我安装的ELK版本是6.3.2。
echo '[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md' > /etc/yum.repos.d/elasticsearch.repo
yum install -y java-1.8.0-openjdk logstash elasticsearch kibana。
像这样的logstash设置
input {
file {
path => "/data/logs/**/messages"
type => "syslog"
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "logstash-%{type}-%{+YYYY.MM.dd}"
}
}
/ data / logs这样的设置
semanage fcontext -a -t var_log_t“ /data/logs(/.*)?” chcon -R -u system_u / data / logs restorecon -R -v / data /
这样的rsyslog设置
` $MaxMessageSize 128k
$ModLoad imuxsock.so
$ModLoad imklog.so
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$SystemLogRateLimitInterval 0
$SystemLogRateLimitBurst 0
$ModLoad imtcp
$InputTCPServerRun 514
$template >DYNmessages,"/data/logs/%$YEAR%/%$MONTH%/%$DAY%/%HOSTNAME%/messages"
....
if $syslogfacility-text == 'local7' then ?DYNboot`
当我启动systemctl start ...的所有服务时,elasticsearch无法自动创建索引。
我这样测试logstash使用
/usr/share/logstash/bin/logstash -e 'input { file { path => "/data/logs/**/test.log" type = "test" } } output {elasticsearch{hosts=>["127.0.0.1:9200"] index => "logstash-%{type}-%{+YYYY.MM.dd}"}}'
elasticsearch可以自动创建索引。 我不明白为什么这就是为什么?