系统环境:Amazon Linux 2023
sudo yum install java-17
---
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
---
sudo cat <<EOF | sudo tee /etc/yum.repos.d/elastic.repo
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
---
sudo dnf install elasticsearch logstash kibana -y
---
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.11.1-linux-x86_64.tar.gz
---
tar -xzf filebeat-8.11.1-linux-x86_64.tar.gz -C /opt/
---
/etc/systemd/system/filebeat.service
---
[Unit]
Description=Filebeat sends log files to Logstash or Elasticsearch.
Documentation=https://www.elastic.co/products/beats/filebeat
After=network.target
[Service]
Type=simple
User=root
Group=root
ExecStart=/opt/filebeat/filebeat -c /opt/filebeat/filebeat.yml
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
/etc/elasticsearch/elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: false
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["ip-172-32-1-152.us-west-2.compute.internal"]
http.host: 0.0.0.0
/etc/kibana/kibana.yml
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://127.0.0.1:9200"]
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
pid.file: /run/kibana/kibana.pid
i18n.locale: "zh-CN"
/etc/logstash/conf.d/game-pipeline.conf
说明:收集weapon_mgr,user_task_mgr,user_stage_mgr开头的日志
# pipeline.conf
input {
beats {
port => 5044 # 监听 5044 端口,与 Filebeat 的输出配置对应
codec => "plain"
}
}
filter {
date {
match => ["timestamp", "yyyy-MM-dd'T'HH:mm:ss.SSSZ"]
}
}
output {
if [log_type] == "weapon_mgr" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "weapon_mgr-%{+YYYY.MM.dd}"
}
} else if [log_type] == "user_task_mgr" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "user_task_mgr-%{+YYYY.MM.dd}"
}
} else if [log_type] == "joy" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "joy-%{+YYYY.MM.dd}"
}
} else if [log_type] == "user_stage_mgr" {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
index => "user_stage_mgr-%{+YYYY.MM.dd}" # 创建一个调试索引
}
}
stdout {
codec => rubydebug
}
}
filebeat.yml
filebeat.inputs:
- type: filestream
enabled: true
paths:
- /opt/filebeat/current_logs/weapon_mgr_*.log
fields:
log_type: "weapon_mgr" # 添加自定义字段
fields_under_root: true # 将 fields 下的字段提升到根级别,Logstash 处理更方便
- type: filestream
enabled: true
paths:
- /opt/filebeat/current_logs/user_task_mgr_*.log
fields:
log_type: "user_task_mgr" # 添加自定义字段
fields_under_root: true # 将 fields 下的字段提升到根级别
- type: filestream
enabled: true
paths:
- /opt/filebeat/current_logs/user_stage_mgr_*.log
fields:
log_type: "user_stage_mgr" # 添加自定义字段
fields_under_root: true # 将 fields 下的字段提升到根级别
- type: filestream
enabled: true
paths:
- /opt/filebeat/20250828/joy-*.log
fields:
log_type: "joy" # 添加自定义字段
fields_under_root: true # 将 fields 下的字段提升到根级别
# 启用并配置 Logstash output
output.logstash:
hosts: ["172.32.1.152:5044"] # 替换为你的 Logstash 服务器 IP 或主机名
#===================== Monitoring & Setup =======================
# 禁用内置的 Kibana 仪表板设置(如果你不需要的话)
#setup.kibana:
# host: "your_kibana_host:5601" # 如果需要自动加载仪表板,请取消注释并配置
