win10安装ELK

  1、下载最新版本的各个安装包,当前最新为7.9,注意保持elk版本相同,它们是配套的。下载链接如下:

  logstash:https://www.elastic.co/cn/downloads/logstash

 

 

  elasticsearch:https://www.elastic.co/cn/downloads/elasticsearch

 

 

  kibana:https://www.elastic.co/cn/downloads/kibana

 

 

  2、解压到指定目录,如D盘的elk目录

 

 

  3、启动前准备:

  logstash:修改配置文件。打开D:/elk/logstash-7.9.0/config目录,里面有一个配置文件logstash-sample.conf,我们换成官网上简单的配置,新增logstash-simple.conf,内容为:

input { stdin { } }

output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}

 

  elasticsearch:IK分词器插件安装(可选步骤)。到https://github.com/medcl/elasticsearch-analysis-ik/releases下载跟es匹配的7.9.0版本压缩包,到D:\elk\elasticsearch-7.9.0\plugins目录下新建ik目录,解压到ik目录即可。先下载:  

  

  再解压到plugin\ik目录:

 

 

  

   kibana:不用做啥。

 

  4、启动:先启动es,再启动logstash和kibana。

  elasticsearch:到D:\elk\elasticsearch-7.9.0\bin双击elasticsearch.bat(注意,该版本要求至少JDK11,不过只是提示一下,JDK8也能起),启动报错的话到D:\elk\elasticsearch-7.9.0\logs目录打开elasticsearch.log查看详细信息。正常启动日志如下:

