:57:10,783][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [flattened] [2020-08-25T12:57:10,784][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [frozen-indices] [2020-08-25T12:57:10,784][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [ingest-common] [2020-08-25T12:57:10,785][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [ingest-geoip] [2020-08-25T12:57:10,785][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [ingest-user-agent] [2020-08-25T12:57:10,785][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [kibana] [2020-08-25T12:57:10,786][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [lang-expression] [2020-08-25T12:57:10,786][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [lang-mustache] [2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [lang-painless] [2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [mapper-extras] [2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [parent-join] [2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [percolator] [2020-08-25T12:57:10,788][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [rank-eval] [2020-08-25T12:57:10,788][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [reindex] [2020-08-25T12:57:10,789][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [repository-url] [2020-08-25T12:57:10,790][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [search-business-rules] [2020-08-25T12:57:10,792][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [searchable-snapshots] [2020-08-25T12:57:10,794][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [spatial] [2020-08-25T12:57:10,794][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [tasks] [2020-08-25T12:57:10,798][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [transform] [2020-08-25T12:57:10,799][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [transport-netty4] [2020-08-25T12:57:10,799][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [vectors] [2020-08-25T12:57:10,800][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [wildcard] [2020-08-25T12:57:10,803][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-analytics] [2020-08-25T12:57:10,805][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-async] [2020-08-25T12:57:10,805][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-async-search] [2020-08-25T12:57:10,808][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-autoscaling] [2020-08-25T12:57:10,809][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-ccr] [2020-08-25T12:57:10,810][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-core] [2020-08-25T12:57:10,810][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-data-streams] [2020-08-25T12:57:10,811][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-deprecation] [2020-08-25T12:57:10,811][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-enrich] [2020-08-25T12:57:10,812][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-eql] [2020-08-25T12:57:10,812][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-graph] [2020-08-25T12:57:10,813][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-identity-provider] [2020-08-25T12:57:10,815][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-ilm] [2020-08-25T12:57:10,816][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-logstash] [2020-08-25T12:57:10,819][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-ml] [2020-08-25T12:57:10,820][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-monitoring] [2020-08-25T12:57:10,821][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-ql] [2020-08-25T12:57:10,822][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-rollup] [2020-08-25T12:57:10,823][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-security] [2020-08-25T12:57:10,825][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-sql] [2020-08-25T12:57:10,825][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-stack] [2020-08-25T12:57:10,828][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-voting-only-node] [2020-08-25T12:57:10,829][INFO ][o.e.p.PluginsService ] [WULF00] loaded module [x-pack-watcher] [2020-08-25T12:57:10,830][INFO ][o.e.p.PluginsService ] [WULF00] loaded plugin [analysis-ik] [2020-08-25T12:57:11,546][INFO ][o.e.e.NodeEnvironment ] [WULF00] using [1] data paths, mounts [[(D:)]], net usable_space [63.8gb], net total_space [199.9gb], types [NTFS] [2020-08-25T12:57:11,547][INFO ][o.e.e.NodeEnvironment ] [WULF00] heap size [1gb], compressed ordinary object pointers [true] [2020-08-25T12:57:11,732][INFO ][o.e.n.Node ] [WULF00] node name [WULF00], node ID [URMFKQ4TTyq-i5iTXmbk2w], cluster name [elasticsearch] [2020-08-25T12:57:18,061][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [WULF00] [controller/28780] [Main.cc@114] controller (64 bit): Version 7.9.0 (Build 2639177a4c3ad6) Copyright (c) 2020 Elasticsearch BV [2020-08-25T12:57:18,875][INFO ][o.e.x.s.a.s.FileRolesStore] [WULF00] parsed [0] roles from file [D:elkelasticsearch-7.9.0config oles.yml] [2020-08-25T12:57:20,700][INFO ][o.e.d.DiscoveryModule ] [WULF00] using discovery type [zen] and seed hosts providers [settings] [2020-08-25T12:57:21,426][WARN ][o.e.g.DanglingIndicesState] [WULF00] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually [2020-08-25T12:57:22,082][INFO ][o.e.n.Node ] [WULF00] initialized [2020-08-25T12:57:22,083][INFO ][o.e.n.Node ] [WULF00] starting ... [2020-08-25T12:57:22,472][INFO ][o.e.t.TransportService ] [WULF00] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300} [2020-08-25T12:57:22,757][WARN ][o.e.b.BootstrapChecks ] [WULF00] the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured [2020-08-25T12:57:22,771][INFO ][o.e.c.c.ClusterBootstrapService] [WULF00] no discovery configuration found, will perform best-effort cluster bootstrapping after [3s] unless existing master is discovered [2020-08-25T12:57:25,787][INFO ][o.e.c.c.Coordinator ] [WULF00] setting initial configuration to VotingConfiguration{URMFKQ4TTyq-i5iTXmbk2w} [2020-08-25T12:57:26,043][INFO ][o.e.c.s.MasterService ] [WULF00] elected-as-master ([1] nodes joined)[{WULF00}{URMFKQ4TTyq-i5iTXmbk2w}{piWsX17qSy69uh0zH5RCyA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=8467386368, xpack.installed=true, transform.node=true, ml.max_open_jobs=20} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{WULF00}{URMFKQ4TTyq-i5iTXmbk2w}{piWsX17qSy69uh0zH5RCyA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=8467386368, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]} [2020-08-25T12:57:26,174][INFO ][o.e.c.c.CoordinationState] [WULF00] cluster UUID set to [X1PQ3RFQRgmUQdPMTQkQJA] [2020-08-25T12:57:26,300][INFO ][o.e.c.s.ClusterApplierService] [WULF00] master node changed {previous [], current [{WULF00}{URMFKQ4TTyq-i5iTXmbk2w}{piWsX17qSy69uh0zH5RCyA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=8467386368, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]}, term: 1, version: 1, reason: Publication{term=1, version=1} [2020-08-25T12:57:26,397][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-anomalies-] for [ml], because it doesn't exist [2020-08-25T12:57:26,403][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-state] for [ml], because it doesn't exist [2020-08-25T12:57:26,431][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-config] for [ml], because it doesn't exist [2020-08-25T12:57:26,443][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-inference-000002] for [ml], because it doesn't exist [2020-08-25T12:57:26,469][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-meta] for [ml], because it doesn't exist [2020-08-25T12:57:26,479][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-notifications-000001] for [ml], because it doesn't exist [2020-08-25T12:57:26,488][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-stats] for [ml], because it doesn't exist [2020-08-25T12:57:26,552][INFO ][o.e.h.AbstractHttpServerTransport] [WULF00] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}, {[::1]:9200} [2020-08-25T12:57:26,556][INFO ][o.e.n.Node ] [WULF00] started [2020-08-25T12:57:26,571][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.watch-history-11] for [watcher], because it doesn't exist [2020-08-25T12:57:26,580][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.triggered_watches] for [watcher], because it doesn't exist [2020-08-25T12:57:26,589][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.watches] for [watcher], because it doesn't exist [2020-08-25T12:57:26,601][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [ilm-history] for [index_lifecycle], because it doesn't exist [2020-08-25T12:57:26,604][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.slm-history] for [index_lifecycle], because it doesn't exist [2020-08-25T12:57:26,672][INFO ][o.e.g.GatewayService ] [WULF00] recovered [0] indices into cluster_state [2020-08-25T12:57:26,721][INFO ][o.w.a.d.Dictionary ] [WULF00] try load config from D:elkelasticsearch-7.9.0configanalysis-ikIKAnalyzer.cfg.xml [2020-08-25T12:57:26,731][INFO ][o.w.a.d.Dictionary ] [WULF00] try load config from D:elkelasticsearch-7.9.0pluginsikconfigIKAnalyzer.cfg.xml [2020-08-25T12:57:27,348][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-anomalies-] for index patterns [.ml-anomalies-*] [2020-08-25T12:57:27,536][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-state] for index patterns [.ml-state*] [2020-08-25T12:57:27,708][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-config] for index patterns [.ml-config] [2020-08-25T12:57:27,877][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-inference-000002] for index patterns [.ml-inference-000002] [2020-08-25T12:57:28,043][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-meta] for index patterns [.ml-meta] [2020-08-25T12:57:28,197][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-notifications-000001] for index patterns [.ml-notifications-000001] [2020-08-25T12:57:28,364][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-stats] for index patterns [.ml-stats-*] [2020-08-25T12:57:28,519][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [metrics-settings] [2020-08-25T12:57:28,646][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [logs-mappings] [2020-08-25T12:57:28,780][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [metrics-mappings] [2020-08-25T12:57:28,913][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [logs-settings] [2020-08-25T12:57:29,051][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.watch-history-11] for index patterns [.watcher-history-11*] [2020-08-25T12:57:29,167][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.triggered_watches] for index patterns [.triggered_watches*] [2020-08-25T12:57:29,295][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.watches] for index patterns [.watches*] [2020-08-25T12:57:29,432][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [ilm-history] for index patterns [ilm-history-2*] [2020-08-25T12:57:29,588][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.slm-history] for index patterns [.slm-history-2*] [2020-08-25T12:57:29,723][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-7-*] [2020-08-25T12:57:29,838][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-es] for index patterns [.monitoring-es-7-*] [2020-08-25T12:57:29,963][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-beats] for index patterns [.monitoring-beats-7-*] [2020-08-25T12:57:30,107][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-alerts-7] for index patterns [.monitoring-alerts-7] [2020-08-25T12:57:30,257][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-7-*] [2020-08-25T12:57:30,415][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding index template [metrics] for index patterns [metrics-*-*] [2020-08-25T12:57:30,583][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding index template [logs] for index patterns [logs-*-*] [2020-08-25T12:57:30,727][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [ml-size-based-ilm-policy] [2020-08-25T12:57:30,862][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [logs] [2020-08-25T12:57:30,969][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [metrics] [2020-08-25T12:57:31,078][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [watch-history-ilm-policy] [2020-08-25T12:57:31,198][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [ilm-history-ilm-policy] [2020-08-25T12:57:31,305][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [slm-history-ilm-policy] [2020-08-25T12:57:31,560][INFO ][o.e.l.LicenseService ] [WULF00] license [91e16262-b7e5-41e2-8a1e-797ca29f994c] mode [basic] - valid [2020-08-25T12:57:31,562][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [WULF00] Active license is now [BASIC]; Security is disabled
kibana:同样的,到D:elkkibana-7.9.0-windows-x86_64in目录双击kibana.bat即可。它启动时间比较久,耐心等待吧。正常启动后日志如下:
log [05:00:38.390] [warning][plugins-discovery] Expect plugin "id" in camelCase, but found: beats_management log [05:00:38.407] [warning][plugins-discovery] Expect plugin "id" in camelCase, but found: triggers_actions_ui [BABEL] Note: The code generator has deoptimised the styling of D:elkkibana-7.9.0-windows-x86_64x-packpluginscanvasserver emplatespitch_presentation.js as it exceeds the max of 500KB. log [05:02:24.387] [info][plugins-service] Plugin "visTypeXy" is disabled. log [05:02:24.388] [info][plugins-service] Plugin "auditTrail" is disabled. log [05:02:26.655] [warning][legacy-service] Some installed third party plugin(s) [xpack_main, monitoring, spaces, security, beats_management, apm_oss, console_legacy, elasticsearch, kibana, status_page, timelion] are using the legacy plugin format and will no longer work in a future Kibana release. Please refer to https://ela.st/kibana-breaking-changes-8-0 for a list of breaking changes and https://ela.st/kibana-platform-migration for documentation on how to migrate legacy plugins. log [05:02:26.690] [warning][config][deprecation] Config key [monitoring.cluster_alerts.email_notifications.email_address] will be required for email notifications to work in 8.0." log [05:02:26.830] [info][plugins-system] Setting up [92] plugins: [taskManager,licensing,observability,globalSearch,globalSearchProviders,code,usageCollection,ossTelemetry,telemetryCollectionManager,telemetry,telemetryCollectionXpack,kibanaUsageCollection,kibanaLegacy,newsfeed,mapsLegacy,translations,timelion,share,legacyExport,esUiShared,bfetch,expressions,data,home,cloud,console,consoleExtensions,apmOss,searchprofiler,painlessLab,grokdebugger,management,upgradeAssistant,licenseManagement,indexPatternManagement,advancedSettings,fileUpload,dataEnhanced,savedObjects,visualizations,visTypeTimelion,features,security,snapshotRestore,reporting,encryptedSavedObjects,ingestManager,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,enterpriseSearch,beats_management,transform,ingestPipelines,maps,graph,canvas,visTypeVega,visTypeTable,visTypeMarkdown,visualize,tileMap,regionMap,inputControlVis,dashboard,dashboardMode,charts,lens,visTypeVislib,visTypeTimeseries,rollup,visTypeTagcloud,visTypeMetric,watcher,discover,discoverEnhanced,savedObjectsManagement,spaces,lists,eventLog,actions,case,alerts,alertingBuiltins,ml,securitySolution,infra,monitoring,logstash,apm,uptime] log [05:02:27.843] [warning][config][plugins][security] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml log [05:02:27.844] [warning][config][plugins][security] Session cookies will be transmitted over insecure connections. This is not recommended. log [05:02:27.882] [warning][config][plugins][reporting] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in kibana.yml log [05:02:27.888] [warning][config][encryptedSavedObjects][plugins] Generating a random key for xpack.encryptedSavedObjects.encryptionKey. To be able to decrypt encrypted saved objects attributes after restart, please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml log [05:02:27.890] [info][config][plugins][reporting] Chromium sandbox provides an additional layer of protection, and is supported for Win32 OS. Automatically enabling Chromium sandbox. log [05:02:27.898] [warning][ingestManager][plugins] Fleet APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml. log [05:02:27.995] [warning][actions][actions][plugins] APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml. log [05:02:28.017] [warning][alerting][alerts][plugins][plugins] APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml. log [05:02:28.158] [info][monitoring][monitoring][plugins] config sourced from: production cluster log [05:02:28.159] [warning][monitoring][monitoring][plugins] X-Pack Monitoring Cluster Alerts will not be available: undefined log [05:02:28.566] [info][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations... log [05:02:28.568] [info][savedobjects-service] Starting saved objects migrations log [05:02:28.593] [info][savedobjects-service] Creating index .kibana_task_manager_1. log [05:02:28.602] [info][savedobjects-service] Creating index .kibana_1. log [05:02:29.417] [info][savedobjects-service] Pointing alias .kibana_task_manager to .kibana_task_manager_1. log [05:02:29.564] [info][savedobjects-service] Pointing alias .kibana to .kibana_1. log [05:02:29.695] [info][savedobjects-service] Finished in 1102ms. log [05:02:29.782] [info][savedobjects-service] Finished in 1191ms. log [05:02:29.827] [info][plugins-system] Starting [92] plugins: [taskManager,licensing,observability,globalSearch,globalSearchProviders,code,usageCollection,ossTelemetry,telemetryCollectionManager,telemetry,telemetryCollectionXpack,kibanaUsageCollection,kibanaLegacy,newsfeed,mapsLegacy,translations,timelion,share,legacyExport,esUiShared,bfetch,expressions,data,home,cloud,console,consoleExtensions,apmOss,searchprofiler,painlessLab,grokdebugger,management,upgradeAssistant,licenseManagement,indexPatternManagement,advancedSettings,fileUpload,dataEnhanced,savedObjects,visualizations,visTypeTimelion,features,security,snapshotRestore,reporting,encryptedSavedObjects,ingestManager,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,enterpriseSearch,beats_management,transform,ingestPipelines,maps,graph,canvas,visTypeVega,visTypeTable,visTypeMarkdown,visualize,tileMap,regionMap,inputControlVis,dashboard,dashboardMode,charts,lens,visTypeVislib,visTypeTimeseries,rollup,visTypeTagcloud,visTypeMetric,watcher,discover,discoverEnhanced,savedObjectsManagement,spaces,lists,eventLog,actions,case,alerts,alertingBuiltins,ml,securitySolution,infra,monitoring,logstash,apm,uptime] log [05:02:29.830] [info][plugins][taskManager][taskManager] TaskManager is identified by the Kibana UUID: ed0746b8-407b-4177-9a9e-86c5b5b2e91f log [05:02:29.871] [info][crossClusterReplication][plugins] Your basic license does not support crossClusterReplication. Please upgrade your license. log [05:02:29.884] [info][plugins][watcher] Your basic license does not support watcher. Please upgrade your license. log [05:02:29.890] [info][kibana-monitoring][monitoring][monitoring][plugins] Starting monitoring stats collection log [05:02:45.241] [info][status][plugin:kibana@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.256] [info][status][plugin:elasticsearch@7.9.