（零）ELK学习之ELK安装配置

来源：互联网发布：linux shell 编程入门编辑：程序博客网时间：2024/04/30 09:27

1：安装Logstash

在安装之前要有 Java1.8 环境，因此先要配置 Java 环境，这点不懂可自行百度。

首先安装 Logstash，Logstash下载地址。因为我是在 Windows 下安装，因此下载的是 ZIP 版本。下载完成后，直接解压即可。

解压完毕后，进入 bin 目录，首先要写响应的配置文件，先新建一个配置文件，pipeline.conf 配置文件主要包括三个部分，分别是 input、filter、output 分别定义了输入来源，过滤规则，输出到什么地方。一个简单地配置文件如下，从控制台输入，在输出到控制台，没有过滤规则。

input { stdin { } } output { stdout {} }

然后执行命令 logstash agent -f pipeline.conf ,结果如下：

PS C:\ELK\logstash-2.1.0\bin> .\logstash agent -f .\pipeline.confio/console not supported; tty will not be manipulatedSettings: Default filter workers: 2Logstash startup completed

表示运行成功，在命令行输入 hello world ，显示如下：

PS C:\ELK\logstash-2.1.0\bin> .\logstash agent -f .\pipeline.confio/console not supported; tty will not be manipulatedSettings: Default filter workers: 2Logstash startup completedhello world2015-12-03T13:30:39.180Z liuyb hello world

2：安装 elasticsearch

elasticsearch下载地址下载完成后解压缩，在 bin 目录下直接运行即可启动 elasticserach 服务，该服务默认是在 9200 端口运行。

在运行之后，浏览器输出 localhost:9200，显示如下，即表明运行成功

{  "name" : "Stardust",  "cluster_name" : "elasticsearch",  "version" : {    "number" : "2.1.0",    "build_hash" : "72cd1f1a3eee09505e036106146dc1949dc5dc87",    "build_timestamp" : "2015-11-18T22:40:03Z",    "build_snapshot" : false,    "lucene_version" : "5.3.1"  },  "tagline" : "You Know, for Search"}

3:将 logstash 输出到 elasticserach

只需要改动 logstash 配置文件 pipeline.conf，配置如下：

    input {         stdin { }     }     output {         elasticsearch {        hosts=>["localhost:9200"]        }        stdout { codec=>rubydebug}     }

执行命令 logstash -f pipeline.conf，然后在控制台输入 hello，显示如下

{    "message" => "hello\r",    "@version" => "1",    "@timestamp" => "2015-12-03T14:03:07.100Z",    "host" => "liuyb"}

则显示配置成功，在浏览器输入 localhost:9200/_search/pretty 显示如下，则说明 elasticsearch 已接受到数据

{  "took" : 39,  "timed_out" : false,  "_shards" : {    "total" : 5,    "successful" : 5,    "failed" : 0  },  "hits" : {    "total" : 19,    "max_score" : 1.0,    "hits" : [ {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJmdMgE2fBKRauVoC",      "_score" : 1.0,      "_source":{"message":"output { \r","@version":"1","@timestamp":"2015-12-03T14:02:05.832Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJmdMgE2fBKRauVoD",      "_score" : 1.0,      "_source":{"message":"\telasticsearch {\r","@version":"1","@timestamp":"2015-12-03T14:02:05.832Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJrMUgE2fBKRauVoI",      "_score" : 1.0,      "_source":{"message":"}\r","@version":"1","@timestamp":"2015-12-03T14:02:25.256Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJrcrgE2fBKRauVoL",      "_score" : 1.0,      "_source":{"message":"\r","@version":"1","@timestamp":"2015-12-03T14:02:25.865Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJrtBgE2fBKRauVoQ",      "_score" : 1.0,      "_source":{"message":"\r","@version":"1","@timestamp":"2015-12-03T14:02:26.631Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJlWngE2fBKRauVoA",      "_score" : 1.0,      "_source":{"message":"hello world\r","@version":"1","@timestamp":"2015-12-03T14:01:59.781Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJrcrgE2fBKRauVoN",      "_score" : 1.0,      "_source":{"message":"\r","@version":"1","@timestamp":"2015-12-03T14:02:26.178Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJmdMgE2fBKRauVoF",      "_score" : 1.0,      "_source":{"message":"\t}\r","@version":"1","@timestamp":"2015-12-03T14:02:05.832Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJmdMgE2fBKRauVoH",      "_score" : 1.0,      "_source":{"message":"\tstdout { codec=>rubydebug} \r","@version":"1","@timestamp":"2015-12-03T14:02:05.832Z","host":"liuyb"}    }, {      "_index" : "logstash-2015.12.03",      "_type" : "logs",      "_id" : "AVFoJmdMgE2fBKRauVoE",      "_score" : 1.0,      "_source":{"message":"\t\thosts=>[\"http://localhost:9200\"]\r","@version":"1","@timestamp":"2015-12-03T14:02:05.832Z","host":"liuyb"}    } ]  }}

4：安装 Kibana

Kibana 是前端显示界面，能够从 elasticsearch 获取数据并图形化显示。

Kibana下载地址是一个基于 node 的 web 应用，下载完成后，解压进入 bin 目录，执行 kibana 即可运行。默认是从 localhost:9200 读入数据，并监听 5601 端口。所以在浏览器中运行 localhost:5601 即可显示。

打开页面，然后点击create，完成后，在顶部导航栏点击Discover，如下，如果没有日志，可以调整右上角的时间跨度即可。这样就配置好了Kibana

0 0