{"id":959,"date":"2026-02-12T23:07:37","date_gmt":"2026-02-12T14:07:37","guid":{"rendered":"http:\/\/www.igoni.kr\/?p=959"},"modified":"2026-02-12T23:07:37","modified_gmt":"2026-02-12T14:07:37","slug":"3-elk-stack-install","status":"publish","type":"post","link":"http:\/\/www.igoni.kr\/?p=959","title":{"rendered":"3. ELK stack Install"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\ubaa9 \ucc28<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\ubaa9\ucc28 \ud1a0\uae00\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"http:\/\/www.igoni.kr\/?p=959\/#ELK_Stack_Install\" >ELK Stack Install<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"http:\/\/www.igoni.kr\/?p=959\/#ELK_Stack_%ED%8C%A8%ED%82%A4%EC%A7%80_%EC%84%A4%EC%B9%98_%E2%80%93_ELK%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\" >ELK Stack \ud328\ud0a4\uc9c0 \uc124\uce58 &#8211; ELK\uc11c\ubc84\uc5d0\uc11c \uc218\ud589<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"http:\/\/www.igoni.kr\/?p=959\/#ELK_Stack_Config_%E2%80%93_ELK%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\" >ELK Stack Config\u00a0&#8211; ELK\uc11c\ubc84\uc5d0\uc11c \uc218\ud589<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"http:\/\/www.igoni.kr\/?p=959\/#%ED%94%84%EB%A1%9C%EC%84%B8%EC%8A%A4_%EC%8B%A4%ED%96%89\" >\ud504\ub85c\uc138\uc2a4 \uc2e4\ud589<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"http:\/\/www.igoni.kr\/?p=959\/#kibana_elasticsearch_%ED%94%84%EB%A1%9C%EC%84%B8%EC%8A%A4_%EC%8B%A4%ED%96%89_%E2%80%93_ELK_%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\" >kibana \/ elasticsearch \ud504\ub85c\uc138\uc2a4 \uc2e4\ud589 &#8211; ELK \uc11c\ubc84\uc5d0\uc11c \uc218\ud589<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"http:\/\/www.igoni.kr\/?p=959\/#filebeat_%EC%84%9C%EB%B9%84%EC%8A%A4_%EA%B5%AC%EB%8F%99_%E2%80%93_Log_%EC%A0%84%EB%8B%AC%ED%95%A0_%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\" >filebeat \uc11c\ube44\uc2a4 \uad6c\ub3d9 &#8211; Log \uc804\ub2ec\ud560 \uc11c\ubc84\uc5d0\uc11c \uc218\ud589<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"http:\/\/www.igoni.kr\/?p=959\/#%EC%84%9C%EB%B9%84%EC%8A%A4_%EC%9E%91%EB%8F%99_%ED%99%95%EC%9D%B8\" >\uc11c\ube44\uc2a4 \uc791\ub3d9 \ud655\uc778<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"http:\/\/www.igoni.kr\/?p=959\/#logstash_%EA%B8%B0%EB%8A%A5_%ED%99%95%EC%9D%B8\" >logstash \uae30\ub2a5 \ud655\uc778<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"http:\/\/www.igoni.kr\/?p=959\/#Elasticsearch_%EA%B8%B0%EB%8A%A5_%EC%9E%91%EB%8F%99_%ED%99%95%EC%9D%B8\" >Elasticsearch \uae30\ub2a5 \uc791\ub3d9 \ud655\uc778<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"http:\/\/www.igoni.kr\/?p=959\/#%ED%81%B4%EB%9F%AC%EC%8A%A4%ED%84%B0_%EA%B5%AC%EC%84%B1_%EC%A0%95%EB%B3%B4_%ED%99%95%EC%9D%B8\" >\ud074\ub7ec\uc2a4\ud130 \uad6c\uc131 \uc815\ubcf4 \ud655\uc778<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"http:\/\/www.igoni.kr\/?p=959\/#_Kibana_%EA%B5%AC%EC%84%B1%EC%A0%95%EB%B3%B4_%ED%99%95%EC%9D%B8\" >\u00a0Kibana \uad6c\uc131\uc815\ubcf4 \ud655\uc778<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"http:\/\/www.igoni.kr\/?p=959\/#Kibana_Index_Pattern_%EC%84%A4%EC%A0%95\" >Kibana