Resource Download address
version
- elasticsearch6.7.1
- logstash6.7.1
- kibana6.5.4
ElasticSearch installation
1. Modify conf/ ElasticSearch. yml to open host for data and master. Since the server only had 1 GB of memory left, the JVM was set to 512 MB
Cluster. name: es6.7 node.name: node-1 node.master:true
node.data: trueNetwork. The host: 0.0.0.0Copy the codeYou cannot start ES using root. Therefore, create a user and assign permissions to es
Adduser es chown -r es:es ElasticSearch -6.7.1 su escdElasticsearch - 6.7.1. / bin/elasticsearchCopy the code
Startup error
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
vi /etc/sysctl.conf
vm.max_map_count = 262144
sysctl -p
Copy the code
Logstash installation
1. Modify the conf/logstash – simple. Conf
cd/ home/es/logstash - 6.7.1 / config vim logstash - simple. ConfcdLogstash - 6.7.1 / bin, / bin/logstash-f config/logstash-simple.conf
Copy the codeOnce started, the Logstash file reads the log file, sends it to es, and automatically creates the index
Start the Kibana
Since it’s Windows, download it directly and click kibana.bat
Localhost :9200 is the default url for elasticSearch. yml
test
Elasticsearch -head plugin to view es data (kibana is also available)
echo “hello” >> dru.log
Append the text to the end of the log. You can see the logstash output log and look it up in ES
conclusion
This is the simplest elK construction method. The logstash analysis and filtering of logs are omitted here. The most powerful part of this method is the filter, which can format and parse logs. The es index is also not optimized, with 5 primary and secondary shards created by default
Logstash Configuration Details the Logstash document