安装elasticsearch
brew install elasticsearch
elasticsearch --version
brew install brew-cask
brew update
brew cask install caskroom/versions/java7
java -version
brew services start elasticsearch
brew services stop elasticsearch
安装logstash
brew install logstash
logstash --version
安装kibana
- 直接下载安装包 加压执行
- 下载页面:
https://www.elastic.co/downloads/kibana
- mac包下载地址:
https://artifacts.elastic.co/downloads/kibana/kibana-5.4.3-darwin-x86_64.tar.gz
- 配置
vi config/kibana.yml
/elasticsearch.url://找到 这行取消注释,如果地址不同可以修改 这里是默认elasticsearch地址
./kibana
配置logstash
input {
file {
path => "/usr/local/var/logs/access.log"
start_position => beginning
ignore_older => 0
sincedb_path => "/dev/null"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
}
}
output {
elasticsearch {
}
stdout {}
}
- `path`换成自己日志路径地址
- `start_position` 起始位置
- `ignore_older` 0不忽略旧日志 ,默认忽略就日志 从今天开始
- `sincedb_path` 是否让logstash记住上次处理位置,如果忽略则从头处理
logstash -f ./conf/test.conf
- 通过后台查看
http://localhost:5601