Index Pattern \uc124\uc815<\/a><ul class='ez-toc-list-level-5' ><li class='ez-toc-heading-level-5'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"http:\/\/www.igoni.kr\/?p=959\/#WEB_UI%EB%A5%BC_%ED%86%B5%ED%95%9C_Elasticsearch_%EC%83%81%ED%83%9C_%ED%99%95%EC%9D%B8\" >WEB UI\ub97c \ud1b5\ud55c Elasticsearch \uc0c1\ud0dc \ud655\uc778<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h4 id=\"bkmrk-elk-stack-install\"><span class=\"ez-toc-section\" id=\"ELK_Stack_Install\"><\/span>ELK Stack Install<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<h5 id=\"bkmrk-elk-stack-%ED%8C%A8%ED%82%A4%EC%A7%80-%EC%84%A4%EC%B9%98---e\"><span class=\"ez-toc-section\" id=\"ELK_Stack_%ED%8C%A8%ED%82%A4%EC%A7%80_%EC%84%A4%EC%B9%98_%E2%80%93_ELK%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\"><\/span>ELK Stack \ud328\ud0a4\uc9c0 \uc124\uce58 &#8211; ELK\uc11c\ubc84\uc5d0\uc11c \uc218\ud589<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<ol id=\"bkmrk-repository-%EA%B5%AC%EC%84%B1%24-vi-%2Fe\">\n<li class=\"null\">repository \uad6c\uc131\n<pre><code class=\"language-shell\">$ vi \/etc\/yum.repos.d\/elk.repo\r\n\r\n[logstash-7.x]\r\nname=Elastic repository for 7.x packages\r\nbaseurl=https:\/\/artifacts.elastic.co\/packages\/7.x\/yum\r\ngpgcheck=0\r\ngpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\r\nenabled=1\r\nautorefresh=1\r\ntype=rpm-md<\/code><\/pre>\n<p>&nbsp;<\/li>\n<li class=\"null\">java \uc124\uce58\u00a0 (java \uc124\uce58 \ubc84\uc804\uc740 1.8 \ubc84\uc804\uc73c\ub85c \ubc30\ud3ec \uc9c4\ud589)\n<pre><code class=\"language-shell\">$ yum install java -y\r\n$ java -version\r\nopenjdk version \"1.8.0_282\"\r\nOpenJDK Runtime Environment (build 1.8.0_282-b08)\r\nOpenJDK 64-Bit Server VM (build 25.282-b08, mixed mode)<\/code><\/pre>\n<p>&nbsp;<\/li>\n<li class=\"null\">Logstash \/ Elasticsearch \/ Kibana \uc124\uce58\n<pre><code class=\"language-shell\">$ yum install logstash elasticsearch kibana -y<\/code><\/pre>\n<p>&nbsp;<\/li>\n<\/ol>\n<h5 id=\"bkmrk-elk-stack-config%C2%A0--e\"><span class=\"ez-toc-section\" id=\"ELK_Stack_Config_%E2%80%93_ELK%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\"><\/span>ELK Stack Config\u00a0&#8211; ELK\uc11c\ubc84\uc5d0\uc11c \uc218\ud589<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<ol id=\"bkmrk-kibana-%EC%84%A4%EC%A0%95%24-vi-%2Fetc%2Fk\">\n<li class=\"null\">kibana \uc124\uc815\n<pre><code class=\"language-shell\">$ vi \/etc\/kibana\/kibana.yml\r\n...\r\nserver.host: \"0.0.0.0\" (\uc678\ubd80\uc5d0\uc11c webui \uc811\uadfc\uc774 0.0.0.0 \uc73c\ub85c \uc0ac\uc6a9)\r\n...\r\nelasticsearch.hosts: [\"http:\/\/localhost:9200\"] (Elasticsearch \uc124\uce58 \uc11c\ubc84 ip)\r\n...\r\ni18n.locale: \"ko-KR\"\r\n <\/code><\/pre>\n<p>&nbsp;<\/li>\n<li class=\"null\">Cluster \uae30\ubc18\uc758 Elasticsearch \uc124\uc815\n<pre><code class=\"language-shell\">$ vi \/etc\/elasticsearch\/elasticsearch.yml\r\n...