{"id":40947,"date":"2023-03-21T09:32:48","date_gmt":"2023-06-23T07:07:16","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/"},"modified":"2024-04-29T19:54:58","modified_gmt":"2024-04-29T11:54:58","slug":"%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/","title":{"rendered":"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x]"},"content":{"rendered":"
\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/div>\n

\u6458\u8981<\/h2>\n

\u5f53\u5bf9Syslog\u76d1\u89c6\u8fdb\u884c\u6574\u4f53\u6d4b\u8bd5\u5e76\u8fd0\u884c\u65e5\u5fd7\u65f6\uff0c\u6211\u4eec\u91c7\u7528\u4e86Elasticsearch + Kibana + Logstash + Filebeat\u3002<\/p>\n

\u516c\u5f0f\u94fe\u63a5<\/h2>\n

\u6709\u5173ELASTIC STACK<\/p>\n

\u4ece\u7ef4\u57fa\u767e\u79d1\u63d0\u53d6<\/p>\n

Elasticsearch\u306fLucene\u57fa\u76e4\u306e\u5206\u6563\u51e6\u7406\u30de\u30eb\u30c1\u30c6\u30ca\u30f3\u30c8\u5bfe\u5fdc\u691c\u7d22\u30a8\u30f3\u30b8\u30f3\u3067\u3042\u308b\u3002\r\n\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3060\u304c\u3001\u73fe\u5728\u306f\u30aa\u30e9\u30f3\u30c0\u30fb\u30a2\u30e0\u30b9\u30c6\u30eb\u30c0\u30e0\u306b\u672c\u793e\u3092\u7f6e\u304fElastic\u793e\u304c\u4e2d\u5fc3\u306b\u306a\u3063\u3066\u958b\u767a\u304c\u9032\u3081\u3089\u308c\u3066\u3044\u308b[1]\u3002\r\n\u306a\u304a\u300cElastic Search\u300d\u3068\u3044\u3063\u305f\u3088\u3046\u306b\u9593\u306b\u7a7a\u767d\u3092\u5165\u308c\u308b\u30fb\u300csearch\u300d\u306e\u982d\u3092\u5927\u6587\u5b57\u306b\u3059\u308b\u3068\u3044\u3063\u305f\u8868\u8a18\u306f\u8aa4\u308a\r\n\uff08\u305f\u3060\u3057Ver.1.0.0\u30ea\u30ea\u30fc\u30b9\u524d\u306b\u306f\u305d\u306e\u3088\u3046\u306a\u8868\u8a18\u3082\u6df7\u5728\u3057\u3066\u3044\u305f\uff09\r\n<\/code><\/pre>\n
\u5173\u4e8e\u5404\u79cd\u8f6f\u4ef6\u7684\u6982\u8ff0\u548c\u5b9e\u73b0\u8bed\u8a00\u7684\u7b80\u4ecb\u3002<\/p>\n
\n
beats\u6982\u8981\u8a00\u8a9eelasticsearch\u5206\u6563\u578bRESTful\u691c\u7d22\u30a8\u30f3\u30b8\u30f3Javakibana\u30d6\u30e9\u30a6\u30b6\u30fc\u30d9\u30fc\u30b9\u306e\u5206\u6790\u304a\u3088\u3073\u691c\u7d22\u30c0\u30c3\u30b7\u30e5\u30dc\u30fc\u30c9JavaScriptFilebeat\u30ed\u30b0\u30d5\u30a1\u30a4\u30eb\u306e\u53ce\u96c6GoMetricbeatCPU,\u30e1\u30e2\u30ea\u7b49\u306e\u60c5\u5831\u53ce\u96c6GoPacketbeat\u30d1\u30b1\u30c3\u30c8\u60c5\u5831\u306e\u53ce\u96c6GoWinlogbeatWindows\u306e\u30a4\u30d9\u30f3\u30c8\u30ed\u30b0\u306e\u53ce\u96c6GoAuditbeat\u76e3\u67fb\u30c7\u30fc\u30bf\u306e\u53ce\u96c6GoHeartbeat\u30ea\u30e2\u30fc\u30c8\u304b\u3089\u7a3c\u50cd\u72b6\u6cc1\u306e\u76e3\u8996Gologstash\u30b5\u30fc\u30d0\u30fc\u5074\u306e\u30c7\u30fc\u30bf\u51e6\u7406\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3Ruby<\/div>\n<\/div>\n
\u7528\u7b80\u5355\u7684\u672f\u8bed\u603b\u7ed3\u4e00\u4e0b<\/h2>\n
\n
beats\u6982\u8981\u53c2\u8003cluster\u540c\u4e00\u306e\u540d\u524d\u3092\u6301\u3064node\u306e\u96c6\u5408
