ELK stack

Log data visualization 

eungoo.jung

http://silvernine.me

  • elasticsearch 2.3.4
  • logstash 2.3.4 All plugins
  • kibana 4.5.3

elasticsearch

압축풀기

tar zxvf elasticsearch-2.3.4.tar.gz

 

엘라스틱서치 실행 ( -d > background mode )

bin/elasticsearch -d

 

실행 확인

curl localhost:9200

 

Head plugin 설치

bin/plugin install mobz/elasticsearch-head

http://localhost:9200/_plugin/head

elasticsearch vs RDB

elasticsearch RDB
index database
type table
document row
field column
mapping schema

Logstash

압축풀기

tar zxvf logstash-all-plugins-2.3.4.tar.gz

 

logstash.conf 작성 >>>

 

로그스태쉬 실행

bin/logstash -f bin/logstash.conf

 

로그파일 설정한 input 폴더에 삽입

http://silvernine.me/document/query.20160729.log

 

Head plugin 에서 index 생성 확인  

http://localhost:9200/_plugin/head/

input {
  file {
    codec => json
    path => "/Users/SilverNine/Documents/elastic/data/*.log"
  }
}
 
filter{
 
}
 
output{
  elasticsearch {
    hosts => ["127.0.0.1"]
    index => "logstash-%{+YYYY.MM}"
    codec => "json"
  }
}

Kibana

압축풀기

tar zxvf kibana-4.5.3-darwin-x64.tar.gz

 

config/kibana.yml 수정

server.port 5601

server.host 127.0.0.1

 

Kibana 실행

bin/kibana

http://localhost:5601

 

index name or pattern

logstash-*

Visualize - Pie chart

Dashboard - add visualization