注意:elasticsearch和kibana不能使用root用户启动
1.logstach的yml文件
# 默认管道
pipeline.id: main
# 读取配置的地方
path.config: "/etc/LOGSTASH/logstash-8.13.4/config/*.conf"
2.logstach-sample的conf文件
# 读取日志文件
input {
file {
path => "/home/cli/server/logs/*.log"
start_position => "beginning"
sincedb_path => "/dev/null"
codec => multiline {
pattern => "^(\[LINE])" # 以[LINE]开头算作一行,自己在springboot中配置好日志格式
negate => true # 其他不规范日志向上算作一行
what => "previous"
}
}
}
# 输出到ES地址
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["localhost:9200"]
index => "extranet-server"
}
}
3.ES的Elasticsearch.yml文件配置
http.port: 9200
xpack.security.enabled: false
xpack.security.enrollment.enabled: false
xpack.security.http.ssl:
enabled: false
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: false
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["44"]
http.host: 0.0.0.0
4.kibana的kibana.yml配置
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
i18n.locale: "zh-CN"