elk典型架构-logstash部署(logstash节点部署)
1、实验拓扑图
2、实验环境介绍
| hostname | IP | role | 配置 |
|---|---|---|---|
| es01 | 192.168.92.14 | es+kibana+es-head | 4G内存 |
| es02 | 192.168.92.15 | es | 2G |
| logstash | 192.168.92.16 | logstash | 2G |
| filebeat01 | 192.168.92.17 | filebeat+nginx | 2G |
3、实施步骤
根据规划,logstash安装到一台独立的主机上。 Logstash 载地t址: https://www.elastic.co/cn/downloads/past-releases#logstash
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.10-x86_64.rpm
https://artifacts.elastic.co/downloads/kibana/kibana-7.17.10-x86_64.rpm
https://artifacts.elastic.co/downloads/logstash/logstash-7.17.10-x86_64.rpm
https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.17.10-x86_64.rpm初始化配置 安装基础软件
yum install wget vim net-tools -yselinux、firewall关闭、设置时区
timedatectl set-timezone Asia/Shanghai
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config安装jdk也和上面一样的,jdk验证:
yum list java-1.8* # 列出所有名称以 java-1.8 开头的可用软件包,用于确认有哪些版本可安装
yum install java-1.8.0-openjdk* -y # 安装所有以 java-1.8.0-openjdk 开头的包(包括 JRE、JDK 等),-y 自动确认
java -version # 验证 Java 是否安装成功,并显示当前版本信息安装Iogstash
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.10-x86_64.rpm
[root@logstash ~]# ls
anaconda-ks.cfg logstash-7.17.10-x86_64.rpm
yum install logstash-7.17.10-x86_64.rpm -y将logstash命令添加到PATH环境变量中(vi /etc/profile.d/logstash.sh)(作用与直接写到/etc/profile效果一样)
[root@logstash ~]# cat /etc/profile.d/logstash.sh
export PATH=$PATH:/usr/share/logstash/bin用户退出后重新登录生效。
[root@logstash ~]# reboot验证:
logstash -e 'input { stdin {} } output { stdout {} }'
# 执行后终端会挂起等待输入,此时输入"你好,中欧"并回车,Logstash 会立即输出处理后的结果。只要出现 Successfully started Logstash API endpoint [:port=>9600} 就表示启动成功。
liuyunjie
[INFO ] 2026-03-12 21:21:31.359 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[INFO ] 2026-03-12 21:21:31.478 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
{
"host" => "logstash",
"@version" => "1",
"message" => "liuyunjie",
"@timestamp" => 2026-03-12T13:21:31.520Z
}
hi yun
{
"host" => "logstash",
"@version" => "1",
"message" => "hi yun",
"@timestamp" => 2026-03-12T13:21:54.496Z
}