下载
建议到官网下载最新版
https://www.elastic.co/cn/downloads/logstash
本文使用logstash7.0.0
https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gz
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gz
tar -xzvf logstash-7.0.0.tar.gz
mv logstash-7.0.0.tar.gz /usr/local/logstash
读取文件直接发送到es
- 修改/usr/local/logstash/config/logstash-sample.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
#beats {
# port => 5044
#}
file {
path => "/var/log/httpd/access_log"
start_position => beginning
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][logstash]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
- 检查配置文件是否正确:(假设当前目录为/usr/local/logstash/config/)
../bin/logstash -t -f logstash-sample.conf
启动:
../bin/logstash -f logstash-sample.conf
加载本文件夹所有配置文件启动:
../bin/logstash -f ./
或后台启动:
nohup ../bin/logstash -f config/ &
- 常用命令参数
-f:通过这个命令可以指定Logstash的配置文件,根据配置文件配置logstash
-e:后面跟着字符串,该字符串可以被当做logstash的配置(如果是“” 则默认使用stdin作为输入,stdout作为输出)
-l:日志输出的地址(默认就是stdout直接在控制台中输出)
-t:测试配置文件是否正确,然后退出。
读取filebeat发送到es
filebeat端配置请参照本文开头的[安装filebeat]一文中的logstash相关部分
- 创建 /usr/local/logstash/config/logstash-filebeats.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][logstash-filebeats]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
- 检查配置文件
../bin/logstash -t -f logstash-filebeats.conf
- 启动
../bin/logstash -f logstash-filebeats.conf &