ELK—Windows版本搭建（6.2.2）

一、安装elasticsearch

官网：https://www.elastic.co/cn/elasticsearch/

1.解压

2.调整堆内存大小

jvm.options

3.启动

启动后：

4.测试

浏览器输入：http://localhost:9200/

二、安装kibana

官网：https://www.elastic.co/cn/downloads/kibana

1.解压

2. 修改配置

启动：

3. 测试

浏览器输入: http://localhost:5601/

三、安装Logstash

官网：https://artifacts.elastic.co/downloads/logstash/logstash-6.2.2.zip

1.解压

2.添加配置

2.1调整堆内存大小

jvm.options

2.2新增配置文件

logstash.conf

添加以下内容

input { 
stdin {}
}
input {
    beats {
        port => 5044
        codec => json
        client_inactivity_timeout => 36000
    }    
   # tcp {
  #  host => "127.0.0.1"
  #  port => 9900
   # codec => json_lines
  #}
}
filter {
    grok {
        #patterns_dir => ["./patterns"]
        match => { "message" => "%{TIMESTAMP_ISO8601:time} %{LOGLEVEL:level} %{GREEDYDATA:data}" }
    }
    mutate {
        remove_field => ["ecs","agent","host","tags","input"]
    }
}
output {
    stdout { codec => rubydebug }
    elasticsearch {
        hosts => ["127.0.0.1:9200"] 
        index => "ERPHY3Boot-log-%{+YYYY.MM.dd}"
        user => "elastic"
        password => "3yLqr5D4cqhQMtD6Dhme"
    }
}

https://blog.csdn.net/qq_36488175/article/details/110921286?spm=1001.2014.3001.5506

javac -cp "D:\elasticsearch-6.2.2\lib\elasticsearch-6.2.2.jar;D:\elasticsearch-6.2.2\lib\lucene-core-7.2.1.jar;D:\elasticsearch-6.2.2\plugins\x-pack\x-pack-core\x-pack-core-6.2.2.jar;D:\elasticsearch-6.2.2\lib\elasticsearch-6.2.2.jar" XPackBuild.java

javac -cp "D:\elasticsearch-6.2.2\lib\elasticsearch-6.2.2.jar:/usr/share/elasticsearch/lib/lucene-core-7.2.1.jar:/usr/share/elasticsearch/plugins/x-pack/x-pack-core/x-pack-core-6.2.2.jar" LicenseVerifier.java

curl -u elastic:123456 -XPUT http://127.0.0.1:9200/_xpack/license -H “Content-Type: application/json” -d @license.json

1. jar -cvf x-pack-core-6.2.2.jar *

2. jar -xf x-pack-core-6.2.2.jar

curl 127.0.0.1:9200/_xpack/license?pretty -u elastic:123456 -H “Content-Type: application/json”