- start_position => beginning 的作用是从头开始读数据,如果不加这个配置,就会产生类似
tail -f /var/log/messages
的效果,只对新生成的数据进行跟踪,此刻以前的都直接忽略,此配置得在具体环境下考虑使用与否
致此,ELK基本的搭建与操作就完成了
命令汇总
java -version
cat /etc/yum.repos.d/elk.repo
wget https://packages.elastic.co/GPG-KEY-elasticsearch
rpm --import GPG-KEY-elasticsearch
yumdownloader elasticsearch logstash
wget https://download.elastic.co/kibana/kibana/kibana-4.3.1-linux-x64.tar.gz
sha1sum *
rpm -ivh elasticsearch-2.1.1.rpm
chkconfig --add elasticsearch
chkconfig --list | grep elasticsearch
/etc/init.d/elasticsearch start
netstat -ant | grep 9200
netstat -ant | grep 9300
curl localhost:9200/_cat/health?v
curl localhost:9200/_cat/nodes?v
curl 'localhost:9200/_cat/allocation?v'
tar -zxvf kibana-4.3.1-linux-x64.tar.gz
vim kibana.yml
grep -v "^#" kibana.yml | grep -v "^$"
./kibana
vim /etc/sysconfig/iptables
grep 5601 /etc/sysconfig/iptables
/etc/init.d/iptables reload
iptables -L -nv | grep 5601
rpm -ivh logstash-2.1.1-1.noarch.rpm
/opt/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'
cat logstash-simple.conf
time /opt/logstash/bin/logstash -f logstash-simple.conf --configtest
/opt/logstash/bin/logstash -f logstash-simple.conf
cat logstash-es-simple.conf
/opt/logstash/bin/logstash -f logstash-es-simple.conf
curl 'http://localhost:9200/_search?pretty'
cat logstash-file-es-simple.conf
/opt/logstash/bin/logstash -f logstash-file-es-simple.conf
原文地址