zjtest7-frontend:/usr/local/logstash-2.3.4/bin# ./logstash -e 'input{stdin{}} output{stdout{codec=>rubydebug}}'
Settings: Default pipeline workers: 1
Pipeline main started
Hellow World
{
"message" => "Hellow World",
"@version" => "1",
"@timestamp" => "2016-08-31T06:35:18.536Z",
"host" => "0.0.0.0"
}
输出json:
zjtest7-frontend:/usr/local/logstash-2.3.4/bin# ./logstash -e 'input{stdin{}} output{stdout{codec=>json}}'
Settings: Default pipeline workers: 1
Pipeline main started
Hello World
{"message":"Hello World","@version":"1","@timestamp":"2016-08-31T06:36:46.359Z","host":"0.0.0.0"}
/*************************
zjtest7-frontend:/usr/local/logstash-2.3.4/config# cat hello.conf
input {
stdin { }
}
output {
elasticsearch {
hosts => "192.168.32.80:9200"
index => "logstash-hello"
}
stdout {
codec => rubydebug
}
}
zjtest7-frontend:/usr/local/logstash-2.3.4/config# ../bin/logstash -f hello.conf
Settings: Default pipeline workers: 1
hello
Pipeline main started
{
"message" => "hello",
"@version" => "1",
"@timestamp" => "2016-08-31T06:53:11.772Z",
"host" => "0.0.0.0"
数据在线程之间以事件的形式流传,不要叫行,因为Logstash 可以处理多行事件。
Logstash 会给事件添加一些额外的信息,最重要的就是@timestamp,用来标记事件的发生时间。
1.3 配置语法:
Logstash 社区通常习惯用Shipper,Broker和Indexer来描述数据流中不同进程各自的角色