[2020-08-25T12:57:00,151][INFO ][o.e.n.Node               ] [WULF00] version[7.9.0], pid[18708], build[default/zip/a479a2a7fce0389512d6a9361301708b92dff667/2020-08-11T21:36:48.204330Z], OS[Windows 10/10.0/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/14.0.1/14.0.1+7]
[2020-08-25T12:57:00,166][INFO ][o.e.n.Node               ] [WULF00] JVM home [D:\Dev\Java\jdk-14.0.1]
[2020-08-25T12:57:00,169][INFO ][o.e.n.Node               ] [WULF00] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=SPI,COMPAT, -Xms1g, -Xmx1g, -XX:+UseG1GC, -XX:G1ReservePercent=25, -XX:InitiatingHeapOccupancyPercent=30, -Djava.io.tmpdir=C:\Users\wulf\AppData\Local\Temp\elasticsearch, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -XX:MaxDirectMemorySize=536870912, -Delasticsearch, -Des.path.home=D:\elk\elasticsearch-7.9.0, -Des.path.conf=D:\elk\elasticsearch-7.9.0\config, -Des.distribution.flavor=default, -Des.distribution.type=zip, -Des.bundled_jdk=true]
[2020-08-25T12:57:10,782][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [aggs-matrix-stats]
[2020-08-25T12:57:10,783][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [analysis-common]
[2020-08-25T12:57:10,783][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [constant-keyword]
[2020-08-25T12:57:10,783][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [flattened]
[2020-08-25T12:57:10,784][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [frozen-indices]
[2020-08-25T12:57:10,784][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [ingest-common]
[2020-08-25T12:57:10,785][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [ingest-geoip]
[2020-08-25T12:57:10,785][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [ingest-user-agent]
[2020-08-25T12:57:10,785][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [kibana]
[2020-08-25T12:57:10,786][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [lang-expression]
[2020-08-25T12:57:10,786][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [lang-mustache]
[2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [lang-painless]
[2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [mapper-extras]
[2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [parent-join]
[2020-08-25T12:57:10,787][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [percolator]
[2020-08-25T12:57:10,788][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [rank-eval]
[2020-08-25T12:57:10,788][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [reindex]
[2020-08-25T12:57:10,789][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [repository-url]
[2020-08-25T12:57:10,790][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [search-business-rules]
[2020-08-25T12:57:10,792][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [searchable-snapshots]
[2020-08-25T12:57:10,794][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [spatial]
[2020-08-25T12:57:10,794][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [tasks]
[2020-08-25T12:57:10,798][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [transform]
[2020-08-25T12:57:10,799][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [transport-netty4]
[2020-08-25T12:57:10,799][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [vectors]
[2020-08-25T12:57:10,800][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [wildcard]
[2020-08-25T12:57:10,803][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-analytics]
[2020-08-25T12:57:10,805][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-async]
[2020-08-25T12:57:10,805][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-async-search]
[2020-08-25T12:57:10,808][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-autoscaling]
[2020-08-25T12:57:10,809][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-ccr]
[2020-08-25T12:57:10,810][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-core]
[2020-08-25T12:57:10,810][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-data-streams]
[2020-08-25T12:57:10,811][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-deprecation]
[2020-08-25T12:57:10,811][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-enrich]
[2020-08-25T12:57:10,812][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-eql]
[2020-08-25T12:57:10,812][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-graph]
[2020-08-25T12:57:10,813][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-identity-provider]
[2020-08-25T12:57:10,815][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-ilm]
[2020-08-25T12:57:10,816][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-logstash]
[2020-08-25T12:57:10,819][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-ml]
[2020-08-25T12:57:10,820][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-monitoring]
