ElasticSearch 6.x 学习笔记:elasticsearch+logstash+kibana 6.1.1

2022-05-06 19:26:13 浏览数 (1)

1、下载

https://www.elastic.co/downloads/past-releases/logstash-6-1-1

代码语言:javascript复制
[es@node1 ~]$ tar -zxvf logstash-6.1.1.tar.gz
代码语言:javascript复制
[es@node1 ~]$ cd logstash-6.1.1
[es@node1 logstash-6.1.1]$ ls
bin     CONTRIBUTORS  Gemfile       lib      logstash-core             modules     tools
config  data          Gemfile.lock  LICENSE  logstash-core-plugin-api  NOTICE.TXT  vendor
[es@node1 logstash-6.1.1]$

2、快速入门例子

https://www.elastic.co/guide/en/logstash/6.x/index.html

代码语言:javascript复制
[es@node1 logstash-6.1.1]$ bin/logstash -e 'input { stdin { } } output { stdout {} }'
Sending Logstash's logs to /home/es/logstash-6.1.1/logs which is now configured via log4j2.properties
[2018-03-31T00:11:53,157][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/home/es/logstash-6.1.1/modules/fb_apache/configuration"}
[2018-03-31T00:11:53,198][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/home/es/logstash-6.1.1/modules/netflow/configuration"}
[2018-03-31T00:11:53,383][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/home/es/logstash-6.1.1/data/queue"}
[2018-03-31T00:11:53,388][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/home/es/logstash-6.1.1/data/dead_letter_queue"}
[2018-03-31T00:11:54,199][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-03-31T00:11:54,305][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"6614aafd-2e89-47a2-bce4-c2e04e460644", :path=>"/home/es/logstash-6.1.1/data/uuid"}
[2018-03-31T00:11:56,129][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.1.1"}
[2018-03-31T00:11:57,182][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2018-03-31T00:11:59,874][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250, :thread=>"#<Thread:0x24296acb run>"}
[2018-03-31T00:12:00,045][INFO ][logstash.pipeline        ] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2018-03-31T00:12:00,267][INFO ][logstash.agent           ] Pipelines running {:count=>1, :pipelines=>["main"]}
代码语言:javascript复制
hello
2018-03-31T04:12:31.435Z node1 hello
代码语言:javascript复制
   -e          执行操作
   input       标准输入
   { input }   插件
   output      标准输出
   { stdout }  插件  

3、配置文件

代码语言:javascript复制
[es@node1 logstash-6.1.1]$ cd config/
[es@node1 config]$ ls
jvm.options  log4j2.properties  logstash.yml  pipelines.yml  startup.options
[es@node1 config]$ vi logstash.yml

文件末尾添加

代码语言:javascript复制
path.data: /var/data/logstash
path.config: /home/es/logstash-6.1.1/config/*.conf
path.logs: /var/log/logstash

创建目录

代码语言:javascript复制
[es@node1 config]$ sudo mkdir /var/data/logstash
[sudo] password for es: 
[es@node1 config]$ sudo chown -R es:es /var/data/logstash
[es@node1 config]$ sudo mkdir /var/log/logstash
[es@node1 config]$ sudo chown -R es:es /var/log/logstash
[es@node1 config]$

4、综合例子

(1)启动ES

代码语言:javascript复制
[es@node1 elasticsearch-6.1.1]$ bin/elasticsearch -d
[es@node1 elasticsearch-6.1.1]$ jps
2371 Elasticsearch
2376 Jps

(2)编辑配置文件

代码语言:javascript复制
[es@node1 config]$ vi test.conf
[es@node1 config]$ cat test.conf 
input{
   stdin{}
}
filter {
}
output{
    stdout{
      codec => rubydebug
    }
    elasticsearch {
      hosts => "node1:9200"
      index => "log-%{ YYYY.MM.dd}"
    }
}

(3)运行

代码语言:javascript复制
[es@node1 logstash-6.1.1]$ bin/logstash -f config/test.conf
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
[2018-03-31T00:27:34,512][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/home/es/logstash-6.1.1/modules/fb_apache/configuration"}
[2018-03-31T00:27:34,553][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/home/es/logstash-6.1.1/modules/netflow/configuration"}
[2018-03-31T00:27:34,719][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/var/data/logstash/queue"}
[2018-03-31T00:27:34,744][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/var/data/logstash/dead_letter_queue"}
[2018-03-31T00:27:35,548][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-03-31T00:27:35,759][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"c51f4a1a-61f2-4b08-8a9c-c716199a1b7d", :path=>"/var/data/logstash/uuid"}
[2018-03-31T00:27:36,791][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.1.1"}
[2018-03-31T00:27:38,147][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2018-03-31T00:27:44,300][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://node1:9200/]}}
[2018-03-31T00:27:44,335][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://node1:9200/, :path=>"/"}
[2018-03-31T00:27:47,267][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://node1:9200/"}
[2018-03-31T00:27:47,610][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>nil}
[2018-03-31T00:27:47,615][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>6}
[2018-03-31T00:27:47,652][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-03-31T00:27:47,826][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-03-31T00:27:48,044][INFO ][logstash.outputs.elasticsearch] Installing elasticsearch template to _template/logstash
[2018-03-31T00:27:48,304][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//node1:9200"]}
[2018-03-31T00:27:48,364][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250, :thread=>"#<Thread:0xb1a4d7c run>"}
[2018-03-31T00:27:48,624][INFO ][logstash.pipeline        ] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2018-03-31T00:27:48,908][INFO ][logstash.agent           ] Pipelines running {:count=>1, :pipelines=>["main"]}

(4)输入测试

代码语言:javascript复制
hello
{
       "message" => "hello",
      "@version" => "1",
          "host" => "node1",
    "@timestamp" => 2018-03-31T04:28:08.951Z
}

(5)启动kibana

代码语言:javascript复制
[es@node1 kibana-6.1.1-linux-x86_64]$ bin/kibana &
[1] 2497
[es@node1 kibana-6.1.1-linux-x86_64]$   log   [04:30:30.037] [info][status][plugin:kibana@6.1.1] Status changed from uninitialized to green - Ready
  log   [04:30:30.177] [info][status][plugin:elasticsearch@6.1.1] Status changed from uninitialized to yellow - Waiting for Elasticsearch
  log   [04:30:30.220] [info][status][plugin:console@6.1.1] Status changed from uninitialized to green - Ready
  log   [04:30:30.281] [info][status][plugin:metrics@6.1.1] Status changed from uninitialized to green - Ready
  log   [04:30:31.231] [info][status][plugin:timelion@6.1.1] Status changed from uninitialized to green - Ready
  log   [04:30:31.265] [info][listening] Server running at http://node1:5601
  log   [04:30:31.284] [info][status][plugin:elasticsearch@6.1.1] Status changed from yellow to green - Ready

(6)kibana查询

代码语言:javascript复制
GET /log-2018.03.31/_search
代码语言:javascript复制
{
  "took": 183,
  "timed_out": false,
  "_shards": {
    "total": 5,
    "successful": 5,
    "skipped": 0,
    "failed": 0
  },
  "hits": {
    "total": 1,
    "max_score": 1,
    "hits": [
      {
        "_index": "log-2018.03.31",
        "_type": "doc",
        "_id": "AQ1QemIBrpzkDC_bEMun",
        "_score": 1,
        "_source": {
          "message": "hello",
          "@version": "1",
          "host": "node1",
          "@timestamp": "2018-03-31T04:28:08.951Z"
        }
      }
    ]
  }
}

0 人点赞