\r\ncluster.name: es-cluster                     # \ud074\ub7ec\uc2a4\ud130\ub9c1 \ud560 \uc11c\ubc84\ub294 \ub3d9\uc77c\ud55c cluster.name\uac12\uc73c\ub85c \uc124\uc815\r\nnode.name: ${HOSTNAME}                       # \ud074\ub7ec\uc2a4\ud2f0\ub9c1\ud560 \uc11c\ubc84 \ud638\uc2a4\ud2b8\ub124\uc784 (\ub178\ub4dc\ubcc4\ub85c uniq\ud55c \uac12\uc774\uc5b4\uc57c \ud568)\r\npath.data: \/data\/elasticsearch               # Elasticsearch Data\uacbd\ub85c\r\npath.logs: \/var\/log\/elasticsearch            # Elasticsearch \ub85c\uadf8\uacbd\ub85c\r\nnetwork.host: 0.0.0.0                        # \uc678\ubd80\uc5d0\uc11c \uc811\uc18d\uc2dc \uc124\uc815\r\ndiscovery.seed_hosts: [\"192.168.0.10\", \"192.168.0.11\", \"192.168.0.12\"]    #Elasticsearch Discovery \ud638\uc2a4\ud2b8 \uc124\uc815\r\ncluster.initial_master_nodes: [\"192.168.0.10\", \"192.168.0.11\", \"192.168.0.12\"] #\ub9c8\uc2a4\ud130 \uc11c\ubc84 \ub9ac\uc2a4\ud2b8\r\n...\r\nhttp.port: 9200                              # http \ud638\uc2a4\ud2b8 \uc0ac\uc6a9\ud558\ub294 \ud3ec\ud2b8\r\ntransport.tcp.port: 9300                     # \ub370\uc774\ud130 \uc804\uc1a1 \ud3ec\ud2b8\r\n...\r\nnode.master: true                            # master \ub178\ub4dc \uc5ed\ud65c\uc2dc true\r\nnode.data: true                              # data \ub178\ub4dc \uc5ed\ud65c \uc801\uc6a9\uc2dc true\r\n...\r\nindex.number_of_replicase: 1 #\uac01 \uc778\ub371\uc2a4\ub97c 3\uac1c\uc758 replicaset\uc73c\ub85c \uad6c\uc131\r\nindex.number_of_shards: 2 #\uac01 \uc778\ub371\uc2a4\ub97c \uc0e4\ub529 \r\n...\r\nnode.attr.box_type: hot #\ub178\ub4dc\uc5ed\ud65c \uc124\uc815 (hot \/ warm \/ clod \uc911 \uc120\ud0dd)<\/code><\/pre>\n<p>&nbsp;<\/li>\n<li class=\"null\">logstash config \uc124\uc815\n<pre><code class=\"language-\">$ vi \/etc\/logstash\/conf.d\/nginx.conf\r\ninput {\r\n  beats {\r\n    port =&gt; 5044\r\n    host =&gt; \"0.0.0.0\"\r\n  }\r\n}\r\n\r\noutput {\r\n  elasticsearch {\r\n    hosts =&gt; [\"http:\/\/localhost:9200\"]\r\n    index =&gt; \"nginx-%{+YYYY.MM.dd}\"\r\n    #user =&gt; \"elastic\"\r\n    #password =&gt; \"changeme\"\r\n  }\r\n}\r\n\r\n\r\n#config \ucc38\uace0\ud574\uc11c logstash \uad6c\ub3d9\ud558\ub3c4\ub85d \uc124\uc815 (\uae30\uc874 \uc124\uc815\uac12 \uc0ad\uc81c \ud6c4 \uc544\ub798\ub0b4\uc6a9 \uc124\uc815)\r\n\r\n$ vi \/etc\/systemd\/system\/logstash.service\r\n...\r\nExecStart=\/usr\/share\/logstash\/bin\/logstash -f \/etc\/logstash\/conf.d\/nginx.conf\r\n...\r\n\r\n$ systemctl daemon-reload<\/code><\/pre>\n<p>&nbsp;<\/li>\n<li class=\"null\">filebeat \uc124\uce58 &#8211; log\ub97c \uc804\ub2ec\ud560 \uc11c\ubc84\uc5d0 \uc124\uce58\n<ol>\n<li class=\"null\">repository \uad6c\uc131\n<pre><code class=\"language-shell\">$ vi \/etc\/yum.repos.d\/elk.repo\r\n\r\n[logstash-7.x]\r\nname=Elastic repository for 7.x packages\r\nbaseurl=https:\/\/artifacts.elastic.co\/packages\/7.x\/yum\r\ngpgcheck=0\r\ngpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\r\nenabled=1\r\nautorefresh=1\r\ntype=rpm-md<\/code><\/pre>\n<\/li>\n<li class=\"null\">\ud328\ud0a4\uc9c0 \uc124\uce58\n<pre><code class=\"language-shell\">$ yum install filebeat -y<\/code><\/pre>\n<p>&nbsp;<\/li>\n<li class=\"null\">filebeat \uc124\uc815\n<pre><code class=\"language-shell\">$ vi \/etc\/filebeat\/filebeat.yml\r\n...\r\nfilebeat.inputs:\r\n- type: log\r\n  enabled: true   #true\ub85c \ubcc0\uacbd\r\n  paths: #Logstash\ub85c \uc804\ub2ec\ud560 \ub85c\uadf8\ud30c\uc77c \ud639\uc740 \uacbd\ub85c\ub97c \uc124\uc815\ud558\uba74 \ub41c\ub2e4.