[2020-08-25T12:57:10,821][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-ql]
[2020-08-25T12:57:10,822][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-rollup]
[2020-08-25T12:57:10,823][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-security]
[2020-08-25T12:57:10,825][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-sql]
[2020-08-25T12:57:10,825][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-stack]
[2020-08-25T12:57:10,828][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-voting-only-node]
[2020-08-25T12:57:10,829][INFO ][o.e.p.PluginsService     ] [WULF00] loaded module [x-pack-watcher]
[2020-08-25T12:57:10,830][INFO ][o.e.p.PluginsService     ] [WULF00] loaded plugin [analysis-ik]
[2020-08-25T12:57:11,546][INFO ][o.e.e.NodeEnvironment    ] [WULF00] using [1] data paths, mounts [[(D:)]], net usable_space [63.8gb], net total_space [199.9gb], types [NTFS]
[2020-08-25T12:57:11,547][INFO ][o.e.e.NodeEnvironment    ] [WULF00] heap size [1gb], compressed ordinary object pointers [true]
[2020-08-25T12:57:11,732][INFO ][o.e.n.Node               ] [WULF00] node name [WULF00], node ID [URMFKQ4TTyq-i5iTXmbk2w], cluster name [elasticsearch]
[2020-08-25T12:57:18,061][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [WULF00] [controller/28780] [Main.cc@114] controller (64 bit): Version 7.9.0 (Build 2639177a4c3ad6) Copyright (c) 2020 Elasticsearch BV
[2020-08-25T12:57:18,875][INFO ][o.e.x.s.a.s.FileRolesStore] [WULF00] parsed [0] roles from file [D:\elk\elasticsearch-7.9.0\config\roles.yml]
[2020-08-25T12:57:20,700][INFO ][o.e.d.DiscoveryModule    ] [WULF00] using discovery type [zen] and seed hosts providers [settings]
[2020-08-25T12:57:21,426][WARN ][o.e.g.DanglingIndicesState] [WULF00] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
[2020-08-25T12:57:22,082][INFO ][o.e.n.Node               ] [WULF00] initialized
[2020-08-25T12:57:22,083][INFO ][o.e.n.Node               ] [WULF00] starting ...
[2020-08-25T12:57:22,472][INFO ][o.e.t.TransportService   ] [WULF00] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2020-08-25T12:57:22,757][WARN ][o.e.b.BootstrapChecks    ] [WULF00] the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2020-08-25T12:57:22,771][INFO ][o.e.c.c.ClusterBootstrapService] [WULF00] no discovery configuration found, will perform best-effort cluster bootstrapping after [3s] unless existing master is discovered
[2020-08-25T12:57:25,787][INFO ][o.e.c.c.Coordinator      ] [WULF00] setting initial configuration to VotingConfiguration{URMFKQ4TTyq-i5iTXmbk2w}
[2020-08-25T12:57:26,043][INFO ][o.e.c.s.MasterService    ] [WULF00] elected-as-master ([1] nodes joined)[{WULF00}{URMFKQ4TTyq-i5iTXmbk2w}{piWsX17qSy69uh0zH5RCyA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=8467386368, xpack.installed=true, transform.node=true, ml.max_open_jobs=20} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 1, version: 1, delta: master node changed {previous [], current [{WULF00}{URMFKQ4TTyq-i5iTXmbk2w}{piWsX17qSy69uh0zH5RCyA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=8467386368, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]}
[2020-08-25T12:57:26,174][INFO ][o.e.c.c.CoordinationState] [WULF00] cluster UUID set to [X1PQ3RFQRgmUQdPMTQkQJA]
[2020-08-25T12:57:26,300][INFO ][o.e.c.s.ClusterApplierService] [WULF00] master node changed {previous [], current [{WULF00}{URMFKQ4TTyq-i5iTXmbk2w}{piWsX17qSy69uh0zH5RCyA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=8467386368, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
[2020-08-25T12:57:26,397][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-anomalies-] for [ml], because it doesn't exist
[2020-08-25T12:57:26,403][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-state] for [ml], because it doesn't exist
[2020-08-25T12:57:26,431][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-config] for [ml], because it doesn't exist
[2020-08-25T12:57:26,443][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-inference-000002] for [ml], because it doesn't exist
[2020-08-25T12:57:26,469][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-meta] for [ml], because it doesn't exist
[2020-08-25T12:57:26,479][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-notifications-000001] for [ml], because it doesn't exist
[2020-08-25T12:57:26,488][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.ml-stats] for [ml], because it doesn't exist
[2020-08-25T12:57:26,552][INFO ][o.e.h.AbstractHttpServerTransport] [WULF00] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}, {[::1]:9200}
[2020-08-25T12:57:26,556][INFO ][o.e.n.Node               ] [WULF00] started
[2020-08-25T12:57:26,571][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.watch-history-11] for [watcher], because it doesn't exist
