mac安装elk日志三件套

1.下载logstash-2.0.0.tar.gz解压
https://download.elastic.co/logstash/logstash/logstash-2.0.0.tar.gz 
解压到目录/Users/kangzz/software/elk/logstash-2.0.0 
tar xzvf logstash-2.0.0.tar.gz
2.添加2个配置文件 
1). 添加logstash.conf(采集日志输出到redis中) 
在bin目录中添加logstash.conf
input{
        file{   #path要采集日志路径
                type => "crm_order"
                path => ["/Users/kangzz/Pro/logs/crm_order/*"]
                start_position => "beginning"
        }
        file{
                type => "crm_page"
                path => ["/Users/kangzz/Pro/logs/crm_page/*"]
                start_position => "beginning"
        }
}
filter {
        grok {  #配匹字段message中的内容被筛选。(以下是标准正规表达式)
                match => { "message" => "" }
        }
}
output{
        redis{  #以下是redis安装地址
                host => "10.30.56.91"
                port => 6379
                data_type => "list" #接收数据以列表形式
                key => "logstash_redis" #队列的名称
        }
}
2)添加logstashIndex.conf(从redis队列中取数据放入elasticsearch) 
在bin目录中添加logstashIndex.conf
input {
        redis{
                host => "10.30.56.91"
                port => 6379
                data_type => "list"
                key => "logstash_redis" #与logstash.conf中redis相同
                type => "redis-input"
        }
}
output {
        elasticsearch {
                hosts => "127.0.0.1" #该elasticsearch就部署在本机
        }
}
3.运行logstash
cd /Users/kangzz/software/elk/logstash-2.0.0/bin/

1)启动第一个进程
./logstash agent -f logstash.conf -l /Users/kangzz/Pro/logs/logstash/stdou.log &
2)启动第二个进程
./logstash agent -f logstashIndex.conf -l /Users/kangzz/Pro/logs/logstash/stdouIndex.log &
三、 elasticsearch
elasticsearch是基于lucene的开源搜索引擎，近年来发展比较快，主要的特点有
• real time 
• distributed 
• high availability 
• document oriented 
• schema free 
• restful api
1.下载logstash-2.0.0.tar.gz解压
https://download.elasticsearch.org/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.0.0/elasticsearch-2.0.0.tar.gz
解压到目录/Users/kangzz/software/elk/elasticsearch-2.0.0
tar xzvf elasticsearch -2.0.0.tar.gz
2.安装head插件
cd /Users/kangzz/software/elk/elasticsearch-2.0.0/bin
./plugin install mobz/elasticsearch-head

查看页面
http://localhost:9200/_plugin/head/
3.启动elasticsearch
cd /Users/kangzz/software/elk/elasticsearch-2.0.0/bin
./elasticsearch &
测试安装
curl -X GET http://localhost:9200/ [root@10.11.5.211 bin]# curl -X GET http://localhost:9200/ {
  "name"
: "Piper",
  "cluster_name"
: "elasticsearch",
  "version"
: {
    "number"
: "2.0.0",
    "build_hash"
: "de54438d6af8f9340d50c5c786151783ce7d6be5",
    "build_timestamp"
: "2016-09-22T08:09:48Z",
    "build_snapshot"
: false,
    "lucene_version"
: "5.2.1"
  },
  "tagline"
: "You Know, for Search"
}
测试成功
四、 kibana
Kibana是一个基于浏览器页面的Elasticsearch前端展示工具。Kibana全部使用HTML语言和JavaScript编写的
1.下载kibana-4.2.0-darwin-x64.tar.gz解压
https://www.elastic.co/downloads/past-releases/kibana-4-2.0

https://download.elastic.co/kibana/kibana/kibana-4.2.0-darwin-x64.tar.gz
解压到目录/Users/kangzz/software/elk/elasticsearch-2.0.0
tar xzvf kibana-4.2.0-darwin-x64.tar.gz

2.修改配置文件
修改config目录下kibana.yml文件内容 
elasticsearch服务地址
elasticsearch.url: "http://localhost:9200"

3.启动kibana
./kibana &

查看页面 http://localhost:5601