\nindexRDB\u306b\u304a\u3051\u308b\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9
\ntypeRDB\u306b\u304a\u3051\u308b\u30c6\u30fc\u30d6\u30eb
\nfieldRDB\u306b\u304a\u3051\u308b\u30ab\u30e9\u30e0
\ndocumentRDB\u306b\u304a\u3051\u308b\u30ec\u30b3\u30fc\u30c9
\nmappingRDB\u306b\u304a\u3051\u308b\u30b9\u30ad\u30fc\u30de\u5b9a\u7fa9
\nnodeelasticsearch\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u5b9f\u884c\u3057\u3066\u3044\u308b\u5358\u4f4d<\/div>\n<\/div>\n
\u73af\u5883<\/h2>\n
$ <\/span>uname<\/span> -r<\/span>\r\n3.10.0-957.el7.x86_64\r\n\r\n$ <\/span>cat<\/span> \/etc\/redhat-release\r\nCentOS Linux release 7.6.1810 (<\/span>Core)<\/span>\r\n<\/code><\/pre>\n
\u9ed8\u8ba4\u7aef\u53e3<\/h2>\n
\u672c\u6b21\u8bbe\u7f6e\u5982\u4e0b\uff0c\u8bf7\u6839\u636e\u9700\u8981\u9002\u5f53\u66f4\u6539\uff0c\u82e5\u5df2\u4f7f\u7528\u8fc7\uff0c\u8bf7\u76f8\u5e94\u8fdb\u884c\u4fee\u6539\u3002<\/p>\n
\n
\u30d7\u30ed\u30bb\u30b9\u30dd\u30fc\u30c8\u756a\u53f7Elastisearch9200Kibana5201Logstash5044<\/div>\n<\/div>\n
\u6253\u9020\u5f62\u8c61<\/p>\n
\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/div>\n
\u5728\u5b89\u88c5\u4e4b\u524d\u7684\u51c6\u5907\u5de5\u4f5c<\/h2>\n
# Java\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/span>\r\n$ <\/span>yum search java-1.8.0-openjdk\r\n$ <\/span>yum -y<\/span> install <\/span>java-1.8.0-openjdk\r\n$ <\/span>export <\/span>JAVA_HOME<\/span>=<\/span>\/usr\/bin\/java\r\n\r\n# \u30ea\u30dd\u30b8\u30c8\u30ea\u767b\u9332<\/span>\r\n$ <\/span>rpm --import<\/span> https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\r\n$ <\/span>vi \/etc\/yum.repos.d\/elasticsearch.repo\r\n[<\/span>elasticsearch-7.x]\r\nname<\/span>=<\/span>Elasticsearch repository for <\/span>7.x packages\r\nbaseurl<\/span>=<\/span>https:\/\/artifacts.elastic.co\/packages\/7.x\/yum\r\ngpgcheck<\/span>=<\/span>1\r\ngpgkey<\/span>=<\/span>https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\r\nenabled<\/span>=<\/span>1\r\nautorefresh<\/span>=<\/span>1\r\ntype<\/span>=<\/span>rpm-md\r\n<\/code><\/pre>\n
\u5b89\u88c5<\/h2>\n
\u5b89\u88c5Elasticsearch<\/h4>\n
GitHub: \u5f39\u6027\/ Elasticsearch<\/p>\n
# \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/span>\r\n$ <\/span>yum install<\/span> -y<\/span> elasticsearch\r\n\r\n# \u5916\u90e8\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u8a2d\u5b9a<\/span>\r\n$ <\/span>vim \/etc\/elasticsearch\/elasticsearch.yml\r\nnetwork.host: 0.0.0.0\r\nhttp.port: 9200\r\n\r\n# Elasticsearch\u8d77\u52d5\/\u78ba\u8a8d<\/span>\r\n$ <\/span>systemctl enable <\/span>elasticsearch.service\r\n$ <\/span>systemctl start elasticsearch.service\r\n$ <\/span>systemctl status elasticsearch.service\r\n$ <\/span>curl [<\/span>IP\u30a2\u30c9\u30ec\u30b9]:9200\r\n\r\n<\/code><\/pre>\n
Kibana\u5b89\u88c5<\/h4>\n
GitHub\uff1aelastic\/kibana<\/p>\n
