标签:elasticsearch;logstash;kibana
yum install java-1.8.0-openjdk
yum install elasticsearch-2.1.0.rpm
systemctl start elasticsearch
rpm -qc elasticsearch
tar -zxvf kibana-5.0.0-snapshot-linux-x64.tar.gz
mv kibana-5.0.0-snapshot-linux-x64 kibana
cp -R kibana /opt/
vi /etc/systemd/system/kibana.service
[Service]
ExecStart=/opt/kibana/bin/kibana
[Install]
WantedBy=multi-user.target
systemctl start kibana
yum install logstash-2.1.0-1.noarch.rpm
cd /etc/pki/tls
openssl req -config /etc/pki/tls/openssl.cnf -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out certs/logstash-forwarder.crt
vi /etc/logstash/conf.d/01-logstash-initial.conf
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}
systemctl start logstash
centos7安装配置ELK(Elasticsearch+Logstash+Kibana)
标签:elasticsearch;logstash;kibana
原文地址:http://guowang327.blog.51cto.com/6513732/1718601
