Logstash安装

cd /data/clzx/test/pp_res
tar -xvf logstash-6.7.0.tar.gz


mv logstash-6.7.0 /data/clzx/test/service

cd /data/clzx/test/service

cd /data/clzx/test/service/logstash-6.7.0/bin

---指定jdk目录
logstash

export JAVA_CMD="/data/clzx/jdk1.8.0_101/bin"
export JAVA_HOME="/data/clzx/jdk1.8.0_101/"

./logstash -e 'input { stdin { } } output { stdout {} }'

 

在logstash文件夹的下bin目录创建配置文件logstash.conf ,内容如下:
vi logstash.conf

input {
# 以文件作为来源
file {
# 日志文件路径
path => "F:\test\dp.log"
}
}
filter {
#定义数据的格式,正则解析日志(根据实际需要对日志日志过滤、收集)
grok {
match => { "message" => "%{IPV4:clientIP}|%{GREEDYDATA:request}|%{NUMBER:duration}"}
}
#根据需要对数据的类型转换
mutate { convert => { "duration" => "integer" }}
}
# 定义输出
output {
elasticsearch {
hosts => ["localhost:9200"] #Elasticsearch 默认端口
}
}  

 

vi file_es.conf

input{
stdin {}
}
output {
elasticsearch {
hosts => ["134.64.14.137:9200"]
index => "yj_index"
}
stdout { codec => rubydebug}
}

./logstash -f ./file_es.conf

--------------------------

input{
file{
path =>"/data/clzx/test/service/logstash-6.7.0/bin/access_log.2018-04-10.log"
start_position=>"beginning"
}
}

filter{
grok{
match=>{
"message"=>"%{DATA:clientIp} - - \[%{HTTPDATE:accessTime}\] \"%{DATA:method} %{DATA:requestPath} %{DATA:httpversion}\" %{DATA:retcode} %{DATA:size} \"%{DATA:fromHtml}\" \"%{DATA:useragent}\""
}

remove_field=>"message"
}
date{
match=>["accessTime","dd/MMM/yyyy:HH:mm:ss Z"]
}
}

output{
elasticsearch {
hosts => ["134.64.14.137:9200"]
index => "yudq"
}
stdout{
codec=>rubydebug
}
}

posted @ 2019-04-03 15:49  小辣椒2009  阅读(220)  评论(0编辑  收藏  举报