# \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/span>\r\n$ <\/span>yum install<\/span> -y<\/span> kibana\r\n\r\n# \u5916\u90e8\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u8a2d\u5b9a<\/span>\r\n$ <\/span>vim \/etc\/kibana\/kibana.yml\r\nserver.host: \"[IP\u30a2\u30c9\u30ec\u30b9]\"<\/span>\r\n\r\n# Kibana\u8d77\u52d5\/\u78ba\u8a8d<\/span>\r\n$ <\/span>systemctl enable <\/span>kibana.service\r\n$ <\/span>systemctl start kibana.service\r\n$ <\/span>systemctl status kibana.service\r\n$ <\/span>curl -XGET<\/span> 'http:\/\/[IP\u30a2\u30c9\u30ec\u30b9]:9200\/filebeat-*\/_search?pretty'<\/span>\r\n<\/code><\/pre>\n
\u5b89\u88c5Logstash<\/h4>\n
\u5f39\u6027\/\u65e5\u5fd7\u7ba1\u9053<\/p>\n
# \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/span>\r\n$ <\/span>yum -y<\/span> install <\/span>logstash\r\n\r\n# \u30d5\u30a3\u30eb\u30bf\u30fc\u7528\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210<\/span>\r\n$ <\/span>vim \/etc\/logstash\/conf.d\/01-syslog.conf\r\ninput {<\/span>\r\n  beats {<\/span>\r\n    port =><\/span> \"5044\"<\/span>\r\n    type<\/span> =><\/span> \"beats\"<\/span>\r\n    }<\/span>\r\n}<\/span>\r\n\r\noutput {<\/span>\r\n  elasticsearch {<\/span>\r\n    hosts =><\/span> [<\/span>\"[IP\u30a2\u30c9\u30ec\u30b9]9200\"<\/span>]<\/span>\r\n    index =><\/span> \"squid-%{+YYYY.MM}\"<\/span>\r\n  }<\/span>\r\n}<\/span>\r\n\r\n# \u30b5\u30fc\u30d3\u30b9\u8d77\u52d5\/\u78ba\u8a8d<\/span>\r\n$ <\/span>systemctl start logstash\r\n$ <\/span>systemctl status logstash\r\n\r\n# \u30ed\u30b0\u3092\u76e3\u8996<\/span>\r\ntail<\/span> -f<\/span> \/var\/log\/logstash\/logstash-plain.log\r\n<\/code><\/pre>\n
\u5b89\u88c5 Filebeat\uff08\u76d1\u89c6\u76ee\u6807\u8282\u70b9\uff09<\/h4>\n
GitHub: elastic\/beats\/filebeat\u7684\u6e90\u4ee3\u7801\u5e93<\/p>\n
# \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/span>\r\n$ <\/span>yum -y<\/span> install <\/span>filebeat\r\n\r\n# syslog\u3092\u53ce\u96c6\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a<\/span>\r\n$ <\/span>vim \/etc\/filebeat\/filebeat.yml\r\nfilebeat.inputs:\r\n- type<\/span>: syslog\r\n  protocol.udp:\r\n    host: \"192.168.1.238:9000\"<\/span>\r\n\r\n- type<\/span>: log\r\n  enabled: false\r\n  <\/span>paths:\r\n    - \/var\/log\/messages\r\n\r\n# Kibana\u9023\u643a<\/span>\r\n$ <\/span>vim \/etc\/kibana\/kibana.yml\r\nsetup.kibana:\r\n  host: \"[IP\u30a2\u30c9\u30ec\u30b9]:5601\"<\/span>\r\n\r\n# Elasticsearch\u9023\u643a<\/span>\r\n$ <\/span>vim \/etc\/kibana\/kibana.yml\r\noutput.elasticsearch:\r\n  hosts: [<\/span>\"[IP\u30a2\u30c9\u30ec\u30b9]:9200\"<\/span>]<\/span>\r\n\r\n# \u5b9f\u884c<\/span>\r\n$ <\/span>filebeat setup\r\n$ <\/span>systemctl start filebeat\r\n<\/code><\/pre>\n
Metricbeat \u6307\u6807\u91c7\u96c6\u5668<\/h4>\n
\u5f39\u6027\/\u51fb\u8d25\/\u6307\u6807\u8bb0\u5f55\u5668<\/p>\n
