1、下载 tar.gz linux版本的,注意(需要和elasticserach版本一致,否则会报错)
https://www.elastic.co/cn/downloads/past-releases/logstash-6-1-1
2、解压
tar zxf logstash-6.1.1.tar.gz -C /usr/local/
3、改名(这个可省略)
mv logstash-6.1.1.tar.gz/ logstash
4、创建logstash的日志、HOME以及配置文件目录
# 创建logstash组 groupadd -r logstash # 创建logstash用户 useradd -r -g logstash -d /usr/local/logstash -s /sbin/nologin -c "logstash" logstash # 配置文件目录 mkdir -p /etc/logstash/conf.d/ # 日志目录 mkdir /var/log/logstash # HOME目录 mkdir /var/lib/logstash # 授权 chown logstash /var/log/logstash chown logstash:logstash /var/lib/logstash chown -R logstash:logstash /usr/local/logstash/
5、编写简单启动配置
# 创建启动配置文件 touch /etc/logstash/conf.d/simple.conf # 填入内容 vi /etc/logstash/conf.d/simple.conf input { stdin {} } output { elasticsearch { hosts => "127.0.0.1"} stdout { codec => rubydebug } }
6、执行命令
/usr/local/logstash/bin/logstash agent -f conf.d/logstash-es-simple.conf
输入 hello word
使用curl发送请求查看es是否接收到了数据
curl 'http://127.0.0.1:9200/_search?pretty'