> For the complete documentation index, see [llms.txt](https://docs.imdcinsights.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.imdcinsights.com/ying-yong-zhong-xin/shu-ju-yu-fen-xi/elastic-stack-kuai-su-ru-men.md).

# Elastic Stack快速入门

<br>

<figure><img src="https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-gui-websoft9.gif" alt=""><figcaption></figcaption></figure>

部署 创达睿通 提供的 Elastic Stack 之后，请参考下面的步骤快速入门。

### 准备[​](https://support.websoft9.com/docs/elastic#%E5%87%86%E5%A4%87) <a href="#zhun-bei" id="zhun-bei"></a>

1. 在云控制台获取您的 **服务器公网 IP 地址**
2. 在云控制台安全组中，检查 **Inbound（入）规则** 下的 **80** 和 **9200** 端口是否开启
3. 在服务器中查看 ELK 的 **默认账号和密码**
4. 若想用域名访问 ELK **域名五步设置** 过程
5. 登录云服务器，运行下面的命令，拉取 Elastic 相关 Docker 镜像并启动容器

   ```
   cd /data/apps/elastic && docker compose pull && docker compose up -d
   ```

   > Elastic Stack 开源版本 License 不允许第三方的分发行为，但允许用户免费使用。因此，用户使用本方案部署 Elastic Stack，请先执行上述命令自行拉取 Elastic Stack 镜像。

### Elastic Stack 初始化向导[​](https://support.websoft9.com/docs/elastic#elastic-stack-%E5%88%9D%E5%A7%8B%E5%8C%96%E5%90%91%E5%AF%BC) <a href="#elasticstack-chu-shi-hua-xiang-dao" id="elasticstack-chu-shi-hua-xiang-dao"></a>

#### 详细步骤[​](https://support.websoft9.com/docs/elastic#%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4) <a href="#xiang-xi-bu-zhou" id="xiang-xi-bu-zhou"></a>

1. 使用本地电脑浏览器访问网址： *<http://域名>* 或  *<http://服务器公网> IP*, 进入 Elastic Stack 登录界面&#x20;

   <figure><img src="https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-login-websoft9.png" alt=""><figcaption></figcaption></figure>
2. 输入账号密码，成功登录到 Elastic Stack 后台\
   &#x20;

   <figure><img src="https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-bkreminder-websoft9.png" alt=""><figcaption></figcaption></figure>

   <figure><img src="https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-dashboard-websoft9.png" alt=""><figcaption></figcaption></figure>

> 需要了解更多 Elastic Stack 的使用，请参考官方文档：ELK Documentation

#### 出现问题？[​](https://support.websoft9.com/docs/elastic#%E5%87%BA%E7%8E%B0%E9%97%AE%E9%A2%98) <a href="#chu-xian-wen-ti" id="chu-xian-wen-ti"></a>

若碰到问题，请第一时刻联系 **技术支持**。也可以先参考下面列出的问题定位或 **FAQ** 尝试快速解决问题。

### Elastic Stack 入门向导[​](https://support.websoft9.com/docs/elastic#elastic-stack-%E5%85%A5%E9%97%A8%E5%90%91%E5%AF%BC) <a href="#elasticstack-ru-men-xiang-dao" id="elasticstack-ru-men-xiang-dao"></a>

Elastic Stack 的数据源多种多样，这里用常见的日志文件为 Logstash 的输入为例，步骤如下：

1. 在 Logstash 的配置文件中设置索引"mytest"，并重启容器

   ```
   input{
      file{
         path => "/var/log/yum.log"
         type => "elasticsearch"
         start_position => "beginning"
      }
   }

   output {
      elasticsearch {
         hosts => "elasticsearch:9200"
         user => "elastic"
         password => "xxxxx"
                  index => "mytest"
      }
   }
   ```

   ```
   cd /data/apps/elastic
   docker-compose down
   docker-compose up -d
   ```
2. 验证 Elasticsearch 和 Logstash 是否成功连接，索引数据是否生效(通过 URL 验证：<http://服务器公网> IP:9200/cat/indices?v)

![ELK 验证](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizardindex-websoft9.png)

3. 登陆 Kibana，点击【Manage】，再点击右侧菜单的【Index Patterns】

![ELK Index](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizard1-websoft9.png)

![ELK Index](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizard2-websoft9.png)

![ELK Index](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizard3-websoft9.png)

4. 检索"mytest"，根据提示完成创建

![ELK Index](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizard4-websoft9.png)

![ELK Index](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizard5-websoft9.png)

5. 索引在 Kibana 创建成功，可以用时间戳在此检索数据

![ELK Index](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizard6-websoft9.png)

![ELK Index](https://libs.websoft9.com/Websoft9/DocsPicture/zh/elk/elk-wizard7-websoft9.png)

### Elastic Stack 常用操作[​](https://support.websoft9.com/docs/elastic#elastic-stack-%E5%B8%B8%E7%94%A8%E6%93%8D%E4%BD%9C) <a href="#elasticstack-chang-yong-cao-zuo" id="elasticstack-chang-yong-cao-zuo"></a>

#### Logstash 连接 Elasticsearch[​](https://support.websoft9.com/docs/elastic#logstash-%E8%BF%9E%E6%8E%A5-elasticsearch) <a href="#logstash-lian-jie-elasticsearch" id="logstash-lian-jie-elasticsearch"></a>

