端口
Elasticsearch 9200, 9300
elasticsearch-head 9100
kibana 5601
filebeat
logstash 5044, 9600
elasticSearch
配置檔案
elasticsearch.yml
# 開啟跨域通路支援,預設為false http.cors.enabled: true # 跨域通路允許的域名位址,(允許所有域名)以上使用正則 http.cors.allow-origin: "*"
kibana
配置檔案 kibana.yml
i18n.locale: "zh-CN"
logstash
啟動指令配置檔案
logstash.bat -f ../config/logstash.conf
logstash.conf
input { stdin {} file { path => "D:/logs/aaaa.log" start_position => "beginning" } beats { port => "5044" client_inactivity_timeout => 3000 } } filter { if "aaaaa" in [message] { grok { // 比對規則 match => { "message" => "%{TIMESTAMP_ISO8601:logTime}" } // 添加字段 add_field => [ "aaaaaaaaaaaaa", "input" ] // 删除字段 remove_field => ["message"] } } else if "bbbbb" in [message] { grok { match => { "message" => "%{TIMESTAMP_ISO8601:logTime}" } } } } output { stdout { codec => "json" } elasticsearch { hosts => ["localhost:9200"] index => "aaa_log_%{+YYYY.MM.dd}" } }
filebeat
啟動指令配置檔案
filebeat -e -c filebeat.yml
filebeat.yml
- type: log enabled: true # 是否啟用 paths: # - /var/log/*.log - D:\logs\aaa.log # 讀取檔案位置 output.logstash: hosts: ["localhost:5044"] # 輸出檔案位置, 此處指輸出到logstash的5044端口
插件
elasticsearch-head 是一個用于管理Elasticsearch的web前端插件,運作環境準備NodeJS, 需先配置 es 允許跨域