标签:使用 index NPU 配置文件 path kibana 分享图片 日志分析 cto
序号2 172.18.146.160 elasticsearch
Elasticsearch配置部分
172.18.146.160
vi /etc/security/limits.conf
??????? hard??? nofile?????????? 65536
??????? soft??? nofile?????????? 65536
添加用户
useradd es
mkdir –p /workspace/app/elasticsearch-6.4.0/
tar xvfz /tmp/ elasticsearch-6.4.0.tar.gz –C /workspace/app/elasticsearch-6.4.0/
path.data: /workspace/data/elasticsearch
path.logs: /workspace/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
Kibana配置部分
/workspace/app/kibana-6.4.0/config/kibana.yml
server.host: "0.0.0.0"
elasticsearch.url: "http://172.18.146.160:9200"
kibana.index: ".kibana"
启动服务:
nohup kibana &
logstash配置部分
配置文件存放路径:/workspace/app/logstash-6.4.0/config/conf.d/
/workspace/app/logstash-6.4.0/config/conf.d/sync.conf
input {
file {
path => "/workspace/data/webapps/witc-sync-web/witc-sync-web.log"
type => "witc-sync-web01"
start_position => "beginning"
}
}
filter {
multiline {
pattern => "^%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+))."
negate => true
what => "previous"
}
grok {
match => [ "^%{TIMESTAMP_ISO8601:time}\s+(?<Level>(\S+)).","message" ]
}
}
output {
elasticsearch {
hosts => ["172.18.146.160:9200"]
index => "witc-sync-web01-%{+YYYY.MM.dd}"
}
}
mkdir /workspace/data/logstash/witc-sync-web
启动服务:
nohup logstash -f /workspace/app/logstash-6.4.0/config/conf.d/ sync.conf --path.data=/workspace/data/logstash/witc-sync-web &
停止服务:
杀进程
kibana使用
标签:使用 index NPU 配置文件 path kibana 分享图片 日志分析 cto
原文地址:http://blog.51cto.com/zjunzz/2298943