# \u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/span>\r\n$ <\/span>yum -y<\/span> install <\/span>metricbeat\r\n\r\n# \u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u7de8\u96c6<\/span>\r\nsetup.kibana:\r\n  host: \"[IP\u30a2\u30c9\u30ec\u30b9]:5601\"<\/span>\r\noutput.elasticsearch:\r\n  hosts: [<\/span>\"[IP\u30a2\u30c9\u30ec\u30b9]:9200\"<\/span>]<\/span>\r\n\r\n# \u5b9f\u884c<\/span>\r\n$ <\/span>metricbeat setup\r\n$ <\/span>systemctl start metricbeat\r\n$ <\/span>systemctl status metricbeat\r\n<\/code><\/pre>\n
\u8bd5\u7740\u53d1\u9001\u65e5\u5fd7<\/h2>\n
\u8fd9\u662f\u7528\u4e8e\u786e\u8ba4\u52a8\u4f5c\u7684\u547d\u4ee4\u3002<\/p>\n
# \u30ed\u30b0\u30d5\u30a1\u30a4\u30eb\u3078\u8ffd\u8a18\u3059\u308b<\/span>\r\n$ <\/span>logger \"test log\"<\/span>\r\n\r\n# ping\u3067\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u901a\u4fe1\u3092\u5b9f\u884c<\/span>\r\n$ <\/span>ping -s<\/span> 1M 192.168.179.10\r\n<\/code><\/pre>\n
\u5982\u679c\u53ef\u4ee5\u4eceKibana\u4e2d\u67e5\u770b\u65e5\u5fd7\uff0c\u90a3\u4e48\u64cd\u4f5c\u5c31\u6210\u529f\u4e86\u3002<\/p>\n
\u5f62\u8c61<\/h2>\n
\u6307\u6807<\/h4>\n
\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/div>\n
\u65e5\u5fd7\u68c0\u7d22<\/h4>\n
\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/div>\n
Apache\u6a21\u5757<\/h2>\n
\u901a\u8fc7\u4f7f\u7528Beat\u4e2d\u7684Apache\u6a21\u5757\uff0c\u60a8\u53ef\u4ee5\u5c06\u8bbf\u95ee\u65e5\u5fd7\u548c\u8bbf\u95ee\u6765\u6e90\u5730\u533a\u53ef\u89c6\u5316\u3002\u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u67e5\u770b\u6d4f\u89c8\u5668\u7c7b\u578b\u548c\u8bbf\u95ee\u6b21\u6570\u7b49\u4fe1\u606f\uff0c\u65e0\u9700\u8fdb\u884c\u7279\u6b8a\u8bbe\u7f6e\u3002<\/p>\n
# \u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u6709\u52b9\u5316<\/span>\r\n$ <\/span>filebeat modules enable <\/span>apache2\r\n\r\n# \u30e2\u30b8\u30e5\u30fc\u30eb\u30ea\u30b9\u30c8\u3092\u8868\u793a<\/span>\r\n$ <\/span>filebeat modules list\r\n\r\n# \u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb<\/span>\r\n$ <\/span>vim \/etc\/filebeat\/modules.d\/apache2.yml\r\n- module: apache2\r\n  # Access logs<\/span>\r\n  access:\r\n    enabled: true\r\n    <\/span>var.paths:\r\n      - \/var\/log\/httpd\/access_log\r\n\r\n  # Error logs<\/span>\r\n  error:\r\n    enabled: true\r\n    <\/span>var.paths:\r\n      - \/var\/log\/httpd\/error_log\r\n\r\n# \u30b5\u30fc\u30d3\u30b9\u518d\u8d77\u52d5<\/span>\r\n$ <\/span>systemctl restart filebeat\r\n<\/code><\/pre>\n
\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/div>\n
\u7d22\u5f15\u751f\u547d\u5468\u671f\u7b56\u7565<\/h2>\n
\u5982\u679c\u4fdd\u6301\u5f53\u524d\u8bbe\u7f6e\uff0c\u65e5\u5fd7\u5c06\u65e0\u9650\u5236\u5730\u79ef\u7d2f\u4e0b\u53bb\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u5c06\u5b9a\u4e49\u4e00\u4e2a\u751f\u547d\u5468\u671f\u7b56\u7565\u4ee5\u8fdb\u884c\u5220\u9664\u3002<\/p>\n
