Linux部署ELK 日志分析系统与简单测试(2)

日期：2020-06-17 栏目：程序人生浏览：次

PS：以下两种方式涉及kibana的web展示，所以在配置web输出后，需要进行的操作是creat动作，具体看kibana部署中的示例

2.shell端输入 web端展示

然后我们创建Logstash配置文件，并再次测试Logstash服务是否正常，预期可以将输入内容以结构化的日志形式打印在界面上（这里我们配置了Logstash作为索引器，将日志数据传送到elasticsearch中）

mkdir config
vim config/hello_search.conf

填写如下内容：

input { stdin { } } output { elasticsearch { hosts => "localhost" } stdout { codec => rubydebug } }

bin/logstash -f config/hello_search.conf

再次测试执行的效果：

thinkgamer@thinkgamer-pc:/opt/elk/logstash-2.4.0$ bin/logstash agent -f config/hello_search.conf Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=gasp Settings: Default pipeline workers: 4 Pipeline main started sdf [2016-09-25 13:28:21,997][INFO ][cluster.metadata ] [Arcademan] [logstash-2016.09.25] creating index, cause [auto(bulk api)], templates [logstash], shards [5]/[1], mappings [_default_] [2016-09-25 13:28:22,758][INFO ][cluster.routing.allocation] [Arcademan] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[logstash-2016.09.25][4]] ...]). [2016-09-25 13:28:22,993][INFO ][cluster.metadata ] [Arcademan] [logstash-2016.09.25] create_mapping [logs] { "message" => "sdf", "@version" => "1", "@timestamp" => "2016-09-25T05:28:21.161Z", "host" => "thinkgamer-pc" } 受到方式 { "message" => "受到方", "@version" => "1", "@timestamp" => "2016-09-25T05:28:30.998Z", "host" => "thinkgamer-pc" } 我爱你 { "message" => "我爱你", "@version" => "1", "@timestamp" => "2016-09-25T05:28:58.399Z", "host" => "thinkgamer-pc" }

我们可以在Elastic的web界面上看到

这里写图片描述

3.监测指定文件，web展示

在/opt/elk/testlog 下有两个文件，分别是access.log 和error.log，我们通过echo往这两个文件追加内容，来测试整个日志收集系统是否可行

vim /opt/elk/logstash-2.4.0/config/hello_search.conf input { file { type =>"syslog" path => ["/opt/elk/auth.log" ] } syslog { type =>"syslog" port =>"5544" } } output { stdout { codec=> rubydebug } elasticsearch {hosts => "localhost"} }

启动

bin/logstash -f config/hello_search.conf

这里需要再次打开:5601/ 进行create

测试效果

echo 9 >> auth.log

这里写图片描述