默认的安装的logstash是没有被kibana监控的,需要经过一些设置进行监控。
注释:以下配置文件的路径基于RPM安装的ELK7.1版本.
1.Elasticsearch需要修改加一些配置:
## vim /etc/elasticsearch/elasticsearch.yml
...
#action.destructive_requires_name: true
xpack.security.audit.enabled: true
xpack.security.enabled: false
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*
2.logstash 的配置文件:
# cat /etc/logstash/logstash.yml | grep -v ^#
path.data: /var/lib/logstash
http.host: "197.255.20.213"
path.logs: /var/log/logstash
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash
xpack.monitoring.elasticsearch.password: logstash
xpack.monitoring.elasticsearch.hosts: ["http://197.255.20.215:9200", "http://197.255.20.214:9200","http://197.255.20.213:9200"]
xpack.monitoring.elasticsearch.sniffing: true
xpack.monitoring.collection.interval: 5s
xpack.monitoring.collection.pipeline.details.enabled: true
注意启动logstash的时候需要有配置好的配置文件:(放置于/etc/logstash/conf.d/目录下,配置文件必须是以.conf文件结尾)
否则报错:
[2019-05-23T15:48:59,906][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
[2019-05-23T15:48:59,965][INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"/etc/logstash/conf.d/*.conf"}
-- logstash示例:
--重启Elasticsearch和logstash:
# sudo systemctl restart elasticsearch.service
# sudo systemctl restart logstash.service
--其他的报错信息:
[2019-05-23T14:37:03,092][ERROR][logstash.configmanagement.elasticsearchsource] X-Pack Security needs to be enabled in Elasticsearch. Please set xpack.security.enabled: true in elasticsearch.yml.
监控logstash的信息:
