logstash安装

1.下载  https://artifacts.elastic.co/downloads/logstash/logstash-7.17.25-windows-x86_64.zip  版本号直接修改直接在浏览器中下载，保持跟es的版本号一致  ，解压文件。

2.写配置文件

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
}

3. CD到解压的文件路径下 bin 目录下   在cmd中运行命令： logstash.bat -f D:\tools\logstash-7.17.25-windows-x86_64\logstash-7.17.25\config\logstash.conf

上述命令中，-f参数指定了Logstash的配置文件路径。执行命令后，Logstash将开始运行，并等待数据的输入。

 

从CMD上输入到es中

input {
  #beats {
  #  port => 5044
  #}
  stdin { }
}
 
output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    index => "logstash-%{+YYYY.MM.dd}"
  }
}

 从日志文件中输出到es中  D:/logs/a.log  注意Linux的文件路径 还有windows 的隐藏文件扩展名

input {
  file {
    path => "D:/logs/a.log"
    start_position => "beginning"
    sincedb_path=> "D:/tools/logstash-7.17.25-windows-x86_64/logstash-7.17.25/data/plugins/inputs/file/.sincedb_598261b6f7b67b87e004a7231c510495"
  }
}
filter {
}
output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    index => "log"
  }
}