windows部署elk8.5.3记录
安装文件下载地址
https://www.elastic.co/cn/downloads/
ES部署
官方参考:
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html
版本是8.5.3
8.5.3的版本有内置的jdk,所以不需要我们的电脑先安装jdk环境了
1下载压缩包解压
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-windows-x86_64.zip
2打开配置文件
elasticsearch-8.5.3-windows-x86_64\elasticsearch-8.5.3\config\elasticsearch.yml
把network.host改成局域网的IP(cmd用 ipconfig查询),别用默认的localhost,不然可能启动不成功
增加这个配置 ingest.geoip.downloader.enabled: false
不然可能启动爆下面的错误,它启动时会去更新地图的一些数据库,这里直接禁掉即可,用到时再说
exception during geoip databases updateorg.elasticsearch.ElasticsearchException: not all primary shards of [.geoip_databases] index are active
at org.elasticsearch.ingest.geoip@8.5.3/org.elasticsearch.ingest.geoip.GeoIpDownloader.updateDatabases(GeoIpDownloader.java:134)
3 双击启动 elasticsearch.bat,
第一次启动会输出账号信息和令牌,记得保存
如果忘记保存,在es的bin目录,执行cmd然后执行:elasticsearch-reset-password -u elastic
就会输出如下账号密码,然后重启下elasticsearch.bat就好
Password for the [elastic] user successfully reset.
New value: 2QUn9Lx8=KyCuF9CT*=w
4浏览器访问地址:https://localhost:9200/ 就输出如下信息了
{
"name": "DESKTOP-SFU7P79",
"cluster_name": "elasticsearch",
"cluster_uuid": "xQDBMZANT6SvErnIVrNaEQ",
"version": {
"number": "8.5.3",
"build_flavor": "default",
"build_type": "zip",
"build_hash": "4ed5ee9afac63de92ec98f404ccbed7d3ba9584e",
"build_date": "2022-12-05T18:22:22.226119656Z",
"build_snapshot": false,
"lucene_version": "9.4.2",
"minimum_wire_compatibility_version": "7.17.0",
"minimum_index_compatibility_version": "7.0.0"
},
"tagline": "You Know, for Search"
}
kibana部署
官方参考:
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-stack-security.html
1下载解压
https://artifacts.elastic.co/downloads/kibana/kibana-8.5.3-windows-x86_64.zip
2修改配置
kibana的config文件夹中的kibana.yml
server.port: 5601
server.host: "192.168.1.106"
i18n.locale: "zh-CN"
3生成秘钥
如果之前安装es保存了密钥就不用再生产了,不然就在es的bin目录下执行
elasticsearch-create-enrollment-token -s kibana
>elasticsearch-create-enrollment-token -s kibana
warning: ignoring JAVA_HOME=D:\mySoftwareWork\java\jdk1.8.0_91; using bundled JDK
eyJ2ZXIiOiI4LjUuMyIsImFkciI6WyIxOTIuMTY4LjEuMTA2OjkyMDAiXSwiZmdyIjoiZTJhMWY3ZGZjMzM5NjVmNDA4N2QxY2UzZTM1ZDY5ZmRhMWVhZDljN2RhMDIwNGY5MWU1MTIyYTc3ZDljOTQ4NCIsImtleSI6Ii12dHlHNFVCSXdOSklKVG5MSXV5OmI4ZnJXc3pLUTQtZWZsUDgyaGhsRHcifQ==
4启动bin\kibana.bat
输入密钥,然后输入es账号登录到控制台页面
logstach部署
下载解压
https://artifacts.elastic.co/downloads/logstash/logstash-8.5.3-windows-x86_64.zip
官方配置参考:
https://www.elastic.co/guide/en/logstash/current/configuration.html
添加配置文件
logstash-simple.conf内容如下,表示从标准输入,filebeat输入,两个过滤器,然后从标准出书和es输出
input {
stdin {}
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
stdout {}
elasticsearch {
hosts => ["https://192.168.1.106:9200"]
index => "my-es-index"
user => "elastic"
password => "2QUn9Lx8=KyCuF9CT*=w"
cacert => "C:\Users\10995\Desktop\elk\elasticsearch-8.5.3-windows-x86_64\elasticsearch-8.5.3\config\certs\http_ca.crt"
}
}
启动
启动
bin/logstash -f logstash-simple.conf
检查配置文件是否有问题
bin/logstash -f logstash-simple.conf --config.test_and_exit
重载配置文件
bin/logstash -f logstash-simple.conf --config.reload.automatic
filebeat
官方文档
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html
配置参考
https://www.elastic.co/guide/en/beats/filebeat/current/configuring-howto-filebeat.html
安装方式有两种,可以选择安装为window服务,或者不按照直接解压,使用命令启动,这里选择第二种(https://blog.csdn.net/zhousenshan/article/details/81053976)
下载解压
https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.5.3-windows-x86_64.zip
新建配置文件 filebeat-config.yml,内容如下,表示抓取logs目录下所有文件内容传到logstash,当然也可以加*.log来过滤文件等
filebeat.inputs:
- type: filestream
paths:
- C:\Users\10995\Desktop\elk\logs\*
output.logstash:
hosts: ["localhost:5044"]
cmd启动
filebeat.exe -e -c filebeat-config.yml
测试
