1 分别下载elk包
下载地址 https://www.elastic.co/cn/downloads
2 将这三个解压到同一个目录下,便于管理
3 elasticsearch不需要修改配置 默认即可
启动 双击 ./bin/elasticsearch.bat即可、
4 配置logstash
在 bin目录下 新建file.conf文件
path为需要搜索的日志文件 或路径 E:/log/springboot/log/server/*
input { file { path => "E:/log/springboot/log/server/*.log" start_position => "beginning" } } filter { if [path] =~ "access" { mutate { replace => { "type" => "apache_access" } } grok { match => { "message" => "%{COMBINEDAPACHELOG}" } } } date { match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss Z" ] } } output { elasticsearch { hosts => ["localhost:9200"] index => "logstash-test" } stdout { codec => rubydebug } }