1.下载https://www.elastic.co/downloads/logstash到/usr/local/src

wget https://download.elastic.co/logstash/logstash/logstash-2.4.0.tar.gz

2.解压

tar -zxvf logstash-2.4.0.tar.gz -C /usr/local

3.创建配置文件

cd /usr/local/logstash/config
vi test.conf

输入

input {
    file {
        path => "/opt/boot/logs/*.log"
        start_position => beginning
    }
    stdin {

    }
}
filter {
  #Only matched data are send to output.
}
output {
    stdout {
      codec => rubydebug
    }
    elasticsearch {
    action => "index"          #The operation on ES
    codec  => rubydebug
    hosts  => "192.168.235.32:9200"   #ElasticSearch host, can be array.
    index  => "logstash-%{+YYYY.MM.dd}"         #The index to write data to.
  }
}

运行

bin/logstash -f test.conf

4.新建测试log文件

cd /opt/boot/logs
vim 1.log

写入测试数据：aa

5.打开kibana

新建index partner

查看

至此，简单完成了日志系统，生产中，可以通过Serilog等组件写日志，通过logstash监听，并写入els，并展示出来