一、部署ElasticSearch
Elasticsearch部署参考下面文章:
CentOS7 部署单机版 elasticsearch-CSDN博客文章浏览阅读285次,点赞6次,收藏3次。ElasticSearch,用于检索、聚合分析和大数据存储https://blog.csdn.net/weixin_44295677/article/details/139174433?spm=1001.2014.3001.5501
二、部署Logstash
1、下载安装包
wget https://artifacts.elastic.co/downloads/logstash/logstash-8.13.4-linux-x86_64.tar.gz2、解压
tar -zxvf logstash-8.13.4-linux-x86_64.tar.gz -C /opt/
mv /opt/logstash-8.13.4 /opt/logstash3、修改配置文件
[root@localhost logstash]# cd /opt/logstash/
[root@localhost logstash]# mkdir -p /opt/logstash/config/conf.d/es.conf
[root@localhost logstash]# vi /opt/logstash/config/conf.d/es.conf
# 内容如下
input {
beats {
port => 5044
}
file {
path => "/opt/es/logs/test.log"
type => "system"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["https://192.168.140.156:9200"]
user => "elastic"
password => "password"
index => "index-test"
cacert => "/opt/es/config/certs/http_ca.crt"
}
stdout {
codec => rubydebug
}
}4、设置启动脚本
[root@localhost logstash]# vi /etc/systemd/system/logstash.service
# 内容如下
[Unit]
Description=Logstash service
After=network.target
[Service]
Type=simple
User=elastic
Group=elastic
ExecStart=/opt/logstash/bin/logstash -f /opt/logstash/config/conf.d/es.conf
Restart=always
[Install]
WantedBy=multi-user.target5、修改目录权限
[root@localhost logstash]# cd /opt
[root@localhost opt]# chown -R elastic: logstash/6、启动服务
[root@localhost opt]# systemctl daemon-reload
[root@localhost opt]# systemctl start logstash.service
[root@localhost opt]# systemctl enable logstash.service三、测试
1、往日志文件写入测试数据
[root@localhost opt]# echo "hello" > /opt/es/logs/test.log
[root@localhost opt]# echo "test" > /opt/es/logs/test.log
[root@localhost opt]# echo "test-es" > /opt/es/logs/test.log
[root@localhost opt]# echo "testes" > /opt/es/logs/test.log2、浏览器查看索引信息
[root@localhost opt]# curl -XGET https://localhost:9200/索引名/_search?pretty -u elastic:password -k | grep message
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2491 0 2491 0 0 24586 0 --:--:-- --:--:-- --:--:-- 24663
"message" : "hello"
"message" : "test"
"message" : "test-es"
"message" : "testes
