• window安装ELK


    目录

    1.下载免安装包并解压:

    2.安装和启动Elasticsearch

    3.安装和启动Logstash 

    4.安装和启动kibana 

    5.SpringBoot推送日志

     6.操作kibana

    7.远程数据源输入


    1.下载免安装包并解压:

    下载 Elastic 产品 | Elastic免费下载 Elasticsearch、Logstash、Kibana 和 Beats,分分钟上手使用 Elastic APM、Elastic App Search、Elastic Workplace Search 等服务。https://www.elastic.co/cn/downloads/

     

    2.安装和启动Elasticsearch

    修改elasticsearch.yml文件

      

    1. network.host: 127.0.0.1
    2. http.port: 9200
    3. http.cors.enabled: true
    4. http.cors.allow-origin: "*"
    5. ingest.geoip.downloader.enabled: false

    启动:双击elasticsearch.bat

     首次启动控制台会出现账号密码:

     将账号密码保存到elasticsearch.yml中,防止以后忘记(个人习惯

    访问: https://localhost:9200/

     

     

    3.安装和启动Logstash 

    修改logstash.yml

    1. xpack.monitoring.enabled: true
    2. xpack.monitoring.elasticsearch.username: elastic
    3. xpack.monitoring.elasticsearch.password: N0A+xc1-vUvLf+_3s25J
    4. #xpack.monitoring.elasticsearch.proxy: ["http://proxy:port"]
    5. xpack.monitoring.elasticsearch.hosts: ["https://127.0.0.1:9200"]
    6. # an alternative to hosts + username/password settings is to use cloud_id/cloud_auth
    7. #xpack.monitoring.elasticsearch.cloud_id: monitoring_cluster_id:xxxxxxxxxx
    8. #xpack.monitoring.elasticsearch.cloud_auth: logstash_system:password
    9. # another authentication alternative is to use an Elasticsearch API key
    10. #xpack.monitoring.elasticsearch.api_key: "id:api_key"
    11. xpack.monitoring.elasticsearch.ssl.certificate_authority: "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
    12. #xpack.monitoring.elasticsearch.ssl.truststore.path: path/to/file
    13. #xpack.monitoring.elasticsearch.ssl.truststore.password: password
    14. #xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
    15. #xpack.monitoring.elasticsearch.ssl.keystore.password: password
    16. xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
    17. xpack.monitoring.elasticsearch.sniffing: false

    在文件夹下E:\elk\logstash-8.3.2\config下新建配置文件logstash.conf

     logstash.conf内容如下:(这里我们采用本地access.log文件作为数据源,第七步讲采用远程数据源

    1. # logstash.conf 日志捕获从指定路径的 access.log 文件中获得
    2. # 输出到 es 的 "access-%{+YYYY.MM.dd}" 索引中,索引不存在则自动创建
    3. # 同时考虑到是 https 访问,需要配置 ssl
    4. input {
    5. file {
    6. type => "nginx_access"
    7. path => "E:/elk/logstash-8.3.2/logs/access.log"
    8. }
    9. }
    10. output {
    11. elasticsearch {
    12. hosts => ["https://127.0.0.1:9200"]
    13. index => "access-%{+YYYY.MM.dd}"
    14. user => "elastic"
    15. password => "N0A+xc1-vUvLf+_3s25J"
    16. ssl => true
    17. ssl_certificate_verification => true
    18. cacert => "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
    19. }
    20. stdout {
    21. codec => json_lines
    22. }
    23. }

    启动logstash:打开cmd窗口cd到logstash的bin目录下执行命令:

    logstash -f ./config/logstash.conf

    4.安装和启动kibana 

    为kibana单独创建一个elasticsearch账户(不能用elastic初始账户)

     在此处打开PowerShell窗口:执行

     ./elasticsearch-reset-password -u kibana_system

    (记录下这个账号和密码,接下来的配置要用到) 

    修改kibana.yml文件

    1. server.port: 5601
    2. server.host: "localhost"
    3. server.maxPayload: 1048576
    4. # The Kibana server's name. This is used for display purposes.
    5. server.name: "kibaba-host"
    6. elasticsearch.hosts: ["https://127.0.0.1:9200"]
    7. elasticsearch.username: "kibana_system"
    8. elasticsearch.password: "N0A+xc1-vUvLf+_3s25J"
    9. elasticsearch.pingTimeout: 1500
    10. elasticsearch.requestTimeout: 30000
    11. elasticsearch.ssl.certificateAuthorities: [ "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt" ]
    12. elasticsearch.ssl.verificationMode: certificate