Logstash 作为数据的采集者，它是如何将数据传输到 Elasticsearch 这个数据存储中的呢？

1. 编辑 Logstash 配置文件
2. 新增一个 pipeline 的配置文件，其内容如下：

   ```
   input{
      file{
         path => "/var/log/*.log"
         type => "elasticsearch"
         start_position => "beginning"
      }
   }

   ## Add your filters / logstash plugins configuration here

   output {
      elasticsearch {
         hosts => "elasticsearch:9200"
         user => "elastic"
         password => "elastic123"
                  index => "mytest"
      }
   }
   ```

> 以上配置段中的 **output** 需要使用 elasticsearch 的数据库连接账号。

#### 配置 SMTP[​](https://support.websoft9.com/docs/elastic#%E9%85%8D%E7%BD%AE-smtp) <a href="#pei-zhi-smtp" id="pei-zhi-smtp"></a>

Elastic Stack 配置 SMTP 发邮件的步骤：：

1. 在邮箱管理控制台获取 SMTP 相关参数
2. 登录 Elastic Stack 控制台，依次打开：【Stack Management】>【Watcher】，增加一个 Email Action
3. 编辑 Elasticsearch 的配置文件，增加 Email 配置

#### 重置密码[​](https://support.websoft9.com/docs/elastic#%E9%87%8D%E7%BD%AE%E5%AF%86%E7%A0%81) <a href="#zhong-zhi-mi-ma" id="zhong-zhi-mi-ma"></a>

常用的 Elastic Stack 重置密码相关的操作主要有修改密码和找回密码两种类型：

**修改密码**[**​**](https://support.websoft9.com/docs/elastic#%E4%BF%AE%E6%94%B9%E5%AF%86%E7%A0%81)

登录 Kibana 后，右上角用户图标的【用户配置文件】即可修改密码

**找回密码**[**​**](https://support.websoft9.com/docs/elastic#%E6%89%BE%E5%9B%9E%E5%AF%86%E7%A0%81)

如果用户忘记了密码，需通过重新运行容器的方式重置密码：

```
cd /data/apps/elastic
docker-compose down && docker-compose up -d
```

`.env`文件中的 **DB\_ES\_PASSWORD** 变量即重置后的密码

### Elastic Stack 参数[​](https://support.websoft9.com/docs/elastic#elastic-stack-%E5%8F%82%E6%95%B0) <a href="#elasticstack-can-shu" id="elasticstack-can-shu"></a>

Elastic Stack 应用中包含 Nginx, Docker 等组件，可通过 **通用参数表** 查看路径、服务、端口等参数。

通过运行`docker ps`，可以查看到 Elastic Stack 运行时所有的 Container：

```
CONTAINER ID   IMAGE                  COMMAND                  CREATED         STATUS         PORTS                                                                                                                                                                        NAMES
4c27ee6b8e98   logstash:7.13.4        "/usr/local/bin/dock…"   4 minutes ago   Up 4 minutes   0.0.0.0:5000->5000/tcp, :::5000->5000/tcp, 0.0.0.0:5044->5044/tcp, :::5044->5044/tcp, 0.0.0.0:9600->9600/tcp, 0.0.0.0:5000->5000/udp, :::9600->9600/tcp, :::5000->5000/udp   elastic-logstash
babdf8193e8d   kibana:7.13.4          "/bin/tini -- /usr/l…"   4 minutes ago   Up 4 minutes   0.0.0.0:9001->5601/tcp, :::9001->5601/tcp                                                                                                                                    elastic-kibana
de14eb80b9f9   elasticsearch:7.13.4   "/bin/tini -- /usr/l…"   4 minutes ago   Up 4 minutes   0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp
```

#### 路径[​](https://support.websoft9.com/docs/elastic#path) <a href="#path" id="path"></a>

Elastic Stack 包含：Elasticsearch, Kibana, Logstash 等组件

Elastic Stack 安装目录： */data/apps/elastic*\
Elastic Stack 配置目录： */data/apps/elastic/src*\
Logstash 配置文件： */data/apps/elastic/src/logstash/pipeline/logstash.conf*\
Kibana 配置文件： */data/apps/elastic/src/kibana/config/kibana.yml*\
Elasticsearch 配置文件： */data/apps/elastic/src/elasticsearch/config/elasticsearch.yml*

#### 端口[​](https://support.websoft9.com/docs/elastic#port) <a href="#port" id="port"></a>

| 端口号  | 用途                 | 必要性 |
| ---- | ------------------ | --- |
| 9200 | Elasticsearch HTTP | 必须  |
| 9600 | Logstash API       | 可选  |

#### 版本[​](https://support.websoft9.com/docs/elastic#%E7%89%88%E6%9C%AC) <a href="#ban-ben" id="ban-ben"></a>

```
docker exec -it elastic-elasticsearch bin/elasticsearch --version
```

#### 服务[​](https://support.websoft9.com/docs/elastic#%E6%9C%8D%E5%8A%A1) <a href="#fu-wu" id="fu-wu"></a>

```
sudo docker  start | stop | restart | status elastic-elasticsearch
sudo docker  start | stop | restart | status elastic-logstash
sudo docker  start | stop | restart | status elastic-kibana 
```

#### 命令行[​](https://support.websoft9.com/docs/elastic#%E5%91%BD%E4%BB%A4%E8%A1%8C) <a href="#ming-ling-hang" id="ming-ling-hang"></a>

[SQL CLI](https://www.elastic.co/guide/en/elasticsearch/reference/current/sql-cli.html)

#### API[​](https://support.websoft9.com/docs/elastic#api) <a href="#api" id="api"></a>

[ELK API](https://www.elastic.co/guide/en/elasticsearch/reference/current/http-clients.html) 采用 REST API 2.0 规范。


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.imdcinsights.com/ying-yong-zhong-xin/shu-ju-yu-fen-xi/elastic-stack-kuai-su-ru-men.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.