关于什么是elk,分别是干什么的,这里不多做介绍。
1、去官网下载相关安装包
下载地址,注意三个要下相同的版本,历史版本在下图指示的这里,找了很久才找到。
图1 Elasticsearch下载页面.jpg
2、安装配置
要先启动Elasticsearch,然后才能启动Logstash和Kibana。启动Elasticsearch直接运行安装目录bin下的bat文件就行,Kibana也是直接运行bat文件。Logstash有点儿麻烦,启动的时候要指定配置文件,所以得先创建个配置文件,默认提供了示例配置文件在config/logstash-sample.conf,可以参考编写自己的配置文件。
下面是我的配置文件,监听多个file,统一输出到Elasticsearch中:
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
file {
path => "C:/log/yoyo/back/spring.log"
tags => ["back-dev"]
#关键是这一句决定存入elasticsearch中文是否乱码
codec => plain{ charset => "GBK" }
}
}
input {
file {
path => "C:/log/yoyo/front/spring.log"
tags => ["front-dev"]
#关键是这一句决定存入elasticsearch中文是否乱码
codec => plain{ charset => "GBK" }
}
}
input {
file {
path => "C:/log/yoyo/marketing/spring.log"
tags => ["marketing-dev"]
#关键是这一句决定存入elasticsearch中文是否乱码
codec => plain{ charset => "GBK" }
}
}
output {
if "back-dev" in [tags]{
elasticsearch {
hosts => ["http://172.19.17.117:9200"]
index => "[back-dev]-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
if "front-dev" in [tags]{
elasticsearch {
hosts => ["http://172.19.17.117:9200"]
index => "[front-dev]-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
if "marketing-dev" in [tags]{
elasticsearch {
hosts => ["http://172.19.17.117:9200"]
index => "[marketing-dev]-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
}
配置文件编辑后,就可以启动Logstash了,用如下命令:logstash -f logstash-test.conf。
