Filebeat 日志采集工具 Logstash数据处理引擎 elasticsearch数据的存储,并作权威的检索 kibana从 elasticsearch数据库读取并展示
1.安装jdk
yum install java-1.8.0-openjdk -y
查看jdk是否安装好 java -version
2.配置官方源
官方配置地址:https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
vim /etc/yum.repos.d/logstash.repo
[logstash-7.x]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
3.安装logstash elasticsearch kibana
yum install logstash elasticsearch kibana -y
4.启动服务,查看java、kibana进程是否启动
systemctl start kibana
systemctl enable kibana
systemctl start elasticsearch
systemctl enable elasticsearch
ps -ef|grep kibana ps -ef|gre java
5.如果用云主机搭建的,请开启对应端口 公网ip+5601端口访
修改logstash配置文件
vim /etc/logstash/conf.d/logstash-to-es.conf
input{
beats{
port =>5044
}
}
filter{
}
output{
elasticsearch{
hosts =>["http://localhost:9200"]
index => "k8s-log-%{+YYYY.MM.dd}"
}
stdout{ codec =>rubydebug
}
启动logstash配置文件,并且启动服务
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash-to-es.conf
systemctl start logstash
systemctl enable logstash
ps -ef|grep logstash
