Introduction to elk
-
Elasticsearch is an open source distributed search engine. Its features are: distributed, zero configuration, automatic discovery, index automatic sharding, index replication mechanism, restful style interface, multiple data sources, automatic search load, etc.
-
Logstash is a completely open source tool that can collect, filter, and store your logs for later use (eg, search).
-
Kibana is also an open source and free tool, which Kibana can provide Logstash and ElasticSearch with a friendly web interface for log analysis, which can help you aggregate, analyze and search important data logs.
elk download and install
elk download address: https://www.elastic.co/downloads/
It is recommended to run on linux, elk does not support well on windows, and needs jdk1.8 support, jdk needs to be installed in advance.
After downloading: Install, use logstash as the chestnut:
cd /usr/local/ mkdir logstash tar -zxvf logstash-5.3.2.tar.gz mv logstash-5.3.2 /usr/local/logstashConfigure and start Elasticsearch
Open the Elasticsearch configuration file:
vim config/elasticsearch.ymlChange setting:
network.host=localhost network.port=9200It is this configuration by default, there are no special requirements, and there is no need to modify it locally.
Start Elasticsearch
./bin/elasticsearchThe startup is successful, visit localhost:9200, the webpage displays:
{ "name" : "56IrTCM", "cluster_name" : "elasticsearch", "cluster_uuid" : "e4ja7vS2TIKI1BsggEAa6Q", "version" : { "number" : "5.2.2", "build_hash" : "f9d9b74", "build_date" : "2017-02-24T17:26:45.835Z", "build_snapshot" : false, "lucene_version" : "6.4.1" }, "tagline" : "You Know, for Search" }Configure and start logstash
In the home directory of logstash:
vim config/log4j_to_es.confModify log4j_to_es.conf as follows:
input { log4j { mode => "server" host => "localhost" port => 4560 } } filter { #Only matched data are send to output. } output { elasticsearch { action => "index" #The operation on ES hosts => "localhost:9200" #ElasticSearch host, can be array. index => "applog" #The index to write data to. } }Start after modifying the configuration:
./bin/logstash -f config/log4j_to_es.confThe terminal displays the following:
-
Visit localhost:9600
-
{"host":"Pc-20130412.local","version":"5.3.2","http_address":"127.0.0.1:9600","id":"e6bb985c-c688-49a4- a55b-4d362bb4136f","name":"Pc-20130412.local","build_date": "2017-04-24T16:32:22Z","build_sha":"242159a5eea55fe213fe5c8 52d36455e24252c82","build_snapshot":false}Prove that logstash started successfully.
