1.下载logstash-2.0.0.tar.gz解压
https://download.elastic.co/logstash/logstash/logstash-2.0.0.tar.gz
解压到目录/Users/kangzz/software/elk/logstash-2.0.0
tar xzvf logstash-2.0.0.tar.gz
2.添加2个配置文件
1). 添加logstash.conf(采集日志输出到redis中)
在bin目录中添加logstash.conf
input{
file{ #path要采集日志路径
type => "crm_order"
path => ["/Users/kangzz/Pro/logs/crm_order/*"]
start_position => "beginning"
}
file{
type => "crm_page"
path => ["/Users/kangzz/Pro/logs/crm_page/*"]
start_position => "beginning"
}
}
filter {
grok { #配匹字段message中的内容被筛选。(以下是标准正规表达式)
match => { "message" => "" }
}
}
output{
redis{ #以下是redis安装地址
host => "10.30.56.91"
port => 6379
data_type => "list" #接收数据以列表形式
key => "logstash_redis" #队列的名称
}
}
2)添加logstashIndex.conf(从redis队列中取数据放入elasticsearch)
在bin目录中添加logstashIndex.conf
input {
redis{
host => "10.30.56.91"
port => 6379
data_type => "list"
key => "logstash_redis" #与logstash.conf中redis相同
type => "redis-input"
}
}
output {
elasticsearch {
hosts => "127.0.0.1" #该elasticsearch就部署在本机
}
}
3.运行logstash
cd /Users/kangzz/software/elk/logstash-2.0.0/bin/
1)启动第一个进程
./logstash agent -f logstash.conf -l /Users/kangzz/Pro/logs/logstash/stdou.log &
2)启动第二个进程
./logstash agent -f logstashIndex.conf -l /Users/kangzz/Pro/logs/logstash/stdouIndex.log &
三、 elasticsearch
elasticsearch是基于lucene的开源搜索引擎,近年来发展比较快,主要的特点有
• real time
• distributed
• high availability
• document oriented
• schema free
• restful api
1.下载logstash-2.0.0.tar.gz解压
https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.0.0/elasticsearch-2.0.0.tar.gz
解压到目录/Users/kangzz/software/elk/elasticsearch-2.0.0
tar xzvf elasticsearch -2.0.0.tar.gz
2.安装head插件
cd /Users/kangzz/software/elk/elasticsearch-2.0.0/bin
./plugin install mobz/elasticsearch-head
查看页面
http://localhost:9200/_plugin/head/
3.启动elasticsearch
cd /Users/kangzz/software/elk/elasticsearch-2.0.0/bin
./elasticsearch &
测试安装
curl -X GET http://localhost:9200/
[root@10.11.5.211 bin]# curl -X GET http://localhost:9200/
{
"name" : "Piper",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.0.0",
"build_hash" : "de54438d6af8f9340d50c5c786151783ce7d6be5",
"build_timestamp" : "2016-09-22T08:09:48Z",
"build_snapshot" : false,
"lucene_version" : "5.2.1"
},
"tagline" : "You Know, for Search"
}
测试成功
四、 kibana
Kibana是一个基于浏览器页面的Elasticsearch前端展示工具。Kibana全部使用HTML语言和JavaScript编写的
1.下载kibana-4.2.0-darwin-x64.tar.gz解压
https://www.elastic.co/downloads/past-releases/kibana-4-2.0
https://download.elastic.co/kibana/kibana/kibana-4.2.0-darwin-x64.tar.gz
解压到目录/Users/kangzz/software/elk/elasticsearch-2.0.0
tar xzvf kibana-4.2.0-darwin-x64.tar.gz
2.修改配置文件
修改config目录下kibana.yml文件内容
elasticsearch服务地址
elasticsearch.url: "http://localhost:9200"
3.启动kibana
./kibana &
查看页面
http://localhost:5601
