Build Elk Log Analysis platform under Windows system

Brief introduction:

Elk consists of three open source tools, Elasticsearch, Logstash and Kiabana:

Elasticsearch is an open source distributed search engine, it features: distributed, 0 configuration, automatic discovery, Index auto-shard, index copy mechanism, RESTful style interface, multi-data source, automatic search load, etc.

Logstash is a fully open source tool that collects, filters, and stores your logs for later use (for example, search).

Kibana is also an open source and free tool that Kibana a friendly Web interface for log analysis that Logstash and ElasticSearch can provide to help you summarize, analyze, and search for important data logs.

Recommended Blog:

Http://www.cnblogs.com/Wolfmanlq/p/5976246.html

Http://www.cnblogs.com/Wolfmanlq/p/5976246.html

Official documents:

Https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-delete-index.html

Elasticsearch API:

Http://127.0.0.1:9200/

Http://127.0.0.1:9200/_search?pretty

Http://localhost:9200/_cat/indices?v

http://blog.csdn.net/wangming520liwei/article/details/73213438

http://blog.csdn.net/tulizi/article/details/52972824

1, first of all to ensure that Windows has installed the JDK, and configure the environment variables, this is not much to say, should be mostly configured

2. Download Elasticsearch Logstash, kibana:https://www.elastic.co/downloads

3. Unzip each download (Windows General download ZIP package)

4. Starting Elasticsearch Kibana Logstash Way is simple

Mode 1:

Go to the respective Bin directory and double-click Elasticsearch.bat kibana.bat to run

Logstash is a little more complicated, you need to write logstash.conf and execute the command:

CMD into the bin directory to execute the command

[Java]View PlainCopy

1. Logstash.bat-f logstash.conf

Mode 2 registers the three as Windows services to start with a Windows service

Configure the Elasticsearch service first:

CD to the bin directory of the Elasticsearch folder

CMD running Elasticsearch-service install will prompt installation to succeed

CMD run Elasticsearch-service Manager will pop up the service management interface, you can set up auto start and start it.

The browser accesses the 127.0.0.1:9200, and a successful JSON appears

Configure Logstash, CD to the lower bin directory of the Logstash folder

Create the configuration file logstash.conf, as follows:

input{   stdin {   }}output{    elasticsearch {      = =["127.0.0.1:9200"  ]      index= "Logstash-%{+YYYY. MM.DD} "      = + " form      "= = "%{id} "    }    stdout {       =  json_lines    }}

Here are the pits:

1) Edit file best Choice Notepad open must be UTF-8 Withou BOM

The correct solution is as follows:

Installation steps:

CD to Logstash folder under Bin directory

2. Download NSSM

NSSM can register it as a Windows service

[SQL]View PlainCopy

1. Https://nssm.cc/release/nssm-2.24.zip

Unzip the copy Nssm-2.24\win64 directory under Nssm.exe to Logstash Bin directory

CMD run Nssm.exe install Logstash

Bounce Box:

In the popup interface, set path to

Path:f:\elk\logstash\bin\run.bat
Startup Directory:f:\elk\logstash\bin

Arguments the directories and files to be set to logstash.conf, as follows

Dependencies tab Settings Dependent services elasticsearch-service-x64

Finally click Install Service installation succeeded

c) Install Kibana for the Windows service and copy the Nssm file as before, the path of the installation service can be set Logstash for kibana.bat,dependencies dependencies, Elasticsearch-service-x64 (Note that there can be no comma behind Logstash in dependencies, two service name wrapping)

(Note: The last one if the installation is unsuccessful, the dependency can be set elasticsearch-service-x64)

Build Elk Log Analysis platform under Windows system