ELK-logstash案例实战之读取日志输出到elasticsearch

简介：从日志文件中读取日志，输出到elasticsearch集群中

$ cd /home/es/logstash-6.2.2/config
$ vim test3_es.conf
$ cd /home/es/logstash-6.2.2/bin
$ ./logstash -f ../config/test3_es.conf #注意：先成功启动es，否则可能报错

test3_es.conf内容如下：

input {
    file {
        path => "/home/es/elasticsearch-6.2.2/logs/elasticsearch.log"
        type => "elasticsearch"
        start_position => "beginning" #从文件开始处读写
    }
}

output{
    elasticsearch {
        hosts=>["127.0.0.1:9200"]  
        index => "es-message-%{+YYYY.MM.dd}" #对日志进行索引归档
    }
    
    stdout{codec => rubydebug}
}

验证
查看索引列表 curl http://localhost:9200/_cat/indices?v
查看数据 curl http://localhost:9200/es-message-2019.04.20/_search?pretty