Elk+redis的配置

1.先到网站上下载 https://www.elastic.co/cn/downloads，需要的工具

Elasticsearch，Kibana，Logstash，Filebeat。

先把redis安装好。安装redis略过。

2.主要是每个工具的配置文件：

Elasticsearch 直接解压后启动即可：./bin/elasticsearch

做成启动文件如下：startup.sh

#!/bin/bash
nohup $HOME/apps/elk/elasticsearch-4.5.0/bin/elasticsearch 2>&1 &

 

Kibana：修改配置文件elasticsearch的地址，之后启动，./bin/kibana

做成启动文件startup.sh:

#!/bin/bash
path1=$HOME/apps/elk/kibana-5.5.0-linux-x86_64
nohup ${path1}/bin/kibana >${path1}/kibana.out 2>&1 &
exit

 

Filebeat：修改配置文件后，启动为： ./filebeat -e -c filebeat.yml

启动文件startup.sh

#!/bin/bash
path1=$HOME/apps/elk/filebeat-5.5.0-linux-x86_64
nohup ${path1}/filebeat -e -c filebeat.yml >${path1}/filebeat.out  2>&1  &

 

filebeat配置文件，配置不同文件类型；

- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /home/lambert/apps/tomcat7-web/tomcat-7-*/logs/catalina.out
  document_type: apache

- input_type: log

  paths:
     - /home/lambert/apps/elk/kibana-5.5.0-linux-x86_64/kibana.out
  document_type: kibana

 

Logstash：配置文件

input {
  beats {
    port => "5044"
    tags=> "beat"
  }
  redis {
    host => "127.0.0.1"
    port => 6379
    data_type => "list"
    key => "logstash-list"
    tags => "redis"
  }
}
output {
   if "beat" in [tags] and "redis" not in [tags] {
        redis {
                host => "127.0.0.1"
                port  => "6379"
                data_type => "list"
                key => "logstash-list"
         }
   }else {
         elasticsearch { hosts => ["localhost:9200"] }
   }
   stdout { codec => rubydebug }
}

启动为：./bin/logstash -f ./logstash.conf

做成启动文件startup.sh

#!/bin/bash
path1=$HOME/apps/elk/logstash-5.5.0
nohup ${path1}/bin/logstash -f ${path1}/logstash.conf>${path1}/logstash.out  2>&1  &

 

好了启动之后就可以访问

kibana了默认访问地址是：5061端口