\r\n    - \/svc\/stg\/web\/logs\/access.log \r\n    - \/var\/log\/cmd.log\r\n    - \/var\/log\/kibana\/*\r\n...\r\nsetup.kibana:\r\n  host: \"192.168.0.11:5601\" #Kibana \uc11c\ubc84 IP\r\n...\r\n#output.elasticsearch: #filebeat -&gt; logstash\ub85c \uc804\ub2ec\ud560\uac83\uc774\uae30 \ub54c\ubb38\uc5d0 elasticsearch\ub294 \uc8fc\uc11d\ucc98\ub9ac\r\n# hosts: [\"localhost:9200\"]\r\n...\r\noutput.logstash:  #\uc8fc\uc11d\ud574\uc81c\r\n  hosts: [\"192.168.0.11:5044\"] #logstash \uc11c\ubc84ip\/\ud3ec\ud2b8 \uc124\uc815\r\n...<\/code><\/pre>\n<p>&nbsp;<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<h4 id=\"bkmrk-%ED%94%84%EB%A1%9C%EC%84%B8%EC%8A%A4-%EC%8B%A4%ED%96%89\"><span class=\"ez-toc-section\" id=\"%ED%94%84%EB%A1%9C%EC%84%B8%EC%8A%A4_%EC%8B%A4%ED%96%89\"><\/span>\ud504\ub85c\uc138\uc2a4 \uc2e4\ud589<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ol id=\"bkmrk-kibana-%2F-elasticsear\">\n<li class=\"null\">\n<h5 id=\"bkmrk-kibana-%2F-elasticsear-1\"><span class=\"ez-toc-section\" id=\"kibana_elasticsearch_%ED%94%84%EB%A1%9C%EC%84%B8%EC%8A%A4_%EC%8B%A4%ED%96%89_%E2%80%93_ELK_%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\"><\/span>kibana \/ elasticsearch \ud504\ub85c\uc138\uc2a4 \uc2e4\ud589 &#8211; ELK \uc11c\ubc84\uc5d0\uc11c \uc218\ud589<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<pre><code class=\"language-shell\">$ systemctl enable kibana --now\r\n$ systemctl enable elasticsearch --now\r\n$ systemctl enable logstash --now<\/code><\/pre>\n<\/li>\n<li class=\"null\">\n<h5 id=\"bkmrk-filebeat-%EC%84%9C%EB%B9%84%EC%8A%A4-%EA%B5%AC%EB%8F%99---lo-0\"><span class=\"ez-toc-section\" id=\"filebeat_%EC%84%9C%EB%B9%84%EC%8A%A4_%EA%B5%AC%EB%8F%99_%E2%80%93_Log_%EC%A0%84%EB%8B%AC%ED%95%A0_%EC%84%9C%EB%B2%84%EC%97%90%EC%84%9C_%EC%88%98%ED%96%89\"><\/span>filebeat \uc11c\ube44\uc2a4 \uad6c\ub3d9 &#8211; Log \uc804\ub2ec\ud560 \uc11c\ubc84\uc5d0\uc11c \uc218\ud589<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<pre><code class=\"language-shell\">$ systemctl enable filebeat --now<\/code><\/pre>\n<\/li>\n<\/ol>\n<h4 id=\"bkmrk-%EC%84%9C%EB%B9%84%EC%8A%A4-%EC%9E%91%EB%8F%99-%ED%99%95%EC%9D%B8\"><span class=\"ez-toc-section\" id=\"%EC%84%9C%EB%B9%84%EC%8A%A4_%EC%9E%91%EB%8F%99_%ED%99%95%EC%9D%B8\"><\/span>\uc11c\ube44\uc2a4 \uc791\ub3d9 \ud655\uc778<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ol id=\"bkmrk-logstash-%EA%B8%B0%EB%8A%A5-%ED%99%95%EC%9D%B8-%23logs\">\n<li class=\"null\">\n<h5 id=\"bkmrk-logstash-%EA%B8%B0%EB%8A%A5-%ED%99%95%EC%9D%B8-0\"><span class=\"ez-toc-section\" id=\"logstash_%EA%B8%B0%EB%8A%A5_%ED%99%95%EC%9D%B8\"><\/span>logstash \uae30\ub2a5 \ud655\uc778<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<pre><code class=\"language-shell\">#logstash \ud3ec\ud2b8 LISTEN \ud655\uc778\r\n$ netstat -antp| grep 5044 | grep LISTEN\r\ntcp6       0      0 :::5044                 :::*                    LISTEN      6730\/java\r\n\r\n\r\n#filebeat\u00a0\u2192 logstash\ub85c \ub370\uc774\ud130 \uc804\uc1a1\uc774 \ub418\ub294\uc9c0 \ud655\uc778 (logstash\uc11c\ubc84\uc5d0\uc11c \uc218\ud589)\r\n$ tcpdump -nn port 5044 -i bond0\r\n14:11:35.759481 IP 192.168.0.11.5044 &gt; 192.168.10.2.34160: Flags [P.], seq 379:385, ack 87143, win 1432, options [nop,nop,TS val 341934898 ecr 464702009], length 6\r\n14:11:35.760109 IP 192.168.10.2.34160 &gt; 192.168.0.11.5044: Flags [.], ack 385, win 115, options [nop,nop,TS val 464702013 ecr 341934898], length 0<\/code><\/pre>\n<\/li>\n<li class=\"null\">\n<h5 id=\"bkmrk-elasticsearch-%EA%B8%B0%EB%8A%A5-%EC%9E%91%EB%8F%99--0\"><span class=\"ez-toc-section\" id=\"Elasticsearch_%EA%B8%B0%EB%8A%A5_%EC%9E%91%EB%8F%99_%ED%99%95%EC%9D%B8\"><\/span>Elasticsearch \uae30\ub2a5 \uc791\ub3d9 \ud655\uc778<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<pre><code class=\"language-shell\">#Elasticsearch \ud3ec\ud2b8 LISTEN \ud655\uc778\r\n$ netstat -antp | grep 9200 | grep LISTEN\r\ntcp6       0      0 :::9200                 :::*                    LISTEN      11324\/java\r\n\r\n#logstsh\uc5d0\uc11c \uc804\ub2ec\ud55c \ub370\uc774\ud130\uac00 elasticsearch\uc5d0\uc11c index\uc218\uc9d1\ub418\ub294\uc9c0 \ud655\uc778\r\n$ curl --connect-timeout 2 -XGET http:\/\/127.0.0.1:9200\/_cat\/indices?v\r\nhealth status index                           uuid                   pri rep docs.count docs.deleted store.size pri.store.size\r\ngreen  open   .kibana_task_manager_7.12.0_001 jNMZ2LZcRtqYkwCrQqCsdQ   1   1          9           10     92.6kb         73.7kb\r\ngreen  open   .apm-custom-link                MmzSDfLtSXuQCYwqXoYbFg   1   1          0            0       416b           208b\r\ngreen  open   .apm-agent-configuration        xbHoMaQ0QUS2WAsOy3Uspw   1   1          0            0       416b           208b\r\ngreen  open   .async-search                   pMPoD_2OQzue0gJH-vSdig   1   1          1            0     90.9kb         46.9kb\r\ngreen  open   .kibana_7.12.0_001              Qmo4u9gjTOmihGVwJlguqQ   1   1         22            0      6.3mb          4.2mb\r\ngreen  open   .kibana-event-log-7.12.0-000001 VykSos0vR1W_l5F2E5G2pg   1   1          2            0     21.9kb         10.9kb\r\ngreen  open   .elastichq                      7sr4ATTsSnasGRH4tJhCBA   1   1          1            0     13.7kb          6.8kb\r\ngreen  open   .tasks                          X2B8PyG5SMCV0dPAo6eH4g   1   1          2            0     15.5kb          7.7kb<\/code><\/pre>\n<\/li>\n<li class=\"null\">\n<h5 id=\"bkmrk-%ED%81%B4%EB%9F%AC%EC%8A%A4%ED%84%B0-%EA%B5%AC%EC%84%B1-%EC%A0%95%EB%B3%B4-%ED%99%95%EC%9D%B8-0\"><span class=\"ez-toc-section\" id=\"%ED%81%B4%EB%9F%AC%EC%8A%A4%ED%84%B0_%EA%B5%AC%EC%84%B1_%EC%A0%95%EB%B3%B4_%ED%99%95%EC%9D%B8\"><\/span>\ud074\ub7ec\uc2a4\ud130 \uad6c\uc131 \uc815\ubcf4 \ud655\uc778<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<pre><code class=\"language-shell\">$ curl --connect-timeout 2 -XGET http:\/\/127.0.0.1:9200\/_cluster\/health?pretty=true\r\n{\r\n  \"cluster_name\" : \"es-cluster\",   #\ud074\ub7ec\uc2a4\ud130 \uc774\ub984\r\n  \"status\" : \"green\",              #\ud074\ub7ec\uc2a4\ud130 \uc0c1\ud0dc\r\n  \"timed_out\" : false,\r\n  \"number_of_nodes\" : 3,           # \ub9c8\uc2a4\ud130 \ub178\ub4dc \uc218\r\n  \"number_of_data_nodes\" : 3,      # \ub370\uc774\ud130 \ub178\ub4dc \uc218\r\n  \"active_primary_shards\" : 9,\r\n  \"active_shards\" : 18,\r\n  \"relocating_shards\" : 0,\r\n  \"initializing_shards\" : 0,\r\n  \"unassigned_shards\" : 0,\r\n  \"delayed_unassigned_shards\" : 0,\r\n  \"number_of_pending_tasks\" : 0,\r\n  \"number_of_in_flight_fetch\" : 0,\r\n  \"task_max_waiting_in_queue_millis\" : 0,\r\n  \"active_shards_percent_as_number\" : 100.0<\/code><\/pre>\n<\/li>\n<li class=\"null\">\n<h5 id=\"bkmrk-%C2%A0kibana-%EA%B5%AC%EC%84%B1%EC%A0%95%EB%B3%B4-%ED%99%95%EC%9D%B8-0\"><span class=\"ez-toc-section\" id=\"_Kibana_%EA%B5%AC%EC%84%B1%EC%A0%95%EB%B3%B4_%ED%99%95%EC%9D%B8\"><\/span>\u00a0Kibana \uad6c\uc131\uc815\ubcf4 \ud655\uc778<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<pre><code class=\"language-shell\">#kibana \ud3ec\ud2b8 LISTEN \ud655\uc778\r\n$ netstat -antp | grep 5601 | grep LISTEN\r\ntcp        0      0 0.0.0.0:5601            0.0.0.0:*               LISTEN      13513\/node\r\n\r\n#kibana \uc811\uc18d \ud655\uc778\r\n$ curl -IL -XGET http:\/\/192.158.0.11:5601\/app\/home\/\r\nHTTP\/1.1 200 OK\r\ncontent-type: text\/html; charset=utf-8\r\ncontent-security-policy: script-src 'unsafe-eval' 'self'; worker-src blob: 'self'; style-src 'unsafe-inline' 'self'\r\nkbn-name: SKB-DJK-ELK1\r\nkbn-license-sig: 0f6943d9f4b6625724a0d78fe647bbe2f284a6e24fb46f587b17b1b0bec18e34\r\ncache-control: private, no-cache, no-store, must-revalidate\r\ncontent-length: 127971\r\nvary: accept-encoding\r\naccept-ranges: bytes\r\nDate: Fri, 09 Apr 2021 05:52:47 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=120<\/code><\/pre>\n<\/li>\n<\/ol>\n<h4 id=\"bkmrk-kibana-index-pattern\"><span class=\"ez-toc-section\" id=\"Kibana_Index_Pattern_%EC%84%A4%EC%A0%95\"><\/span>Kibana Index Pattern \uc124\uc815<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<ol id=\"bkmrk-webui-%3A%C2%A0http%3A%2F%2Fkiban\">\n<li class=\"null\">WebUI :\u00a0<a href=\"http:\/\/kibanaIP:5601\">http:\/\/kibanaIP:5601<\/a><br \/>\n<a href=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/image-1658595831958.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/scaled-1680-\/image-1658595831958.png\" alt=\"image-1658595831958.png\" \/><\/a><\/p>\n<p>&nbsp;<\/li>\n<li class=\"null\">Management\u00a0\u2192 Stack Management\u00a0\u2192 Kibana\u00a0\u2192 Index patterns\n<p>&nbsp;<\/li>\n<li class=\"null\">{{ index name }}-<a href=\"http:\/\/YYYY.mm\">YYYY.mm<\/a>.DD \ud328\ud134\uc774 \ubcf4\uc774\uc9c0 \uc54a\uc73c\uba74 elasticsearch\uc5d0\uc11c \ub370\uc774\ud130\uac00 \uc544\uc9c1 \uc720\uc785\ub418\uc9c0 \uc54a\uc740 \uc0c1\ud0dc.<\/li>\n<li class=\"null\">Search\uc5d0\uc11c \ub4f1\ub85d\ud560 index\uba85 \uc785\ub825 \ud6c4 Create index pattern \uc120\ud0dd<\/li>\n<li class=\"null\">Time filed\uc5d0\ub294\u00a0@timestamp \uc120\ud0dd \ud6c4 Create index pattern \uc120\ud0dd\n<p>&nbsp;<\/li>\n<li class=\"null\">Analytics\u00a0\u2192 discover \uc120\ud0dd\ud558\uba74 \uc720\uc785\ub41c \ub370\uc774\ud130 \ud655\uc778 \uac00\ub2a5\n<p>&nbsp;<\/li>\n<\/ol>\n<h5 id=\"bkmrk-web-ui%EB%A5%BC-%ED%86%B5%ED%95%9C-elasticse\"><span class=\"ez-toc-section\" id=\"WEB_UI%EB%A5%BC_%ED%86%B5%ED%95%9C_Elasticsearch_%EC%83%81%ED%83%9C_%ED%99%95%EC%9D%B8\"><\/span>WEB UI\ub97c \ud1b5\ud55c Elasticsearch \uc0c1\ud0dc \ud655\uc778<span class=\"ez-toc-section-end\"><\/span><\/h5>\n<ul