当前位置：首页 > article >正文

window系统下安装elk

article 2025/4/1 0:02:57

Elasticsearch、logstash、kibana 都为8.17.3版本

Elasticsearch

安装流程

# 下载 https://www.elastic.co/cn/downloads/elasticsearch#ga-release
elasticsearch-8.17.3-windows-x86_64
# 解压配置 elasticsearch.yml，下个代码块
# bin目录下双击下述文件，启动 E:\eslaw\elasticsearch\bin
elasticsearch.bat
# 后台运行：安装 启动 停止 删除es服务
elasticsearch-service.bat install
elasticsearch-service.bat start
sc stop Elasticsearch
sc delete Elasticsearch
# 设置密码
elasticsearch-setup-passwords auto
elasticsearch-keystore list
# 没找到再重新生成一个
elasticsearch-reset-password -u elastic
# 安装分词器
elasticsearch-plugin install https://get.infini.cloud/elasticsearch/analysis-ik/8.17.3

elasticsearch.yml

# 设置集群名称
cluster.name: my-cluster
# 设置节点名称
node.name: node-1
# 设置数据存储路径
path.data: E:\eslaw\esdata
# 设置日志存储路径
path.logs: E:\eslaw\eslog
# 设置监听地址
network.host: 0.0.0.0
# 设置服务端口
http.port: 9200

postman操作es

# postman创建索引 put https://localhost:9200/judgment_books
# basic auth下配置用户名和密码 raw/json
# body中填写
{
  "settings": {
    "analysis": {
      "analyzer": {
        "ik_analyzer": {
          "type": "custom",
          "tokenizer": "ik_max_word"
        }
      }
    }
  },
  "mappings": {
    "properties": {
      "原始链接": { "type": "keyword" },
    }
  }
}
# 删除索引
delete https://localhost:9200/judgment_books
# 只删除数据，不删除索引，请求体 
POST https://localhost:9200/judgment_books/_delete_by_query
{
  "query": {
    "match_all": {}
  }
}
# 查询索引
get https://localhost:9200/judgment_books/_search
{
  "query": {
    "match_all": {}
  }
}

问题解决

solver

问题：

postman Could not get response SSL Error: Self signed certificate in certificate chain

解决：

进入File > Settings (或直接按Ctrl + ,)。

在General标签下找到SSL certificate verification选项，并将其关闭（设置为OFF）

logstash

安装流程

# 下载解压  https://www.elastic.co/downloads/logstash
logstash-8.17.3-windows-x86_64
# 安装必要的插件
logstash-plugin install logstash-input-file
logstash-plugin install logstash-filter-csv
logstash-plugin install logstash-filter-mutate
配置logstash.conf
启动
logstash -f E:\eslaw\logstash\config\logstash.conf
logstash.bat中调整堆内存
if not defined LS_JAVA_OPTS (
    set LS_JAVA_OPTS=-Xms4g -Xmx4g
)
set JAVA_OPTS=%LS_JAVA_OPTS% %JAVA_OPTS%

logstash.conf

input {
    file {
    
        path => "E:/eslaw/test/test.csv"  
        start_position => "beginning"         
        sincedb_path => "NUL"                
        codec => plain {
            charset => "UTF-8"                
        }
        discover_interval => 15 
        file_chunk_size => 131072 
        file_chunk_count => 32768 
        exit_after_read => false 
        mode => "read" 
    }
}
output {
    elasticsearch {
        hosts => ["https://localhost:9200"]  
        index => "judgment_books"           
        user => "elastic"
        password => "xx-"
        ssl => true
        ssl_certificate_verification => false
    }
    stdout {
        codec => json_lines
    }
}

kibana

安装流程

# 下载解压 https://www.elastic.co/cn/downloads/kibana
kibana 8.17.3
# 配置 config\kibana.yml
# 默认不能用elastic账号，需要单独创建一个
# \bin>elasticsearch-service-tokens create elastic/kibana my-kibana-token 会返回一个token
SERVICE_TOKEN elastic/kibana/my-kibana-token = AAEAAWVsYXN0aW
# 启动Kibana
.\bin\kibana

kibana.yml

elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.ssl.verificationMode: none
server.host: "0.0.0.0" 
server.port: 5601
elasticsearch.serviceAccountToken: "xx"

查看全文

http://www.kler.cn/a/613022.html