廢話不多說，直接上干貨
一、安裝elasticsearch （略）

二、安裝logstash

[root@bogon elk]# rz logstash-2.4.0.tar.gz
[root@bogon elk]# tar -zxvf  logstash-2.4.0.tar.gz

[root@bogon elk]# cd logstash-2.4.0
[root@bogon logstash-2.4.0]# mkidr config
[root@bogon logstash-2.4.0]# cd config
[root@bogon config]#  vim logstash.conf

input {
        file {
            path => "/home/tools/apache-tomcat-8.5.11/logs/catalina.out"
            type => "system"
            start_position => "beginning"
            }
    }
    output {
             elasticsearch {
                    hosts => ["10.1.7.255:9200"]
                    index => "system-%{+YYYY.MM.dd}"
                }
    }


[root@bogon logstash-2.4.0]#./logstash -f /home/tools/elk/logstash-2.4.0/config/logstash.conf  //啟動

啟動成功

圖片.png

三、安裝kibana

[root@bogon elk]# rz kibana-4.1.11-linux-x64.tar.gz
[root@bogon elk]# tar -zxvf  kibana-4.1.11-linux-x64.tar.gz

[root@bogon elk]# cd kibana-4.1.11-linux-x64
[root@bogon kibana-4.1.11-linux-x64]# cd config/
[root@bogon config]# vim kibana.yml

# Kibana is served by a back end server. This controls which port to use.
port: 5601

# The host to bind the server to.
host: "0.0.0.0"

# The Elasticsearch instance to use for all your queries.
elasticsearch_url: "http://10.1.7.255:9200"

# preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
# then the host you use to connect to *this* Kibana instance will be sent.
elasticsearch_preserve_host: true

# Kibana uses an index in Elasticsearch to store saved searches, visualizations
# and dashboards. It will create a new index if it doesn't already exist.
kibana_index: ".kibana"

# If your Elasticsearch is protected with basic auth, this is the user credentials
# used by the Kibana server to perform maintence on the kibana_index at statup. Your Kibana
# users will still need to authenticate with Elasticsearch (which is proxied thorugh
# the Kibana server)
# kibana_elasticsearch_username: user
# kibana_elasticsearch_password: pass

# If your Elasticsearch requires client certificate and key
# kibana_elasticsearch_client_crt: /path/to/your/client.crt
# kibana_elasticsearch_client_key: /path/to/your/client.key

# If you need to provide a CA certificate for your Elasticsarech instance, put
# the path of the pem file here.
# ca: /path/to/your/CA.pem

# The default application to load.
default_app_id: "discover"

# Time in milliseconds to wait for elasticsearch to respond to pings, defaults to
# request_timeout setting
# ping_timeout: 1500

# Time in milliseconds to wait for responses from the back end or elasticsearch.
# This must be > 0
request_timeout: 300000

# Time in milliseconds for Elasticsearch to wait for responses from shards.
# Set to 0 to disable.
shard_timeout: 0

# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying
# startup_timeout: 5000

# Set to false to have a complete disregard for the validity of the SSL
# certificate.
verify_ssl: true

# SSL for outgoing requests from the Kibana Server (PEM formatted)
# ssl_key_file: /path/to/your/server.key
# ssl_cert_file: /path/to/your/server.crt

# Set the path to where you would like the process id file to be created.
# pid_file: /var/run/kibana.pid

# If you would like to send the log output to a file you can set the path below.
# This will also turn off the STDOUT log output.
# log_file: ./kibana.log

# A value to use as a XSRF token. This token is sent back to the server on each request
# and required if you want to execute requests from other clients (like curl).
# xsrf_token: ""

# Plugins that are included in the build, and no longer found in the plugins/ folder
bundled_plugin_ids:
 - plugins/dashboard/index
 - plugins/discover/index
 - plugins/doc/index
 - plugins/kibana/index
 - plugins/markdown_vis/index
 - plugins/metric_vis/index
 - plugins/settings/index
 - plugins/table_vis/index
 - plugins/vis_types/index
 - plugins/visualize/index

[root@bogon kibana-4.1.11-linux-x64]# cd bin
[root@bogon bin]# ./kibana  //啟動

瀏覽器中輸入：http://IP:5601/ 回車

圖片.png