# cat syslog02.conf #filename:syslog02.conf #注意这个是要用#号注释掉 input{ file{ path => ["/var/log/*.log"] } } output{ elasticsearch { hosts => ["12x.xx.15.1xx:9200"] } }
查看配置文件是否有问题:
# ../bin/logstash -f syslog02.conf -t Sending Logstash's logs to /usr/local/logstash/logs which is now configured via log4j2.properties [2016-12-01T09:54:46,512][FATAL][logstash.runner ] The given configuration is invalid. Reason: Expected one of #, input, filter, output at line 1, column 1 (byte 1) after
在output->elasticsearch下增加一个index配置:
cat syslog02.conf #filename:syslog02.conf input{ file{ path => ["/var/log/*.log"] } } output{ elasticsearch { hosts => ["123.57.15.154:9200"] index => "syslog02_log" } }
再次简测配置文件:
# ../bin/logstash -f syslog02.conf -t Sending Logstash's logs to /usr/local/logstash/logs which is now configured via log4j2.properties Configuration OK [2016-12-01T11:40:56,791][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
启动并在后台执行:
# ../bin/logstash -f syslog02.conf &