下载对应的logstash
https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1-linux-x86_64.tar.gz
解压logstash
tar -xf logstash-7.10.1-linux-x86_64.tar.gz
移动到自己的目录就可以了
测试
../bin/logstash -e 'input { stdin{} } output { elasticsearch {hosts => ["192.168.50.80:9200"]} }'
测试文件结构input { file {
input {
path => "/var/log/messages" type => "system" #按行读取日志 start_position => "beginning" } file { path => "/usr/local/elasticsearch/logs/elasticsearch.log" type => "elasticsearch" start_position => "beginning"
#按事物读取 codec => multiline { pattern => "^\[" negate => true what => "previous" } } } output { if [type] == "system" { elasticsearch { hosts => ["192.168.50.80:9200"] index => "system-%{+YYYY.MM.dd}" } } if [type] == "elasticsearch" { elasticsearch { hosts => ["192.168.50.80:9200"] index => "elasticsearch-%{+YYYY.MM.dd}" } } }