ELK部署测试

下载：
ES和Kibana：https://www.elastic.co/cn/start?elektra=home&amp&storm=banner
Logstash：https://www.elastic.co/cn/downloads/logstash

启动顺序：
0、配置JAVA_HOME和JRE_HOME，指向c:\jdk18
   启动顺序：ES->Logstash->Kibana
1、启动es：D:\sbf\elk\elasticsearch-7.0.0\bin\elasticsearch.bat
2、启动Logstash： 
Create a file named "first-pipeline.conf" and save it in the same directory as Logstash.

input {
    beats {
        port => "5044"
    }
}

output {
       elasticsearch {
          hosts => ["127.0.0.1:9200"]
          manage_template => true
          template_overwrite => true
      #index => "apache_elastic_example"
      index => "es-message-%{+YYYY.MM.dd}"
      #template => "./apache_template.json"
      template_name => "apahce_elastic_example"
       }
       stdout {
          codec => rubydebug
       }
}

执行命令：logstash -f first-pipeline.conf --config.reload.automatic

3、启动Kibana
  参考：https://blog.youkuaiyun.com/ling811/article/details/74999880
  调整kibanna相关参数；
  ###启动
   ./bin/kibana &
  访问：http://localhost:5601

4、下载filebeat-7.0.0-windows-x86_64，由filebeat读取文件--》logstash-》elasticsearch-》kibana展示
  Filebeat是本地文件的日志数据采集器。 作为服务器上的代理安装，Filebeat监视日志目录或特定日志文件，tail file，并将它们转发给Elasticsearch或Logstash进行索引、kafka 等
  安装：https://www.elastic.co/cn/downloads/beats/filebeat ，按页面配置

5、监控nginx的access.log，新增一行，得到：

http://localhost:9200/_cat/indices?v
health status index                            uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   es-message-2019.05.02            vQDwVHmNSYumN2sxGHzQxA   1   1          1            0     18.7kb         18.7kb
green  open   .kibana_task_manager             0WcfWNuhTqydRacI7uuA7A   1   0          2            0     46.4kb         46.4kb
yellow open   apache_elastic_example           lxqYpPtAQlCI_J-Rb3qsBg   1   1          1            0     18.8kb         18.8kb
yellow open   filebeat-7.0.0-2019.04.30-000001 nIuNetxOSXWVtUol3nuowQ   1   1          0            0       283b           283b
yellow open   logstash-2019.04.30-000001       cz7on7WVQhWw-UpQhSar-g   1   1         10            0    168.8kb        168.8kb
yellow open   test                             6O5jGT27TBaECW9zG6EKSQ   1   1          2            0     37.4kb         37.4kb
green  open   .kibana_1                        3WU4duRURtG5LH2QHMHZSA   1   0        614           52    402.9kb        402.9kb

http://localhost:9200/es-message-2019.05.02/_search
{"took":2,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":1,"relation":"eq"},"max_score":1.0,"hits":[{"_index":"es-message-2019.05.02","_type":"_doc","_id":"kLaHeGoB4xywh91DNcug","_score":1.0,"_source":{"@timestamp":"2019-05-02T12:31:24.556Z","ecs":{"version":"1.0.0"},"host":{"name":"zy","hostname":"zy","architecture":"x86_64","os":{"name":"Windows 10 Pro","build":"17763.437","platform":"windows","version":"10.0","family":"windows","kernel":"10.0.17763.437 (WinBuild.160101.0800)"},"id":"67630411-0570-40f4-bf0a-b34f2b392beb"},"message":"127.0.0.1 - - [08/Apr/2019:11:38:49 +0800] \"GET /index1.html HTTP/1.1\" 200 1691 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36\"","agent":{"type":"filebeat","version":"7.0.0","id":"debbb419-bbdd-4bd4-b717-a61ca267cc37","ephemeral_id":"229fea9e-06d8-41dc-9fd1-eff656cd5e0c","hostname":"zy"},"log":{"offset":25598,"file":{"path":"D:\\sbf\\nginx-1.14.1\\logs\\access.log"}},"input":{"type":"log"},"@version":"1","tags":["beats_input_codec_plain_applied"]}}]}}

6、上面说明手工添加的一行access.log数据已经到了elasticsearch存储了。kibana如何展示呢？
在kibana中Dev Tools 中： GET _cat/indices，执行后可以得到第5步骤的值；
GET es-message-2019.05.02

7、配置kibana
Kibana->Management->index Patterns-->Create index patterns-->按提示两部完成配置；
在Discover中选择新建的es-messsage-*,选择时间，就会查询到一笔数据；