下载包:
wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.2.tar.gz
wget https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz
wget https://download.elasticsearch.org/kibana/kibana/kibana-3.1.2.tar.gz


tar -zxvf elasticsearch-1.4.2.tar.gz
mv elasticsearch-1.4.2 /usr/local/elasticsearch
git clone https://github.com/elasticsearch/elasticsearch-servicewrapper
cd elasticsearch-servicewrapper
mv service /usr/local/elasticsearch/bin
cd ..


/usr/local/elasticsearch/bin/service/elasticsearch start


测试:
[root@test05 ~]# curl -X GET http://localhost:9200/
{
  "status" : 200,
  "name" : "Ajak",
  "cluster_name" : "elasticsearch",
  "version" : {
    "number" : "1.4.2",
    "build_hash" : "927caff6f05403e936c20bf4529f144f0c89fd8c",
    "build_timestamp" : "2014-12-16T14:11:12Z",
    "build_snapshot" : false,
    "lucene_version" : "4.10.2"
  },
  "tagline" : "You Know, for Search"
}




tar -zxvf logstash-1.4.2.tar.gz
mv logstash-1.4.2 /usr/local/




yum install nginx redis -y
/etc/init.d/redis start


tar -zxvf kibana-3.1.2.tar.gz
mkdir -p /home/nginx
mv kibana-3.1.2 /home/nginx/kibana
rm -rf /etc/nginx/conf.d/*.conf
cat >/etc/nginx/conf.d/kibana.conf    {
    listen       80;
    server_name  _;
    index index.html index.htm index.php;
    root  /home/nginx;


   access_log /var/log/nginx/test.log logstash;
}
EOF


chown -R nginx:nginx /home/nginx/


mkdir -p /usr/local/logstash/etc
vi /usr/local/logstash-1.4.2/etc/logstash_agent.conf
input {
        file {
                type => "nginx_access"
                path => ["/var/log/nginx/test.log"]
        }
}
output {
        redis {
                host => "localhost"
                data_type => "list"
                key => "logstash:redis"
        }
}


启动:
/usr/local/logstash-1.4.2/bin/logstash -f /usr/local/logstash-1.4.2/etc/logstash_agent.conf &






vi /usr/local/logstash-1.4.2/etc/logstash_indexer.conf
input {
        redis {
                host => "localhost"
                data_type => "list"
                key => "logstash:redis"
                type => "redis-input"
        }
}
filter {
        grok {
                type => "nginx_access"
                match => [
                        "message", "%{IPORHOST:http_host} %{IPORHOST:client_ip} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:http_verb} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" 


%{NUMBER:http_status_code} (?:%{NUMBER:bytes_read}|-) %{QS:referrer} %{QS:agent} %{NUMBER:time_duration:float} %{NUMBER:time_backend_response:float}",
                        "message", "%{IPORHOST:http_host} %{IPORHOST:client_ip} \[%{HTTPDATE:timestamp}\] \"(?:%{WORD:http_verb} %{NOTSPACE:http_request}(?: HTTP/%{NUMBER:http_version})?|%{DATA:raw_http_request})\" 


%{NUMBER:http_status_code} (?:%{NUMBER:bytes_read}|-) %{QS:referrer} %{QS:agent} %{NUMBER:time_duration:float}"
                ]
        }
}
output {
        elasticsearch {
                embedded => false
                protocol => "http"
                host => "localhost"
                port => "9200"
        }
}


/usr/local/logstash-1.4.2/bin/logstash -f /usr/local/logstash-1.4.2/etc/logstash_indexer.conf &