\u6253\u5f00Kibana\uff0c\u9009\u62e9Management > Index Lifecycle Policies > Create Policy\u3002\u5728\u8fd9\u91cc\u6709”Hot phase”\uff0c”Warm phase”\uff0c”Cold phase”\u548c”Delete phase”\u7684\u9009\u9879\u3002\u8bf7\u53c2\u8003\u4e0b\u9762\u7684\u8be6\u7ec6\u8bf4\u660e\u3002\u5728\u8fd9\u91cc\uff0c\u6211\u4eec\u5c06\u5c06Delete phase\u4f5c\u4e3a\u5b9a\u4e49\u5220\u9664\u7684\u9636\u6bb5\uff0c\u8fdb\u884c\u4ee5\u4e0b\u8bbe\u7f6e\u3002<\/p>\n
\u4f18\u5316Elasticsearch – \u7b2c2\u90e8\u5206\uff1a\u7d22\u5f15\u751f\u547d\u5468\u671f\u7ba1\u7406<\/p>\n
\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/div>\n
\u8bf7\u5220\u96644\u5929\u524d\u521b\u5efa\u7684\u7d22\u5f15\uff0c\u7136\u540e\u8fd4\u56de\u5230\u4e0a\u4e00\u5c42\uff0c\u5e76\u8fdb\u884c\u4ee5\u4e0b\u9009\u62e9\u3002
\n\u5728\u90a3\u91cc\uff0c\u8bf7\u9009\u62e9\u8981\u5e94\u7528\u6b64\u7b56\u7565\u7684\u65e5\u5fd7\uff0c\u5982metricbeat\u65e5\u5fd7\u3001filebeat\u65e5\u5fd7\u7b49\u3002<\/p>\n
\"\u30b9\u30af\u30ea\u30fc\u30f3\u30b7\u30e7\u30c3\u30c8<\/div>\n
\u8bf7\u53c2\u8003\u4e0b\u6587\u3002<\/h2>\n
\u9996\u6b21\u4f7f\u7528Elasticsearch\uff0c\u73b0\u5df2\u6dfb\u52a0\u4e86Filebeat\u6a21\u5757\u529f\u80fd\uff0c\u4f7f\u65e5\u5fd7\u53ef\u89c6\u5316\u53d8\u5f97\u66f4\u52a0\u7b80\u5355\u3002
\n\u5728Kibana\u4e0a\uff0c\u8f7b\u677e\u5feb\u6377\u5730\u8fdb\u884c\u53ef\u89c6\u5316\u5427\uff01
\n\u603b\u7ed3\u4e86Filebeat\u7684\u6027\u80fd\u8c03\u4f18\u8981\u70b9\u3002<\/p>\n
\u8bf7\u53c2\u8003\u5e7b\u706f\u7247<\/h2>\n
\u4f7f\u7528ElasticSearch+Kibana\u8fdb\u884c\u65e5\u5fd7\u6570\u636e\u7684\u641c\u7d22\u548c\u53ef\u89c6\u5316\uff0c\u5b9e\u73b0\u5e94\u7528\u7a0b\u5e8f\uff08\u6027\u80fd\uff09\u76d1\u63a7\u7684\u5165\u95e8\u6280\u5de7\u548c\u8fd0\u8425\u7ecf\u9a8c\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6458\u8981 \u5f53\u5bf9Syslog\u76d1\u89c6\u8fdb\u884c\u6574\u4f53\u6d4b\u8bd5\u5e76\u8fd0\u884c\u65e5\u5fd7\u65f6\uff0c\u6211\u4eec\u91c7\u7528\u4e86Elasticsearch + Kibana + […]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-40947","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x] - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528elasticsearch-kibana-logstash-filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7-7-x\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x]\" \/>\n<meta property=\"og:description\" content=\"\u6458\u8981 \u5f53\u5bf9Syslog\u76d1\u89c6\u8fdb\u884c\u6574\u4f53\u6d4b\u8bd5\u5e76\u8fd0\u884c\u65e5\u5fd7\u65f6\uff0c\u6211\u4eec\u91c7\u7528\u4e86Elasticsearch + Kibana + […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528elasticsearch-kibana-logstash-filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7-7-x\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-06-23T07:07:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T11:54:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d436d37434c4406c9c1b8\/0-0.png\" \/>\n<meta