zoukankan      html  css  js  c++  java

  • logstash5.x安装及简单运用

    Logstash requires Java 8. Java 9 is not supported.

    1、检测是否安装了java环境

    [root@node3 ~]# java -version
java version "1.8.0_144"
Java(TM) SE Runtime Environment (build 1.8.0_144-b01)
Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

    2、安装logstash,这里采用rpm安装

      https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.rpm

      yum install logstash

    查看生成了哪些文件,查看logstash的执行文件位置:

    /etc/logstash/conf.d
/etc/logstash/jvm.options
/etc/logstash/log4j2.properties
/etc/logstash/logstash.yml
/etc/logstash/startup.options
/usr/share/logstash/CHANGELOG.md
/usr/share/logstash/CONTRIBUTORS
/usr/share/logstash/Gemfile
/usr/share/logstash/Gemfile.jruby-1.9.lock
/usr/share/logstash/LICENSE
/usr/share/logstash/NOTICE.TXT
/usr/share/logstash/bin/cpdump
/usr/share/logstash/bin/ingest-convert.sh
/usr/share/logstash/bin/logstash
/usr/share/logstash/bin/logstash-plugin
/usr/share/logstash/bin/logstash-plugin.bat
/usr/share/logstash/bin/logstash.bat
/usr/share/logstash/bin/logstash.lib.sh
/usr/share/logstash/bin/ruby
/usr/share/logstash/bin/setup.bat
/usr/share/logstash/bin/system-install
/usr/share/logstash/data

     配置文件:

    1、配置jvm

    /etc/logstash/jvm.options
    2、logstash的一些配置
    /etc/logstash/logstash.yml
    3、环境变量一些的配置
    /etc/logstash/startup.options
    4、日志与log4j2的配置
    /etc/logstash/log4j2.properties
     
    开始第一个任务:
    [root@node3 conf.d]# /usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

     提示warning,解决办法:

    mkdir -p /usr/share/logstash/config/
ln -s /etc/logstash/* /usr/share/logstash/config
chown -R logstash:logstash /usr/share/logstash/config/
bin/logstash -e 'input { stdin { } } output { stdout {} }'

     如果logstash不适用命令行执行,而是作为一个服务:

      logstash启动:
      /etc/init.d/logstash start
      systemctl start logstash.service
     
    开始编写配置文件进行logstash解析:
    1、input插件中file插件的使用
    [root@node3 conf.d]# cat file.conf 
input {
    file {
        path => ["/var/log/messages"]
        start_position => "beginning"
    }
}

output {
    stdout {
        codec => rubydebug
    }
}
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf

     2、多个log日志的输入、

    [root@node3 conf.d]# cat file_more_choose.conf 
input {
    file {
        path => ["/var/log/messages"]
        start_position => "beginning"
    }
    file {
        path => ["/var/log/elasticsearch/my-elastic.log"]
        start_position => "beginning"
    }
}

output {
    stdout {
        codec => rubydebug
    }
}
    [root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file_more_choose.conf

     但是发现只打印出elastic的日志,message的日志没有stdout,收集的日志是增量的,之前收集的日志已经存在sincedb中了,所以会默认从之后开始存

    Path of the sincedb database file (keeps track of the current position of monitored log files) that will be written to disk. The default will write sincedb files to <path.data>/plugins/inputs/file NOTE: it must be a file path and not a directory path,这是一段sincedb_path的解释

    检查配置文件的语法是否正确:
    -t, --config.test_and_exit    Check configuration for valid syntax and then exit.
                                   (default: false)
-r, --config.reload.automatic Monitor configuration changes and reload
                                  whenever it is changed.
                                  NOTE: use SIGHUP to manually reload the config
                                   (default: false)
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf -t
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
Configuration OK

     3、以elasticsearch插件输出:

    input {
    file {
        path => ["/var/log/logstash/logstash-plain.log"]
        start_position => "beginning"
        type => "logstash"
    }
}


output {
    elasticsearch {
        hosts => ["192.168.44.134:9200"]
        index => "logstash-log"
        codec => rubydebug
    }
}

      

    4、根据插件type来定义输出插件:

    [root@node3 conf.d]# cat type.conf 
input {
    file {
       path  => ["/var/log/logstash/logstash-plain.log"]
       start_position => "beginning"
       type => "logstash_2"
    }
    file {
       path => ["/var/log/messages"]
       start_position => "beginning"
       type => "system"
    }
}


output {
    if [type] == "logstash_2" {
        elasticsearch {
            hosts => ["192.168.44.134:9200"]
            index => "logstash_2"
            codec => rubydebug
        }
    }
    if [type] == "system" {
         stdout {
            codec => rubydebug
         }
    }
}

     现在向messages日志中echo一段话:

    echo "`date +%F`" >> /var/log/messages

     然后开始执行:

    [root@node3 conf.d]# /usr/share/logstash/bin/logstash -f type.conf 
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
{
      "@version" => "1",
          "host" => "node3",
          "path" => "/var/log/messages",
    "@timestamp" => 2017-09-20T08:19:05.782Z,
       "message" => "2017-09-20",                这是刚刚echo新增的内容
          "type" => "system"
}

     查看es中的索引是否有生成:
  • 相关阅读:
    pat甲级 1155 Heap Paths (30 分)
    pat甲级 1152 Google Recruitment (20 分)
    蓝桥杯 基础练习 特殊回文数
    蓝桥杯 基础练习 十进制转十六进制
    蓝桥杯 基础练习 十六进制转十进制
    蓝桥杯 基础练习 十六进制转八进制
    51nod 1347 旋转字符串
    蓝桥杯 入门训练 圆的面积
    蓝桥杯 入门训练 Fibonacci数列
    链表相关
  • 原文地址:https://www.cnblogs.com/jsonhc/p/7562412.html
Copyright © 2011-2022 走看看