[2020-08-25T12:57:26,580][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.triggered_watches] for [watcher], because it doesn't exist
[2020-08-25T12:57:26,589][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.watches] for [watcher], because it doesn't exist
[2020-08-25T12:57:26,601][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [ilm-history] for [index_lifecycle], because it doesn't exist
[2020-08-25T12:57:26,604][INFO ][o.e.x.c.t.IndexTemplateRegistry] [WULF00] adding legacy template [.slm-history] for [index_lifecycle], because it doesn't exist
[2020-08-25T12:57:26,672][INFO ][o.e.g.GatewayService     ] [WULF00] recovered [0] indices into cluster_state
[2020-08-25T12:57:26,721][INFO ][o.w.a.d.Dictionary       ] [WULF00] try load config from D:\elk\elasticsearch-7.9.0\config\analysis-ik\IKAnalyzer.cfg.xml
[2020-08-25T12:57:26,731][INFO ][o.w.a.d.Dictionary       ] [WULF00] try load config from D:\elk\elasticsearch-7.9.0\plugins\ik\config\IKAnalyzer.cfg.xml
[2020-08-25T12:57:27,348][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-anomalies-] for index patterns [.ml-anomalies-*]
[2020-08-25T12:57:27,536][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-state] for index patterns [.ml-state*]
[2020-08-25T12:57:27,708][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-config] for index patterns [.ml-config]
[2020-08-25T12:57:27,877][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-inference-000002] for index patterns [.ml-inference-000002]
[2020-08-25T12:57:28,043][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-meta] for index patterns [.ml-meta]
[2020-08-25T12:57:28,197][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-notifications-000001] for index patterns [.ml-notifications-000001]
[2020-08-25T12:57:28,364][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.ml-stats] for index patterns [.ml-stats-*]
[2020-08-25T12:57:28,519][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [metrics-settings]
[2020-08-25T12:57:28,646][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [logs-mappings]
[2020-08-25T12:57:28,780][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [metrics-mappings]
[2020-08-25T12:57:28,913][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding component template [logs-settings]
[2020-08-25T12:57:29,051][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.watch-history-11] for index patterns [.watcher-history-11*]
[2020-08-25T12:57:29,167][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.triggered_watches] for index patterns [.triggered_watches*]
[2020-08-25T12:57:29,295][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.watches] for index patterns [.watches*]
[2020-08-25T12:57:29,432][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [ilm-history] for index patterns [ilm-history-2*]
[2020-08-25T12:57:29,588][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.slm-history] for index patterns [.slm-history-2*]
[2020-08-25T12:57:29,723][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-7-*]
[2020-08-25T12:57:29,838][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-es] for index patterns [.monitoring-es-7-*]
[2020-08-25T12:57:29,963][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-beats] for index patterns [.monitoring-beats-7-*]
[2020-08-25T12:57:30,107][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-alerts-7] for index patterns [.monitoring-alerts-7]
[2020-08-25T12:57:30,257][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-7-*]
[2020-08-25T12:57:30,415][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding index template [metrics] for index patterns [metrics-*-*]
[2020-08-25T12:57:30,583][INFO ][o.e.c.m.MetadataIndexTemplateService] [WULF00] adding index template [logs] for index patterns [logs-*-*]
[2020-08-25T12:57:30,727][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [ml-size-based-ilm-policy]
[2020-08-25T12:57:30,862][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [logs]
[2020-08-25T12:57:30,969][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [metrics]
[2020-08-25T12:57:31,078][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [watch-history-ilm-policy]
[2020-08-25T12:57:31,198][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [ilm-history-ilm-policy]
[2020-08-25T12:57:31,305][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [WULF00] adding index lifecycle policy [slm-history-ilm-policy]
[2020-08-25T12:57:31,560][INFO ][o.e.l.LicenseService     ] [WULF00] license [91e16262-b7e5-41e2-8a1e-797ca29f994c] mode [basic] - valid
[2020-08-25T12:57:31,562][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [WULF00] Active license is now [BASIC]; Security is disabled