name=\"author\" content=\"\u6e05, \u626c\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6e05, \u626c\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/\",\"name\":\"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x] - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-06-23T07:07:16+00:00\",\"dateModified\":\"2024-04-29T11:54:58+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x]\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\",\"name\":\"\u6e05, \u626c\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"caption\":\"\u6e05, \u626c\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x] - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528elasticsearch-kibana-logstash-filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7-7-x\/","og_locale":"zh_CN","og_type":"article","og_title":"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x]","og_description":"\u6458\u8981 \u5f53\u5bf9Syslog\u76d1\u89c6\u8fdb\u884c\u6574\u4f53\u6d4b\u8bd5\u5e76\u8fd0\u884c\u65e5\u5fd7\u65f6\uff0c\u6211\u4eec\u91c7\u7528\u4e86Elasticsearch + Kibana + […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u4f7f\u7528elasticsearch-kibana-logstash-filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7-7-x\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-06-23T07:07:16+00:00","article_modified_time":"2024-04-29T11:54:58+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d436d37434c4406c9c1b8\/0-0.png"}],"author":"\u6e05, \u626c","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6e05, \u626c","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"2 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/","name":"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x] - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-06-23T07:07:16+00:00","dateModified":"2024-04-29T11:54:58+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u4f7f\u7528Elasticsearch + Kibana + Logstash + Filebeat\u8fdb\u884c\u7cfb\u7edf\u65e5\u5fd7\u76d1\u63a7 [7.x]"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461","name":"\u6e05, \u626c","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","caption":"\u6e05, \u626c"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e4%bd%bf%e7%94%a8elasticsearch-kibana-logstash-filebeat%e8%bf%9b%e8%a1%8c%e7%b3%bb%e7%bb%9f%e6%97%a5%e5%bf%97%e7%9b%91%e6%8e%a7-7-x\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=40947"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40947\/revisions"}],"predecessor-version":[{"id":87314,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/40947\/revisions\/87314"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=40947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=40947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=40947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}