logstash+elasticsearch+kibana管理日誌（安裝）

logstash
1.先安裝jdk
2.wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz
tar -xzvf logstash-2.4.0.tar.gz
cp -r logstash-2.4.0/ ../install/
進入install的logstash-2.4.0/bin目錄
新建logstash.conf配置文件
input{
file{
type=>"nginx"
path=>["/software/installed/nginx/logs/access.log"]
}
}
output{
stdout { codec => rubydebug }
elasticsearch{
hosts => ["localhost:9200"]
}
}
3.安裝elasticsearch_http插件
在logstash-2.4.0/bin目錄
./logstash-plugin install logstash-output-elasticsearch_http

4安裝elasticsearch
/software/download
wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.1/elasticsearch-2.4.1.tar.gz
解壓
cp -r elasticsearch-2.4.1 ../installed/
cd ../installed/elasticsearch-2.4.1/
啓動elasticsearch
運行 bin/elasticsearch -d（注意不要使用root用戶）默認 9200端口
curl http://localhost:9200
響應結果
{
"name" : "Tarot",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "EAjk35XHRxOS4y04kTtf7g",
"version" : {
"number" : "2.4.1",
"build_hash" : "c67dc32e24162035d18d6fe1e952c4cbcbe79d16",
"build_timestamp" : "2016-09-27T18:57:55Z",
"build_snapshot" : false,
"lucene_version" : "5.5.2"
},
"tagline" : "You Know, for Search"
}
表示運行正常

5 啓動logstash
cd logstash-2.4.0/bin
./logstash -f logstash.conf

6.安裝 kibana
/software/download
wget https://download.elastic.co/kibana/kibana/kibana-4.6.1-linux-x86_64.tar.gz
解壓
cp -r kibana-4.6.1-linux-x86_64 ../installed/
進入到 installed/kibana-4.6.1-linux-x86_64下
vi config/kibana.yml
將 elasticsearch.url: "http://localhost:9200" 前的註釋去掉
運行 ./bin/kibana 啓動成功，默認5601端口

7.配置iptables 讓5601端口能夠外網訪問

8訪問
經過 http://192.168.1.125:5601/ 進行訪問
配置索引模型
經過 Logstash 導入 Elasticsearch 的數據。默認 logstash-*
選擇一個包含了時間戳的索引字段，能夠用來作基於時間的處理