Elasticsearch

  1. brew tap elastic/tap
  3. brew install elastic/tap/elasticsearch-full
  5. brew services start elasticsearch-full
  6. elasticsearch -d
  8. brew services stop elasticsearch
  10. 127.0.0.1:9200 查看

Kibana

  1. brew tap elastic/tap
  3. brew install elastic/tap/kibana-full
  5. brew services start kibana-full
  7. brew services restart kibana-full
  9. 127.0.0.1:5601 访问 kibana

Logstash

  1. brew tap elastic/tap
  3. brew install elastic/tap/logstash-full
  5. brew services start elastic/tap/logstash-full -f *.conf

Plugin

  1. // IK分词器
  2. elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.16.2/elasticsearch-analysis-ik-7.16.2.zip
  4. // analysis-icu
  5. elasticsearch-plugin install analysis-icu
  6. elasticsearch-plugin remove analysis-icu

FileBeat

  1. filebeat -e -c /joyingbox/filebeat/filebeat.yml

filebeat.yml 配置文件

  1. filebeat.inputs:
  2. - type: log
  3.   enabled: true
  4.   paths:
  5.     - /joyingbox/joyingbox-service/logs/allLog.log
  6.   exclude_lines: ['DEBUG']
  7.   exclude_files: ['.gz$']
  8.   fields:
  9.     appname: "joyingbox-erpedi-g"
  10.     zxip: "172.17.24.18"
  11.   multiline.pattern: '^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d* '
  12.   multiline.negate: true
  13.   multiline.match: after
  14.   harvester_buffer_size: 16384 #默认16384
  15.   max_bytes: 40960 #一条日志消息可以具有的最大字节数。 max_bytes之后的所有字节都将被丢弃并且不发送。默认10mb
  16.   ignore_older: 20m #ignore_older设置为大于close_inactive
  17.   close_inactive: 10m #没有新日志多长时间关闭文件句柄,默认5分钟可改短一些
  18.   clean_inactive: 60m #多久清理一次registry文件,默认值为0,运行时间长可能会导致该文件变大带来性能问题。clean_inactive must be > ignore_older + scan_frequency
  19.   scan_frequency: 60s #扫描间隔,默认10s,不建议过低
  21. max_procs: 1
  22. filebeat.config.modules:
  23.   path: ${path.config}/modules.d/*.yml
  24.   reload.enabled: false
  25. setup.template.settings:
  26.   index.number_of_shards: 1
  27. setup.kibana:
  28. output.elasticsearch:
  29.   hosts: ["172.17.21.195:9200", "172.17.21.196:9200", "172.17.21.197:9200"]
  30.   index: "fb-%{[fields.appname]}-%{+yyyy.MM.dd}"
  32. setup.ilm.enabled: false
  33. ilm.enabled: false
  34. setup.template.name: "fb-%{[fields.appname]}"
  35. setup.template.fields: "fields.yml"
  36. setup.template.overwrite: false
  37. setup.template.enabled: false
  38. processors:
  39. - drop_fields:
  40.    fields: ["input","source","offset","prospector","agent",'ecs',"log.offset"]
  41. logging.level: info