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch log [05:02:45.264] [info][status][plugin:elasticsearch@7.9.0] Status changed from yellow to green - Ready log [05:02:45.276] [info][status][plugin:xpack_main@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.314] [info][status][plugin:monitoring@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.324] [info][status][plugin:spaces@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.333] [info][status][plugin:security@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.341] [info][status][plugin:beats_management@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.417] [info][status][plugin:apm_oss@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.440] [info][status][plugin:console_legacy@7.9.0] Status changed from uninitialized to green - Ready log [05:02:45.461] [info][listening] Server running at http://localhost:5601 log [05:02:46.425] [info][server][Kibana][http] http server running at http://localhost:5601
logstash:最后这个需要手动打开命令行窗口,手敲命令启动,因为我们得指定配置文件:
C:Userswulf>D: D:>cd elklogstash-7.9.0in D:elklogstash-7.9.0in>.logstash -f ..configlogstash-simple.conf Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option UseConcMarkSweepGC; support was removed in 14.0 Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option CMSInitiatingOccupancyFraction; support was removed in 14.0 Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option UseCMSInitiatingOccupancyOnly; support was removed in 14.0 WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/C:/Users/wulf/AppData/Local/Temp/jruby-27532/jruby4470915235160336384jopenssl.jar) to field java.security.MessageDigest.provider WARNING: Please consider reporting this to the maintainers of org.jruby.ext.openssl.SecurityHelper WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Sending Logstash logs to D:/elk/logstash-7.9.0/logs which is now configured via log4j2.properties [2020-08-25T13:09:24,228][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.9.0", "jruby.version"=>"jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 Java HotSpot(TM) 64-Bit Server VM 14.0.1+7 on 14.0.1+7 +indy +jit [mswin32-x86_64]"} [2020-08-25T13:09:24,466][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"D:/elk/logstash-7.9.0/data/queue"} [2020-08-25T13:09:24,487][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"D:/elk/logstash-7.9.0/data/dead_letter_queue"} [2020-08-25T13:09:24,627][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified [2020-08-25T13:09:24,674][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"fb617415-7a0d-4904-b930-f9b1e928a519", :path=>"D:/elk/logstash-7.9.0/data/uuid"} [2020-08-25T13:09:26,218][INFO ][org.reflections.Reflections] Reflections took 56 ms to scan 1 urls, producing 22 keys and 45 values [2020-08-25T13:09:27,890][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}} [2020-08-25T13:09:28,127][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://localhost:9200/"} [2020-08-25T13:09:28,227][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7} [2020-08-25T13:09:28,234][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7} [2020-08-25T13:09:28,310][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost:9200"]} [2020-08-25T13:09:28,377][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>7, :ecs_compatibility=>:disabled} [2020-08-25T13:09:28,426][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["D:/elk/logstash-7.9.0/config/logstash-simple.conf"], :thread=>"#<Thread:0x631dcd4d run>"} [2020-08-25T13:09:28,492][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1, "index.lifecycle.name"=>"logstash-policy", "index.lifecycle.rollover_alias"=>"logstash"}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}} [2020-08-25T13:09:28,523][INFO ][logstash.outputs.elasticsearch][main] Installing elasticsearch template to _template/logstash [2020-08-25T13:09:28,949][INFO ][logstash.outputs.elasticsearch][main] Creating rollover alias <logstash-{now/d}-000001> [2020-08-25T13:09:29,788][INFO ][logstash.outputs.elasticsearch][main] Installing ILM policy {"policy"=>{"phases"=>{"hot"=>{"actions"=>{"rollover"=>{"max_size"=>"50gb", "max_age"=>"30d"}}}}}} to _ilm/policy/logstash-policy [2020-08-25T13:09:29,808][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>1.38} [2020-08-25T13:09:29,971][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"} The stdin plugin is now waiting for input: [2020-08-25T13:09:30,078][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]} [2020-08-25T13:09:30,716][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
5、测试。我们在logstash的窗口输入hello world,接着利用kibana去看es的存储结果:
在浏览器(建议用Chome,不要用IE,可能加载不出来)敲入localhost:5601,页面出来后,点击右边按钮展示我们自己的es数据
进入页面后,拉到底,点击Stack Manager:
再点击Index Management,就看到我们刚才敲入的日志的索引:
为了看到我们敲入的hello world,我们得在kibana创建一个索引:
输入我们的索引,点击下一步:
选择是否按时间戳过滤,最后点击创建:
再次进入Discovery,在搜索框中敲入hello: