Get ElasticSearch + LogStash + Kibana + FileBeats
All products built by ELK are available on the elastic website for the latest release
Install the ElasticSearch
We first get the installation package into https://www.elastic.co/cn/downloads/elasticsearch
Artifacts. Elastic. Co/downloads/e…
After obtaining the installation package, the Windows environment needs to send the tar package to Linux by running the SCP command. For example: SCP C: / Users/Administrator/Downloads/elasticsearch 7.3.1 – Linux – x86_64. Tar. Gz [email protected]: / home/elk in Linux, Go to the installation package directory and run the tar -zxvf command to decompress the installation package. For example, run the tar -zxvf elasticSearch -7.3.1-linux-x86_64.tar.gz command to decompress elasticSearch
Start the ElasticSearch
Elasticserach cannot be started as user root. Therefore, you need to create a non-root user account for ElasticSearch. Elasticsearch: bin/elasticserach: default elasticsearch port 9200: http://elasticsearch :9200/ Elasticsearch is successfully started
Install the LogStash
For details about how to download and upload files to The Linux operating system based on Windows, see the preceding Linux operating system and run the following commands: 1. Perform wget artifacts. Elastic. Co/downloads/l… 2. Go to the logstash installation package directory and run the tar -zxvf logstash-7.4.0.tar.gz command
Configure and start the LogStash
1. Before enabling the logstash configuration file, create a logstash configuration file by referring to the config/logstash-sample.config file in the logstash directory (as shown in figure)
output {
if "100.100.100.101" in [host][ip] {
elasticsearch{
hosts => ["localhost:9200"]
index => "sample1"}}else if "100.100.100.102" in [host][ip] {
elasticsearch{
hosts => ["localhost:9200"]
index => "sample2"}}else {
elasticsearch{
hosts => ["localhost:9200"]
index => "other"}}}Copy the codeAfter the configuration is complete, start the logstash and run the bin/logstash -f config/logstash-elk.conf command
Install Kibana
Linux with reference to the following commands 1. Wget artifacts. The elastic. The co/downloads/k… 2. Go to the Kibana installation package directory and run the tar -zxvf kibana-7.4.0-linux-x86_64.tar.gz command
Configure and start Kibana
Run the config/kibana.yml command. 1. Set server.host to the actual address of the Linux server 2. Changed i18N. locale: “zh-cn” so that kibana interface will display Chinese 3. Return to the kibana home directory and run bin/kibana (note: Kibana cannot be started as user root either) 4. Open the browser and enter http://kibana address :5601. The following screen appears
Install FileBeats
Note: FileBeats need to install Linux on all need to send log server refer to the following commands 1. The wget artifacts. The elastic. The co/downloads/b… 2. The tar – ZXVF filebeat 7.4.0 – Linux – x86_64. Tar. Gz
Configure and start FileBeats
Go to the FileBeats installation directory and run the vi filebeat.yml 1 command. Modify the paths directory and enter the address of the server where FileBeats resides to collect logs, for example:
paths:
- /home/sample1/logs/log.*
- /home/sample2/logs/log.*
Copy the code2. Modify the output. Logstash file and enter the logstash deployment address as follows:
output.logstash:
hosts: ["100.100.100.101:5044"]
enabled: true
Copy the code3. Go to the fileBeats home directory and run./filebeat -e -c filebeat.yml
Kibana views log content
After installing the above Elk+FileBeats, the browser enters the interface of Kibana. Open the management – Index mode – Create index mode. The following interface is displayed:
6. At this point, the basic construction of ELK + FileBeats has been completed