apt-get update
apt-get upgrade
2, install elasticsearch-1.4.4
wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.4.deb
dpkg -i elasticsearch-1.4.4.deb
3, install logstash_1.4.2
3, install logstash_1.4.2
dpkg -i logstash_1.4.2-1-2c0f5a1_all.deb
Create conf file:
vim /etc/logstash/conf.d/test.conf
4, install kibana-4.0.1
wget https://download.elasticsearch.org/kibana/kibana/kibana-4.0.1-linux-x64.tar.gz
Create conf file:
vim /etc/logstash/conf.d/test.conf
input {
file {
type => "tomcat_access"
path => [ "/home/ubuntu/elk/samplelogs/*.log" ]
start_position => "beginning"
}
}
filter {
if [type] == "tomcat_access" {
grok{
patterns_dir => "./patterns"
match => [ "message", '%{IPORHOST:client} %{DATA} %{DATA:user} \[%{DATA:timestamp} %{ISO8601_TIMEZONE:timezone}\] \"%{WORD:method} %{URIPATH:uri_path}(%{URIPARAM:params}|) %{DATA:protocol}\" %{NUMBER:code} (%{NUMBER:bytes}|%{DATA}) %{NUMBER:time_taken}' ]
overwrite => [ "message" ]
}
date {
locale => "en"
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss" ]
timezone => "UTC"
target => "logTimestamp"
}
mutate {
convert => [ "code", "integer" ]
convert => [ "time_taken", "integer" ]
}
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
host => "localhost"
protocol => "http"
port => "9200"
node_name => "elk-test"
}
}
4, install kibana-4.0.1
wget https://download.elasticsearch.org/kibana/kibana/kibana-4.0.1-linux-x64.tar.gz
tar zxvf kibana-4.0.1-linux-x64.tar.gz
mv kibana-4.0.1-linux-x64 /opt/
5, Add kibana into startup service
6, run services:
/etc/init.d/elasticsearch start
/etc/init.d/logstash start
/etc/init.d/kibana4 start
7, access kibana
http://x.x.x.x:5601/
If you cannot open this page, try to open the port 5601 from your firewall.
No comments:
Post a Comment