Elasticsearch-7.9.2入门

安装Elasticsearch

参考：https://www.elastic.co/guide/en/elasticsearch/reference/7.9/docker.html

docker pull elasticsearch:7.9.2
docker run --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.9.2　　

　　适应elasticsearch-head访问

docker exec -it elasticsearch /bin/bash
vi config/elasticsearch.yml
http.cors.enabled: true
http.cors.allow-origin: "*"
docker restart elasticsearch　　

elasticsearch-head

参考：https://github.com/BINGJJFLY/elasticsearch-head

kibana&sense（dev tools）

docker pull kibana:7.9.2
docker run --name kibana --link elasticsearch:elasticsearch -p 5601:5601 kibana:7.9.2

Filebeat

curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.9.2-linux-x86_64.tar.gz
tar xzvf filebeat-7.9.2-linux-x86_64.tar.gz

docker run -p 80:80 -d --name nginx -v /home/nginx/logs:/var/log/nginx nginx:1.15.12

vim filebeat-nginx.yml
  
filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false
        
output.elasticsearch:
  hosts: ["http://192.168.88.128:9200"]

setup.kibana:
  host: "192.168.88.128:5601"

./filebeat -c filebeat-nginx.yml setup  
  
./filebeat modules list  
./filebeat modules enable nginx
./filebeat modules disable nginx

vim ./modules.d/nginx.yml

access:
    enabled: true
    var.paths: ["/home/nginx/logs/access.log*"]
error:
    enabled: true
    var.paths: ["/home/nginx/logs/error.log*"]

nohup ./filebeat -e -c filebeat-nginx.yml > /dev/null 2>&1 &

Metricbeat

curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.9.2-linux-x86_64.tar.gz
tar xzvf metricbeat-7.9.2-linux-x86_64.tar.gz

vim metricbeat.yml

output.elasticsearch:
  hosts: ["192.168.88.128:9200"]
  
setup.kibana:
  host: "192.168.88.128:5601"

./metricbeat setup --dashboards  

./metricbeat modules list
./metricbeat modules enable nginx  

vim nginx.conf

location /nginx-status {
	stub_status on;
	access_log off;
}  

# 启动nginx，并开启指标查询模块
nginx -V
--prefix=/etc/nginx --with-http_stub_status_module

vim modules.d/nginx.yml

hosts: ["http://192.168.88.128"]
server_status_path: "nginx-status"

nohup ./metricbeat -e >/dev/null 2>&1 &

Logstash　　

docker run --name logstash -p 5044:5044 --link elasticsearch:elasticsearch -d logstash:7.9.2

vi pipeline/logstash.conf

input {
  beats {
    port => "5044"
  }
}

filter {
  mutate {
    split => {
      "message" => "|"
    }
  }
  mutate {
    add_field => {
      "userId" => "%{[message][1]}"
      "visit" => "%{[message][2]}"
      "date" => "%{[message][3]}"
    }
  }
  mutate {
    convert => {
      "userId" => "integer"
      "visit" => "string"
      "date" => "string"
    }
  }
}

output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
  }
}

vim filebeat-dashboard.yml

filebeat.inputs:
-type: log
  enable: true
  paths:
    - /home/log/*.log

output.logstash:
   hosts: 192.168.88.128:5044
   
nohup ./filebeat -e -c filebeat-dashboard.yml > /dev/null 2>&1 &   
   
echo "[INFO] 2019-01-03 12:00:00 [com.wjz.Test]|1003|加入购物车|2019-01-03 12:00:00" >> /home/log/test.log