id=\"bkmrk-docker-%EC%84%A4%EC%B9%98-%ED%9B%84-cerebro-\">\n<li class=\"null\">docker \uc124\uce58 \ud6c4 cerebro container \uad6c\ub3d9\n<pre><code class=\"language-shell\">$ docker container run -d --name cerebro --restart always -p 9000:9000 -m 512m lmenezes\/cerebro:latest\r\n8d691f585fa8: Pull complete\r\n3da6fe7ff2ef: Pull complete\r\ne22147996cc0: Pull complete\r\n8df48a2d4467: Pull complete\r\n45e578fea430: Pull complete\r\nDigest: sha256:1cd0765418f1737de3533648d549655437eb550ee0cfad27488c19e620028f2f<\/code><\/pre>\n<p>&nbsp;<\/li>\n<li class=\"null\">WEB UI \ub85c\uadf8\uc778 : <a href=\"htttp:\/\/elk%EC%84%9C%EB%B2%84ip:9200\">htttp:\/\/elk\uc11c\ubc84ip:9200<\/a><br \/>\n<a href=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/image-1658595875298.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/scaled-1680-\/image-1658595875298.png\" alt=\"image-1658595875298.png\" \/><\/a><\/p>\n<p>&nbsp;<\/li>\n<li class=\"null\">Node address\uc5d0 ELK \uc124\uce58\ub41c \uc11c\ubc84 IP\uc785\ub825<\/li>\n<li class=\"null\">\uccab\ud654\uba74(Overview) : Elastic \uc11c\ubc84 &amp; \uc778\ub371\uc2a4 \uc0c1\ud0dc\ud655\uc778<br \/>\n<a href=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/image-1658595879212.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/scaled-1680-\/image-1658595879212.png\" alt=\"image-1658595879212.png\" \/><\/a><\/li>\n<li class=\"null\">Nodes : \ub178\ub4dc \uc0c1\ud0dc \ud655\uc778 (\ubcc4\ud45c\uc5d0 \uc0c9\uae54 \uce60\ud574\uc9c4 \ub178\ub4dc\uac00 master \ub178\ub4dc)<br \/>\n<a href=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/image-1658595901657.png\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" src=\"http:\/\/igoni.kr\/uploads\/images\/gallery\/2022-07\/scaled-1680-\/image-1658595901657.png\" alt=\"image-1658595901657.png\" \/><\/a><\/p>\n<p>&nbsp;<\/li>\n<\/ul>\n<p id=\"bkmrk-%EC%B0%B8%EA%B3%A0-site%C2%A0\">\ucc38\uace0 Site<\/p>\n<ul id=\"bkmrk-logstash-input-%3A%C2%A0htt\">\n<li class=\"null\"><em>logstash input :\u00a0<a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/input-plugins.html\">https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/input-plugins.html<\/a><\/em><\/li>\n<li class=\"null\"><em>filebeat log : <a href=\"https:\/\/www.elastic.co\/guide\/en\/beats\/filebeat\/current\/configuration-filebeat-options.html#filebeat-input-types\">https:\/\/www.elastic.co\/guide\/en\/beats\/filebeat\/current\/configuration-filebeat-options.html#filebeat-input-types<\/a><\/em><\/li>\n<li class=\"null\"><em>elk intsall: <a href=\"https:\/\/www.elastic.co\/guide\/en\/beats\/filebeat\/current\/setup-repositories.html\">https:\/\/www.elastic.co\/guide\/en\/beats\/filebeat\/current\/setup-repositories.html<\/a><\/em><\/li>\n<li class=\"null\"><em>elk stack \uc18c\uac1c : <a href=\"https:\/\/medium.com\/naver-cloud-platform\/%EB%84%A4%EC%9D%B4%EB%B2%84-%ED%81%B4%EB%9D%BC%EC%9A%B0%EB%93%9C-%ED%94%8C%EB%9E%AB%ED%8F%BC%EC%9D%84-%ED%99%9C%EC%9A%A9%ED%95%B4-elk-elasticsearch-logstash-kibana-%EC%8A%A4%ED%83%9D-%EA%B5%AC%EC%B6%95%ED%95%98%EA%B8%B0-4cbaf5dd4305\">https:\/\/medium.com\/naver-cloud-platform\/%EB%84%A4%EC%9D%B4%EB%B2%84-%ED%81%B4%EB%9D%BC%EC%9A%B0%EB%93%9C-%ED%94%8C%EB%9E%AB%ED%8F%BC%EC%9D%84-%ED%99%9C%EC%9A%A9%ED%95%B4-elk-elasticsearch-logstash-kibana-%EC%8A%A4%ED%83%9D-%EA%B5%AC%EC%B6%95%ED%95%98%EA%B8%B0-4cbaf5dd4305<\/a><\/em><\/li>\n<li