  

  kibana:同样的,到D:\elk\kibana-7.9.0-windows-x86_64\bin目录双击kibana.bat即可。它启动时间比较久,耐心等待吧。正常启动后日志如下:

  log   [05:00:38.390] [warning][plugins-discovery] Expect plugin "id" in camelCase, but found: beats_management
  log   [05:00:38.407] [warning][plugins-discovery] Expect plugin "id" in camelCase, but found: triggers_actions_ui
[BABEL] Note: The code generator has deoptimised the styling of D:\elk\kibana-7.9.0-windows-x86_64\x-pack\plugins\canvas\server\templates\pitch_presentation.js as it exceeds the max of 500KB.
  log   [05:02:24.387] [info][plugins-service] Plugin "visTypeXy" is disabled.
  log   [05:02:24.388] [info][plugins-service] Plugin "auditTrail" is disabled.
  log   [05:02:26.655] [warning][legacy-service] Some installed third party plugin(s) [xpack_main, monitoring, spaces, security, beats_management, apm_oss, console_legacy, elasticsearch, kibana, status_page, timelion] are using the legacy plugin format and will no longer work in a future Kibana release. Please refer to https://ela.st/kibana-breaking-changes-8-0 for a list of breaking changes and https://ela.st/kibana-platform-migration for documentation on how to migrate legacy plugins.
  log   [05:02:26.690] [warning][config][deprecation] Config key [monitoring.cluster_alerts.email_notifications.email_address] will be required for email notifications to work in 8.0."
  log   [05:02:26.830] [info][plugins-system] Setting up [92] plugins: [taskManager,licensing,observability,globalSearch,globalSearchProviders,code,usageCollection,ossTelemetry,telemetryCollectionManager,telemetry,telemetryCollectionXpack,kibanaUsageCollection,kibanaLegacy,newsfeed,mapsLegacy,translations,timelion,share,legacyExport,esUiShared,bfetch,expressions,data,home,cloud,console,consoleExtensions,apmOss,searchprofiler,painlessLab,grokdebugger,management,upgradeAssistant,licenseManagement,indexPatternManagement,advancedSettings,fileUpload,dataEnhanced,savedObjects,visualizations,visTypeTimelion,features,security,snapshotRestore,reporting,encryptedSavedObjects,ingestManager,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,enterpriseSearch,beats_management,transform,ingestPipelines,maps,graph,canvas,visTypeVega,visTypeTable,visTypeMarkdown,visualize,tileMap,regionMap,inputControlVis,dashboard,dashboardMode,charts,lens,visTypeVislib,visTypeTimeseries,rollup,visTypeTagcloud,visTypeMetric,watcher,discover,discoverEnhanced,savedObjectsManagement,spaces,lists,eventLog,actions,case,alerts,alertingBuiltins,ml,securitySolution,infra,monitoring,logstash,apm,uptime]
  log   [05:02:27.843] [warning][config][plugins][security] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in kibana.yml
  log   [05:02:27.844] [warning][config][plugins][security] Session cookies will be transmitted over insecure connections. This is not recommended.
  log   [05:02:27.882] [warning][config][plugins][reporting] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in kibana.yml
  log   [05:02:27.888] [warning][config][encryptedSavedObjects][plugins] Generating a random key for xpack.encryptedSavedObjects.encryptionKey. To be able to decrypt encrypted saved objects attributes after restart, please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml
  log   [05:02:27.890] [info][config][plugins][reporting] Chromium sandbox provides an additional layer of protection, and is supported for Win32 OS. Automatically enabling Chromium sandbox.
  log   [05:02:27.898] [warning][ingestManager][plugins] Fleet APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml.
  log   [05:02:27.995] [warning][actions][actions][plugins] APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml.
  log   [05:02:28.017] [warning][alerting][alerts][plugins][plugins] APIs are disabled due to the Encrypted Saved Objects plugin using an ephemeral encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in kibana.yml.
  log   [05:02:28.158] [info][monitoring][monitoring][plugins] config sourced from: production cluster
  log   [05:02:28.159] [warning][monitoring][monitoring][plugins] X-Pack Monitoring Cluster Alerts will not be available: undefined
  log   [05:02:28.566] [info][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...
  log   [05:02:28.568] [info][savedobjects-service] Starting saved objects migrations
  log   [05:02:28.593] [info][savedobjects-service] Creating index .kibana_task_manager_1.
  log   [05:02:28.602] [info][savedobjects-service] Creating index .kibana_1.
  log   [05:02:29.417] [info][savedobjects-service] Pointing alias .kibana_task_manager to .kibana_task_manager_1.
  log   [05:02:29.564] [info][savedobjects-service] Pointing alias .kibana to .kibana_1.
  log   [05:02:29.695] [info][savedobjects-service] Finished in 1102ms.
  log   [05:02:29.782] [info][savedobjects-service] Finished in 1191ms.
  log   [05:02:29.827] [info][plugins-system] Starting [92] plugins: [taskManager,licensing,observability,globalSearch,globalSearchProviders,code,usageCollection,ossTelemetry,telemetryCollectionManager,telemetry,telemetryCollectionXpack,kibanaUsageCollection,kibanaLegacy,newsfeed,mapsLegacy,translations,timelion,share,legacyExport,esUiShared,bfetch,expressions,data,home,cloud,console,consoleExtensions,apmOss,searchprofiler,painlessLab,grokdebugger,management,upgradeAssistant,licenseManagement,indexPatternManagement,advancedSettings,fileUpload,dataEnhanced,savedObjects,visualizations,visTypeTimelion,features,security,snapshotRestore,reporting,encryptedSavedObjects,ingestManager,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,enterpriseSearch,beats_management,transform,ingestPipelines,maps,graph,canvas,visTypeVega,visTypeTable,visTypeMarkdown,visualize,tileMap,regionMap,inputControlVis,dashboard,dashboardMode,charts,lens,visTypeVislib,visTypeTimeseries,rollup,visTypeTagcloud,visTypeMetric,watcher,discover,discoverEnhanced,savedObjectsManagement,spaces,lists,eventLog,actions,case,alerts,alertingBuiltins,ml,securitySolution,infra,monitoring,logstash,apm,uptime]
  log   [05:02:29.830] [info][plugins][taskManager][taskManager] TaskManager is identified by the Kibana UUID: ed0746b8-407b-4177-9a9e-86c5b5b2e91f
  log   [05:02:29.871] [info][crossClusterReplication][plugins] Your basic license does not support crossClusterReplication. Please upgrade your license.
  log   [05:02:29.884] [info][plugins][watcher] Your basic license does not support watcher. Please upgrade your license.
  log   [05:02:29.890] [info][kibana-monitoring][monitoring][monitoring][plugins] Starting monitoring stats collection
  log   [05:02:45.241] [info][status][plugin:kibana@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.256] [info][status][plugin:elasticsearch@7.9.0] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [05:02:45.264] [info][status][plugin:elasticsearch@7.9.0] Status changed from yellow to green - Ready
  log   [05:02:45.276] [info][status][plugin:xpack_main@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.314] [info][status][plugin:monitoring@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.324] [info][status][plugin:spaces@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.333] [info][status][plugin:security@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.341] [info][status][plugin:beats_management@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.417] [info][status][plugin:apm_oss@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.440] [info][status][plugin:console_legacy@7.9.0] Status changed from uninitialized to green - Ready
  log   [05:02:45.461] [info][listening] Server running at http://localhost:5601
  log   [05:02:46.425] [info][server][Kibana][http] http server running at http://localhost:5601

