对常见的elk工具进行总结
cat /etc/issue # 检查系统版本
java -version #
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
sudo apt-get update
sudo apt-get install elasticsearch -y
sudo service elasticsearch start
echo "deb https://packages.elastic.co/logstash/2.3/debian stable main" | sudo tee -a /etc/apt/sources.list
sudo apt-get install logstash -y
sudo service logstash start
echo "deb http://packages.elastic.co/kibana/4.5/debian stable main" | sudo tee -a /etc/apt/sources.list
sudo apt-get install kibana -y
sudo service kibana start
sudo service nginx start
# nginx 的配置文件位于 /etc/nginx/sites-available/default
# 添加 access_log /home/shiyanlou/Code/elk/access.log;
接下来是具体的配置文件
# /etc/logstash/conf.d/logstash-shipper.conf
input {
stdin {}
file {
path => "~/access.log"
start_position => beginning
codec => multiline {
'negate' => true
'pattern' => '^\d'
'what' => 'previous'
}
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts=>["localhost:9200"]
index=>"logstash-%{+YYYY.MM.dd}"
}
}