目录
修改elasticsearch.yml文件
- network.host: 127.0.0.1
- http.port: 9200
- http.cors.enabled: true
- http.cors.allow-origin: "*"
- ingest.geoip.downloader.enabled: false
启动:双击elasticsearch.bat
首次启动控制台会出现账号密码:
将账号密码保存到elasticsearch.yml中,防止以后忘记(个人习惯)
修改logstash.yml
- xpack.monitoring.enabled: true
- xpack.monitoring.elasticsearch.username: elastic
- xpack.monitoring.elasticsearch.password: N0A+xc1-vUvLf+_3s25J
- #xpack.monitoring.elasticsearch.proxy: ["http://proxy:port"]
- xpack.monitoring.elasticsearch.hosts: ["https://127.0.0.1:9200"]
- # an alternative to hosts + username/password settings is to use cloud_id/cloud_auth
- #xpack.monitoring.elasticsearch.cloud_id: monitoring_cluster_id:xxxxxxxxxx
- #xpack.monitoring.elasticsearch.cloud_auth: logstash_system:password
- # another authentication alternative is to use an Elasticsearch API key
- #xpack.monitoring.elasticsearch.api_key: "id:api_key"
- xpack.monitoring.elasticsearch.ssl.certificate_authority: "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
- #xpack.monitoring.elasticsearch.ssl.truststore.path: path/to/file
- #xpack.monitoring.elasticsearch.ssl.truststore.password: password
- #xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
- #xpack.monitoring.elasticsearch.ssl.keystore.password: password
- xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
- xpack.monitoring.elasticsearch.sniffing: false
在文件夹下E:\elk\logstash-8.3.2\config下新建配置文件logstash.conf
logstash.conf内容如下:(这里我们采用本地access.log文件作为数据源,第七步讲采用远程数据源)
- # logstash.conf 日志捕获从指定路径的 access.log 文件中获得
- # 输出到 es 的 "access-%{+YYYY.MM.dd}" 索引中,索引不存在则自动创建
- # 同时考虑到是 https 访问,需要配置 ssl
-
-
- input {
-
- file {
-
- type => "nginx_access"
-
- path => "E:/elk/logstash-8.3.2/logs/access.log"
-
- }
-
- }
-
- output {
-
- elasticsearch {
-
- hosts => ["https://127.0.0.1:9200"]
-
- index => "access-%{+YYYY.MM.dd}"
-
- user => "elastic"
-
- password => "N0A+xc1-vUvLf+_3s25J"
-
- ssl => true
-
- ssl_certificate_verification => true
-
- cacert => "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
- }
-
- stdout {
-
- codec => json_lines
-
- }
-
- }
启动logstash:打开cmd窗口cd到logstash的bin目录下执行命令:
logstash -f ./config/logstash.conf
为kibana单独创建一个elasticsearch账户(不能用elastic初始账户)
在此处打开PowerShell窗口:执行
./elasticsearch-reset-password -u kibana_system
(记录下这个账号和密码,接下来的配置要用到)
修改kibana.yml文件
- server.port: 5601
-
- server.host: "localhost"
- server.maxPayload: 1048576
-
- # The Kibana server's name. This is used for display purposes.
- server.name: "kibaba-host"
-
- elasticsearch.hosts: ["https://127.0.0.1:9200"]
-
- elasticsearch.username: "kibana_system"
- elasticsearch.password: "N0A+xc1-vUvLf+_3s25J"
-
- elasticsearch.pingTimeout: 1500
-
- elasticsearch.requestTimeout: 30000
-
- elasticsearch.ssl.certificateAuthorities: [ "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt" ]
-
- elasticsearch.ssl.verificationMode: certificate
启动:双击kibana.bat
依赖
- <dependency>
- <groupId>net.logstash.logbackgroupId>
- <artifactId>logstash-logback-encoderartifactId>
- <version>7.2version>
- dependency>
resources文件夹下新建配置文件logback-spring-dev.xml,内容如下
- <configuration>
- <include resource="org/springframework/boot/logging/logback/base.xml"/>
- <appender name="LOGSTASH2FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <append>trueappend>
- <file>E:\elk\logstash-8.3.2\logs\access.logfile>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>E:\elk\logstash-8.3.2\logs\access.%d{yyyyMMdd}.logfileNamePattern>
- rollingPolicy>
- <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
- appender>
- <root level="INFO">
- <appender-ref ref="LOGSTASH2FILE"/>
- root>
- configuration>
在application-dev.xml中配置
- logging:
- config: classpath:logback-spring-dev.xml
使用application的dev环境
启动项目:
此时发现了access.log有数据了
修改logstash.conf文件,添加了tcp的输入方式,另外为了区分之前的access.log数据源,修改elasticsearch的索引名称为springboot
- # logstash.conf 日志捕获从指定路径的 access.log 文件中获得
- # 输出到 es 的 "access-%{+YYYY.MM.dd}" 索引中,索引不存在则自动创建
- # 同时考虑到是 https 访问,需要配置 ssl
-
-
- input {
- # 输入方式一配置:暴露给远程TCP输入
- tcp{
- mode => "server"
- host => "127.0.0.1"
- port => 9061
- codec => json_lines
- }
- # 输入方式二配置:读取本地文件输入
- file {
- type => "nginx_access"
- path => "E:/elk/logstash-8.3.2/logs/access.log"
- }
-
- }
- # 输出配置:Elasticsearch相关配置
- output {
-
- elasticsearch {
-
- hosts => ["https://127.0.0.1:9200"]
-
- index => "springboot-%{+YYYY.MM.dd}"
-
- user => "elastic"
-
- password => "N0A+xc1-vUvLf+_3s25J"
-
- ssl => true
-
- ssl_certificate_verification => true
-
- cacert => "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
- }
-
- stdout {
-
- codec => json_lines
-
- }
-
- }
修改springboot项目的logback-spring-dev.xml文件
- <configuration>
- <include resource="org/springframework/boot/logging/logback/base.xml"/>
-
- <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
-
- <destination>127.0.0.1:9061destination>
- <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
- appender>
-
-
-
-
-
-
-
-
- <root level="INFO">
- <appender-ref ref="LOGSTASH"/>
- <appender-ref ref="CONSOLE"/>
-
- root>
- configuration>
重启Elasticsearch 、 Logstash、Kibana、SpringBoot;注意启动顺序 。