下載
建議到官網(wǎng)下載最新版
https://www.elastic.co/cn/downloads/logstash
本文使用logstash7.0.0
https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gz
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gz
tar -xzvf logstash-7.0.0.tar.gz
mv logstash-7.0.0.tar.gz /usr/local/logstash
讀取文件直接發(fā)送到es
- 修改/usr/local/logstash/config/logstash-sample.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
#beats {
# port => 5044
#}
file {
path => "/var/log/httpd/access_log"
start_position => beginning
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][logstash]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
- 檢查配置文件是否正確:(假設(shè)當(dāng)前目錄為/usr/local/logstash/config/)
../bin/logstash -t -f logstash-sample.conf
啟動:
../bin/logstash -f logstash-sample.conf
加載本文件夾所有配置文件啟動:
../bin/logstash -f ./
或后臺啟動:
nohup ../bin/logstash -f config/ &
- 常用命令參數(shù)
-f:通過這個命令可以指定Logstash的配置文件,根據(jù)配置文件配置logstash
-e:后面跟著字符串祭务,該字符串可以被當(dāng)做logstash的配置(如果是“” 則默認使用stdin作為輸入计雌,stdout作為輸出)
-l:日志輸出的地址(默認就是stdout直接在控制臺中輸出)
-t:測試配置文件是否正確,然后退出。
讀取filebeat發(fā)送到es
filebeat端配置請參照本文開頭的[安裝filebeat]一文中的logstash相關(guān)部分
- 創(chuàng)建 /usr/local/logstash/config/logstash-filebeats.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][logstash-filebeats]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
- 檢查配置文件
../bin/logstash -t -f logstash-filebeats.conf
- 啟動
../bin/logstash -f logstash-filebeats.conf &
