logstash学习
- 中文文档地址
http://doc.yonyoucloud.com/doc/logstash-best-practice-cn/index.html- 官方文档地址
https://www.elastic.co/guide/en/logstash/current/index.html- 官方安装教程
apt安装
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-8.x.list
sudo apt-get update && sudo apt-get install logstashyum安装
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
cat>> /etc/yum.repos.d/logstash.repo <<EOF
[logstash-8.x]
name=Elastic repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
sudo yum install logstash- 测试
whereis logstash
>>logstash: /etc/logstash /usr/share/logstash
/usr/share/logstash/bin/logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
>>Using bundled JDK: /usr/share/logstash/jdk
>>OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.此时在此终端输入的内容(stdin)都会输出(stdout)
- 添加配置文件
如果不进行任何指定运行logstash,可能会找不到logstash.yml文件,可以通过--path.settings /etc/logstash指定路径
如果不进行其他指定,logstash启动时会从/etc/logstash/conf.d/路径下查找所有conf后缀的配置文件,拼接后作为自己的配置文件启动
配置文件一般格式为
input {
stdin { }
}
output {
stdout { }
}- 启动
command
command > /dev/null
command > /dev/null 2>&1
command &
command > /dev/null &
command > /dev/null 2>&1 &
command &> /dev/null
nohup command &> /dev/null- 插件安装
logstash提供了丰富的语法和插件进行输入、过滤和输出
插件github地址为https://github.com/logstash-plugins
例如安装http_poller插件
/usr/share/logstash/bin/logstash-plugin install logstash-input-http_pollerlogstash-input-http_poller即为插件的github项目名称
- 参考地址
stackoverflow
https://www.elastic.co/
https://elasticsearch.cn/
