参考文章:
https://www.cnblogs.com/liuyuhua/p/5711026.html
https://www.cnblogs.com/huangll99/p/6646859.html
版本说明:
elasticsearch-6.3.2
logstash-6.3.2
kibana-6.3.2-windows-x86_64
jdk1.8
win10
下载地址:
Java: http://www.oracle.com/technetwork/java/javase/downloads/index.html
Logstash: https://www.elastic.co/downloads/logstash
Elasticsearch: https://www.elastic.co/downloads/elasticsearch
Kibana: https://www.elastic.co/downloads/kibana
帮助文档
Logstash https://www.elastic.co/guide/en/logstash/current/codec-plugins.html
Elasticsearch https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html
Kibana https://www.elastic.co/guide/en/kibana/current/index.html
一、jdk环境变量配置
jdk使用1.8在此,不多描述
二、elasticsearch启动
启动:
D:\SERVICE\elasticsearch-6.1.3\bin\elasticsearch-service.bat start
三、kibana启动
1.配置elasticsearch
- Open config/kibana.yml in an editor
- Set elasticsearch.url to point at your Elasticsearch instance
2.启动
Run bin/kibana (or bin\kibana.bat on Windows)
3.访问
Point your browser at http://localhost:5601
4.设置为其他电脑访问
如何需要外网访问,注意需要在kibana.yml 中 配置对应ip否则只能本机访问
三、logstash配置
参考:https://blog.youkuaiyun.com/loophome/article/details/52353869
配置:
1.配置GROK表达式
表达式测试地址:需要科学上网
http://grokdebug.herokuapp.com/?#
参考:https://blog.youkuaiyun.com/yanggd1987/article/details/50486779
2.编辑配置文件——参考
input {
file {
path => "D:/SERVICE/logstash-6.3.2/test.log"
#type是给结果增加一个type属性,值为"error"的条目
type => "nginxlogtest"
#从开始位置开始读取
start_position => beginning
}
}
filter {
grok {
match => {
"message" => "%{IPORHOST:clientip} \- \- \[%{TIMESTAMP_ISO8601:timestamp}\] \"(%{WORD:verb} %{DATA:rawrequest})\" %{NUMBER:status} %{NUMBER:bytes} %{QS:referer} \"%{GREEDYDATA:agent}\" \"%{NUMBER:requestTime}\""
}
}
date {
match => [ "timestamp","dd/MMM/yyyy:HH:mm:ss Z" ]
}
mutate {
convert => ["requestTime", "float"]
}
}
output {
elasticsearch {
hosts => "127.0.0.1:9200"
index => "nginxlogtest"
}
stdout { codec => rubydebug }
}
3.启动
.\logstash.bat -f D:\SERVICE\logstash-6.3.2\conf\nginx-test.conf
注意在测试的时候,会发现文件被读取一次后,就不会在读取。此时需要删除之前的读取缓存记录后再重新运行
删除读取记录缓存:
目录下收索 sincedb文件,并删除
4.停止服务
问题:
[ERROR] 2018-08-01 15:39:55.904 [main] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (GemfileNotFound) D:/SERVICE/logstash-6.3.2/Gemfile not found
解决:压缩包没有解压完整,需要重新解压
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
