ELK日志分析系统搭建

搭建环境

win10

elasticsearch-5.5.1

kibana-5.5.1-windows-x86

logstash-5.5.1

启动Elasticsearch

Logstash：负责日志的收集，处理和储存

Elasticsearch：负责日志检索和分析

Kibana：负责日志的可视化

配置elasticsearch

启动 elasticsearch

bin/elasticsearch

elasticsearch 后台启动

bin/elasticsearch -d

配置logstash

修改配置文件

logstash-5.5.1\config新增加 配置文件 app.conf

# For detail structure of this file
# Set: https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html input {
# For detail config for log4j as input,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html file {
type => "app-log"
path => ["D:/web/frontend/runtime/logs/*.log"]
}
}
filter {
#Only matched data are send to output.
}
output {
# For detail config for elasticsearch as output,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html elasticsearch {
#  action => "index"          #The operation on ES
hosts  => "localhost:9200"   #ElasticSearch host, can be array.
index  => "applog"         #The index to write data to.
}
}

启动 logstash

logstash.bat -f E:\javaHome\elk\logstash-5.5.1\logstash-5.5.1/config/app.conf

配置 kibana

配置 kibana-5.5.1-windows-x86\config\kibana.yml

server.port: 5601
server.host: "localhost"
elasticsearch.url: "http://localhost:9200"

启动logstash

bin/kibana

正常启动就会看到上图了。