本文提供了一套详细的ELK堆栈(Elasticsearch、Logstash、Kibana)安装教程,涵盖各组件的配置与启动流程。适用于Windows环境下搭建日志收集分析平台。
一、elasticsearch安装步骤
1.官网下载安装包
https://www.elastic.co/cn/downloads/elasticsearch elasticsearch
https://www.elastic.co/cn/downloads/logstash logstash
https://www.elastic.co/cn/downloads/kibana kibana
2.解压缩后到/elasticsearch/config目录下打开elasticsearch.yml文件进行修改
#集群名称,不同服务器上的集群名称需一样,才能形成集群
cluster.name: elasticsearch
#集群中的几点名称,不能重复
node.name: node-1
#索引分片个数
#index.number_of_shards: 5
#索引副本个数
#index.number_of_replicas: 1
#绑定IP
network.host: 127.0.0.1
#交互的IP
transport.tcp.port: 9300
#对外服务端口
http.port: 9200
#
http.cors.enabled: true
http.cors.allow-origin: "*"
#
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
#是否可以成为主节点
node.master: true
#是否可以成为存储节点
node.data: true
#集群的服务器地址
discovery.zen.ping.unicast.hosts: ["127.0.0.1","127.0.0.1"]
#最少启动的集群服务器数量
discovery.zen.minimum_master_nodes: 13.启动es
找到/elasticsearch/bin目录下elasticsearch.bat,双击启动
二、logstash安装步骤
1.解压缩后在/logstash/目录下新建一个 .conf文件,用来配置输入输出语句,我这里使用logstash的是postgre(oracle、mysql等)与elasticsearch同步数据,这里贴出配置片段
input {
jdbc {
jdbc_driver_library => "D:/logstash-5.6.2/postgresql-9.4-1204.jdbc4.jar"
jdbc_driver_class => "org.postgresql.Driver"
jdbc_connection_string => "jdbc:postgresql://localhost:5432/postgres"
jdbc_user => "postgres"
jdbc_password => "postgres"
jdbc_paging_enabled => "true"
use_column_value => true
tracking_column => id
jdbc_page_size => "50000"
schedule => "* * * * *"
statement_filepath => "D:/logstash-5.6.2/template/xxx.sql"
}
}
output {
elasticsearch {
hosts => "localhost:9200"
sniffing => true
index => "jdbc"
document_type => "jdbc"
template_overwrite => true
template => "D:/logstash-5.6.2/template/es.json"
}
}jdbc_driver_library :postgre-jdbc的jar包
use_column_value :监控值改变
tracking_column :监控的字段
schedule :多长时间同步一次,这里是一分钟一次
statement_filepath :同步sql的路径,就一个查询的sql文件
template : elastcisearch动态模板,在logstash下新建文件夹,然后新建文件 xxx.json,下面贴出模板片段
{
"template" : "jdbc",
"settings" : {
"index.number_of_shards" : 5,
"index.number_of_replicas" : 1,
"index.refresh_interval" : "5s",
"index": {
"analysis": {
"analyzer": {
"ik_smart": { "type": "custom", "tokenizer": "ik_smart" },
"ik": { "type": "custom", "tokenizer": "ik_max_word" } }
}
}
},
"mappings" : {
"_default_" : {
"_all" : {
"enabled" : true,
"norms" : false
},
"dynamic_templates" : [
{
"question_field" : {
"path_match" : "question",
"match_mapping_type" : "string",
"mapping" : { "type" : "text", "analyzer" : "ik", "norms" : false }}
},
{
"answer_field" : {
"path_match" : "answer",
"match_mapping_type" : "string",
"mapping" : { "type" : "text", "analyzer" : "ik", "norms" : false }}
},
{
"string_fields" : {
"match" : "*",
"match_mapping_type" : "string",
"mapping" : { "type" : "text", "norms" : false, "fields" : { "keyword" : { "type" : "keyword" } } } }
}
],
"properties" : {
"@timestamp" : {
"type" : "date",
"include_in_all" : false },
"@version" : {
"type" : "keyword",
"include_in_all" : false }
}
}
}
}都配置好后,启动logstash,该sql就会自动从postgres数据库中同步到elasticsearch中了
启动logstash的windows方法如下
cd D:\logstash-5.6.2\bin
logstash -f D:\logstash-5.6.2\xxx.conf三、kibana安装步骤
1.解压缩后找到/kibana/config下kibana.yml文件,打开修改
server.port: 5601
server.host: "127.0.0.1"
elasticsearch.url: "http://127.0.0.1:9200"2.然后找到/kibana/bin下kibana.bat文件,然后双击启动即可
至此,windows下ELK全部启动完成,其中我还用到elasticsearch的head插件和ik分词插件,ik插件直接从官网下载后放到\elasticsearch-5.6.2\plugins下即可
https://github.com/medcl/elasticsearch-analysis-ik/releases ik插件下载地址
head插件安装,elasticsearch5版本下需要独立安装,具体安装步骤可以自行百度~
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