class=\"null\"><em>logstach \/ filebeat \ube44\uad50 : <a href=\"https:\/\/velog.io\/@deet1107\/logstash-filebeat\">https:\/\/velog.io\/@deet1107\/logstash-filebeat<\/a><\/em><\/li>\n<li class=\"null\"><em>ElasticSearch \uc774\uc911\ud654 : <a href=\"https:\/\/nesoy.github.io\/articles\/2019-01\/ElasticSearch-System-Architecture\">https:\/\/nesoy.github.io\/articles\/2019-01\/ElasticSearch-System-Architecture<\/a><\/em><\/li>\n<li class=\"null\"><em>elasticsearch data \uad6c\uc870 : <a href=\"https:\/\/koocci-dev.tistory.com\/13\">https:\/\/koocci-dev.tistory.com\/13<\/a><\/em><\/li>\n<\/ul>\n<table style=\"border-collapse: collapse; width: 100%;\" border=\"1\">\n<colgroup>\n<col style=\"width: 99.881%;\" \/><\/colgroup>\n<tbody>\n<tr>\n<td><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-961\" src=\"http:\/\/www.igoni.kr\/wp-content\/uploads\/2026\/02\/07a6df81-b9f3-443f-bff5-31811a601f42.png\" alt=\"\" width=\"1024\" height=\"1024\" srcset=\"http:\/\/www.igoni.kr\/wp-content\/uploads\/2026\/02\/07a6df81-b9f3-443f-bff5-31811a601f42.png 1024w, http:\/\/www.igoni.kr\/wp-content\/uploads\/2026\/02\/07a6df81-b9f3-443f-bff5-31811a601f42-300x300.png 300w, http:\/\/www.igoni.kr\/wp-content\/uploads\/2026\/02\/07a6df81-b9f3-443f-bff5-31811a601f42-150x150.png 150w, http:\/\/www.igoni.kr\/wp-content\/uploads\/2026\/02\/07a6df81-b9f3-443f-bff5-31811a601f42-768x768.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/td>\n<\/tr>\n<tr>\n<td class=\"align-right\">perplexity\uc5d0\uc11c \uc0dd\uc131\ud55c AI\uc774\ubbf8\uc9c0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>ELK Stack Install ELK Stack \ud328\ud0a4\uc9c0 \uc124\uce58 &#8211; ELK\uc11c\ubc84\uc5d0\uc11c \uc218\ud589 repository \uad6c\uc131 $ vi \/etc\/yum.repos.d\/elk.repo [logstash-7.x]&hellip;<\/p>\n","protected":false},"author":1,"featured_media":961,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[263],"tags":[],"class_list":["post-959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-elk-stack-"],"aioseo_notices":[],"_links":{"self":[{"href":"http:\/\/www.igoni.kr\/index.php?rest_route=\/wp\/v2\/posts\/959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.igoni.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.igoni.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.igoni.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.igoni.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=959"}],"version-history":[{"count":1,"href":"http:\/\/www.igoni.kr\/index.php?rest_route=\/wp\/v2\/posts\/959\/revisions"}],"predecessor-version":[{"id":963,"href":"http:\/\/www.igoni.kr\/index.php?rest_route=\/wp\/v2\/posts\/959\/revisions\/963"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.igoni.kr\/index.php?rest_route=\/wp\/v2\/media\/961"}],"wp:attachment":[{"href":"http:\/\/www.igoni.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.igoni.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=959"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.igoni.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}