续上篇

安装logstash 

下载地址：wgethttps://artifacts.elastic.co/downloads/logstash/logstash-6.1.0.rpm​

#安装rpm -ivh logstash-6.1.0.rpm​

启动服务

systemctl  restart logstash.service 

systemctl  status logstash.service 

systemctl  enable logstash.service​

测试基本输入输出

[root@elk2 ~]# /usr/share/logstash/bin/logstash -e  'input { stdin{} } output { stdout{} }'

WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

Abc        #输入这个

2020-06-17T05:38:32.783Z elk2 abc    #输出这个

使用rubydebug详细输出

[root@elk2 ~]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { stdout{ codec => rubydebug} }'​

WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

Hello     #输入

{"host"=>"elk2",         #输出 

"@timestamp"=>2020-06-17T05:40:38.039Z,"

message"=>"hello","@version"=>"1"}

​​​[root@elk2 ~]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { elasticsearch { hosts => ["192.168.0.208:9200"]} }'​

WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

123456

wangshibohuanqiu

hahaha

logstash的配置

配置地址

/etc/logstash/conf.d下，以*.conf结尾

vim /etc/logstash/conf.d/elk1.conf​

input { stdin { } }

output 

  {elasticsearch {hosts=>["192.168.0.208:9200"]}

  stdout {codec=>rubydebug }

}

执行

[root@elk2 ~]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/elk1.conf

​WARNING: Could not find logstash.yml whichistypically locatedin$LS_HOME/config or /etc/logstash. You can specify the pathusing--path.settings. Continuingusingthe defaultsCould not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Usingdefaultconfig which logs errors to the consoleThe stdin pluginisnow waitingforinput:

Beijing        #输入

{"@version"=>"1",        #输出"

host"=>"elk2","

message"=>"beijing",

"@timestamp"=>2020-06-17T05:48:29.275Z

}​

更多用法后续列出

安装kibana

下载地址：wgethttps://artifacts.elastic.co/downloads/kibana/kibana-6.1.0-x86_64.rpm​

#安装rpm -ivh kibana-6.1.0-x86_64.rpm

修改配置文件

vim/etc/kibana/kibana.yml​

2server.port:5601      #端口

7server.host:"0.0.0.0"    #服务监听地址

21elasticsearch.url:"http://192.168.0.213:9200"        #声明地址，从哪里查，集群里面随便选一个30kibana.index:".kibana"        #kibana自己创建的索引

33kibana.defaultAppId:"discover"    #打开kibana页面时，默认打开discover

62elasticsearch.pingTimeout:1500    #ping检测超时时间

66elasticsearch.requestTimeout:30000    #请求超时时间

80elasticsearch.startupTimeout:5000    #启动超时时间

​114i18n.locale:"zh-CN"    #启用中文

启动服务

systemctl  restart  kibana.service

systemctl  status  kibana.service

systemctl  enable  kibana.service

查看端口

netstat-utnlp | grep5601

访问服务

http://192.168.0.208:5601

如果起不来

curl -XDELETE http://localhost:9200/.kibana*

到这里我们的elk就搭建成功了，下一篇教大家安装es 的插件，方便后续更好的维护。

  没有理论，只有实战

更多干货   公总耗【大隆爱分享】

那就赶紧来关我们