    启动:双击kibana.bat

    访问:http://localhost:5601/

     

    5.SpringBoot推送日志

    依赖

    1. <dependency>
    2. <groupId>net.logstash.logbackgroupId>
    3. <artifactId>logstash-logback-encoderartifactId>
    4. <version>7.2version>
    5. dependency>

    resources文件夹下新建配置文件logback-spring-dev.xml,内容如下

    1. <configuration>
    2. <include resource="org/springframework/boot/logging/logback/base.xml"/>
    3. <appender name="LOGSTASH2FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
    4. <append>trueappend>
    5. <file>E:\elk\logstash-8.3.2\logs\access.logfile>
    6. <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
    7. <fileNamePattern>E:\elk\logstash-8.3.2\logs\access.%d{yyyyMMdd}.logfileNamePattern>
    8. rollingPolicy>
    9. <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
    10. appender>
    11. <root level="INFO">
    12. <appender-ref ref="LOGSTASH2FILE"/>
    13. root>
    14. configuration>

    在application-dev.xml中配置

    1. logging:
    2. config: classpath:logback-spring-dev.xml

     使用application的dev环境

     启动项目:

    此时发现了access.log有数据了

     6.操作kibana

    7.远程数据源输入

    修改logstash.conf文件,添加了tcp的输入方式,另外为了区分之前的access.log数据源,修改elasticsearch的索引名称为springboot

    1. # logstash.conf 日志捕获从指定路径的 access.log 文件中获得
    2. # 输出到 es 的 "access-%{+YYYY.MM.dd}" 索引中,索引不存在则自动创建
    3. # 同时考虑到是 https 访问,需要配置 ssl
    4. input {
    5. # 输入方式一配置:暴露给远程TCP输入
    6. tcp{
    7. mode => "server"
    8. host => "127.0.0.1"
    9. port => 9061
    10. codec => json_lines
    11. }
    12. # 输入方式二配置:读取本地文件输入
    13. file {
    14. type => "nginx_access"
    15. path => "E:/elk/logstash-8.3.2/logs/access.log"
    16. }
    17. }
    18. # 输出配置:Elasticsearch相关配置
    19. output {
    20. elasticsearch {
    21. hosts => ["https://127.0.0.1:9200"]
    22. index => "springboot-%{+YYYY.MM.dd}"
    23. user => "elastic"
    24. password => "N0A+xc1-vUvLf+_3s25J"
    25. ssl => true
    26. ssl_certificate_verification => true
    27. cacert => "E:/elk/elasticsearch-8.3.2/config/certs/http_ca.crt"
    28. }
    29. stdout {
    30. codec => json_lines
    31. }
    32. }

    修改springboot项目的logback-spring-dev.xml文件

    1. <configuration>
    2. <include resource="org/springframework/boot/logging/logback/base.xml"/>
    3. <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
    4. <destination>127.0.0.1:9061destination>
    5. <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
    6. appender>
    7. <root level="INFO">
    8. <appender-ref ref="LOGSTASH"/>
    9. <appender-ref ref="CONSOLE"/>
    10. root>
    11. configuration>

    重启Elasticsearch 、 Logstash、Kibana、SpringBoot;注意启动顺序 。

    进入:http://localhost:5601/

  • 相关阅读:
    Docker+K8s基础(重要知识点总结)
    IDEA中为Maven配置使用vpn工具连接的网络
    电动汽车安全概述
    typescript
    基于ubuntu20.04的 ros2(foxy版本)安装
    “圆”来如此——关于圆周率 π 的36 个有趣事实
    【甄选靶场】Vulnhub百个项目渗透——项目十六:FristiLeaks_1.3(文件上传,py脚本改写,sudo提权,脏牛提权,源码获取)
    (附源码)node.js华联招聘网站 毕业设计 011229
    使用VIA(VCC)制作coco数据集
    RocketMQ 详解系列
  • 原文地址:https://blog.csdn.net/wenxingchen/article/details/126027992