一步步建立ELKlog分析平台logstash6.5.4安装

目录

1. 下载logstash 

2. 复制一个default.conf 文件

3.启动logstash

1. 下载logstash 

# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.5.4.tar.gz

移动到安装目录解压 #tar -zxvf logstash-6.5.4.tar.gz

2. 复制一个default.conf 文件

这个配置架构里面&＃xff0c;log是直接通过beats来收集的&＃xff0c;没有经过Redis&＃xff0c;后期需要的时候&＃xff0c;再通过Redis来收集吧

#cp logstash-sample.conf default.conf[root&＃64;iZj6c8tmr3yb0ntvym98ryZ config]# more default.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.input {beats {port &＃61;> 5044}
}output {elasticsearch {hosts &＃61;> ["http://localhost:9200"]index &＃61;> "%{[&＃64;metadata][beat]}-%{[&＃64;metadata][version]}-%{&＃43;YYYY.MM.dd}"#user &＃61;> "elastic"#password &＃61;> "changeme"}
}

3.启动logstash

# ./logstash -f ../config/default.conf
Sending Logstash logs to /home/admin/logstash-6.5.4/logs which is now configured via log4j2.properties
[2019-01-20T13:21:40,807][WARN ][logstash.config.source.multilocal] Ignoring the &＃39;pipelines.yml&＃39; file because modules or command line options are specified
[2019-01-20T13:21:40,835][INFO ][logstash.runner ] Starting Logstash {"logstash.version"&＃61;>"6.5.4"}
[2019-01-20T13:21:44,165][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id&＃61;>"main", "pipeline.workers"&＃61;>2, "pipeline.batch.size"&＃61;>125, "pipeline.batch.delay"&＃61;>50}
[2019-01-20T13:21:44,776][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes&＃61;>{:removed&＃61;>[], :added&＃61;>[http://localhost:9200/]}}
[2019-01-20T13:21:45,039][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url&＃61;>"http://localhost:9200/"}
[2019-01-20T13:21:45,201][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version&＃61;>6}
[2019-01-20T13:21:45,205][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the &＃96;type&＃96; event field won&＃39;t be used to determine the document _type {:es_version&＃61;>6}
[2019-01-20T13:21:45,242][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class&＃61;>"LogStash::Outputs::ElasticSearch", :hosts&＃61;>["http://localhost:9200"]}
[2019-01-20T13:21:45,283][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path&＃61;>nil}
[2019-01-20T13:21:45,330][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template&＃61;>{"template"&＃61;>"logstash-*", "version"&＃61;>60001, "settings"&＃61;>{"index.refresh_interval"&＃61;>"5s"}, "mappings"&＃61;>{"_default_"&＃61;>{"dynamic_templates"&＃61;>[{"message_field"&＃61;>{"path_match"&＃61;>"message", "match_mapping_type"&＃61;>"string", "mapping"&＃61;>{"type"&＃61;>"text", "norms"&＃61;>false}}}, {"string_fields"&＃61;>{"match"&＃61;>"*", "match_mapping_type"&＃61;>"string", "mapping"&＃61;>{"type"&＃61;>"text", "norms"&＃61;>false, "fields"&＃61;>{"keyword"&＃61;>{"type"&＃61;>"keyword", "ignore_above"&＃61;>256}}}}}], "properties"&＃61;>{"&＃64;timestamp"&＃61;>{"type"&＃61;>"date"}, "&＃64;version"&＃61;>{"type"&＃61;>"keyword"}, "geoip"&＃61;>{"dynamic"&＃61;>true, "properties"&＃61;>{"ip"&＃61;>{"type"&＃61;>"ip"}, "location"&＃61;>{"type"&＃61;>"geo_point"}, "latitude"&＃61;>{"type"&＃61;>"half_float"}, "longitude"&＃61;>{"type"&＃61;>"half_float"}}}}}}}}
[2019-01-20T13:21:45,508][INFO ][logstash.outputs.elasticsearch] Installing elasticsearch template to _template/logstash
[2019-01-20T13:21:45,774][INFO ][logstash.inputs.beats ] Beats inputs: Starting input listener {:address&＃61;>"0.0.0.0:5044"}
[2019-01-20T13:21:45,968][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id&＃61;>"main", :thread&＃61;>"#"}
[2019-01-20T13:21:46,097][INFO ][org.logstash.beats.Server] Starting server on port: 5044
[2019-01-20T13:21:46,169][INFO ][logstash.agent ] Pipelines running {:count&＃61;>1, :running_pipelines&＃61;>[:main], :non_running_pipelines&＃61;>[]}
[2019-01-20T13:21:46,496][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port&＃61;>9600}

整个系统服务器端的安装工作完成&＃xff0c;下面我们需要做的就是在对于log服务器上安装log收集工具,beats