 

  logstash:最后这个需要手动打开命令行窗口,手敲命令启动,因为我们得指定配置文件:

C:\Users\wulf>D:

D:\>cd elk\logstash-7.9.0\bin

D:\elk\logstash-7.9.0\bin>.\logstash -f ..\config\logstash-simple.conf
Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option UseConcMarkSweepGC; support was removed in 14.0
Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option CMSInitiatingOccupancyFraction; support was removed in 14.0
Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option UseCMSInitiatingOccupancyOnly; support was removed in 14.0
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/C:/Users/wulf/AppData/Local/Temp/jruby-27532/jruby4470915235160336384jopenssl.jar) to field java.security.MessageDigest.provider
WARNING: Please consider reporting this to the maintainers of org.jruby.ext.openssl.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Sending Logstash logs to D:/elk/logstash-7.9.0/logs which is now configured via log4j2.properties
[2020-08-25T13:09:24,228][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.9.0", "jruby.version"=>"jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 Java HotSpot(TM) 64-Bit Server VM 14.0.1+7 on 14.0.1+7 +indy +jit [mswin32-x86_64]"}
[2020-08-25T13:09:24,466][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"D:/elk/logstash-7.9.0/data/queue"}
[2020-08-25T13:09:24,487][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"D:/elk/logstash-7.9.0/data/dead_letter_queue"}
[2020-08-25T13:09:24,627][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-08-25T13:09:24,674][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"fb617415-7a0d-4904-b930-f9b1e928a519", :path=>"D:/elk/logstash-7.9.0/data/uuid"}
[2020-08-25T13:09:26,218][INFO ][org.reflections.Reflections] Reflections took 56 ms to scan 1 urls, producing 22 keys and 45 values
[2020-08-25T13:09:27,890][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2020-08-25T13:09:28,127][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2020-08-25T13:09:28,227][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
[2020-08-25T13:09:28,234][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2020-08-25T13:09:28,310][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost:9200"]}
[2020-08-25T13:09:28,377][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>7, :ecs_compatibility=>:disabled}
[2020-08-25T13:09:28,426][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["D:/elk/logstash-7.9.0/config/logstash-simple.conf"], :thread=>"#<Thread:0x631dcd4d run>"}
[2020-08-25T13:09:28,492][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1, "index.lifecycle.name"=>"logstash-policy", "index.lifecycle.rollover_alias"=>"logstash"}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2020-08-25T13:09:28,523][INFO ][logstash.outputs.elasticsearch][main] Installing elasticsearch template to _template/logstash
[2020-08-25T13:09:28,949][INFO ][logstash.outputs.elasticsearch][main] Creating rollover alias <logstash-{now/d}-000001>
[2020-08-25T13:09:29,788][INFO ][logstash.outputs.elasticsearch][main] Installing ILM policy {"policy"=>{"phases"=>{"hot"=>{"actions"=>{"rollover"=>{"max_size"=>"50gb", "max_age"=>"30d"}}}}}} to _ilm/policy/logstash-policy
[2020-08-25T13:09:29,808][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>1.38}
[2020-08-25T13:09:29,971][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2020-08-25T13:09:30,078][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2020-08-25T13:09:30,716][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

 

   5、测试。我们在logstash的窗口输入hello world,接着利用kibana去看es的存储结果:

 

 

  在浏览器(建议用Chome,不要用IE,可能加载不出来)敲入localhost:5601,页面出来后,点击右边按钮展示我们自己的es数据

 

 

 

   进入页面后,拉到底,点击Stack Manager:

 

  

  再点击Index Management,就看到我们刚才敲入的日志的索引:

 

 

  为了看到我们敲入的hello world,我们得在kibana创建一个索引:

 

 

  输入我们的索引,点击下一步:

 

   选择是否按时间戳过滤,最后点击创建:

 

  

  再次进入Discovery,在搜索框中敲入hello:

 

posted on 2020-08-25 14:39  不想下火车的人  阅读(4458)  评论(0编辑  收藏  举报

导航