logstash部署

下载

https://www.elastic.co/cn/downloads/logstash

基本测试：从命令行测试，input为stdin，output为stdout。启动成功后，在stdin输入内容，stdout会输出内容

bin/logstash -e 'input { stdin { } } output { stdout {} }'

　　

conf文件配置

# cat config/logstash-sample.conf 
input {
    stdin { }
    file {
        path => ["/usr/local/logstash/logstash-tutorial-dataset"]
        type => "file_monitor"
        tags => ["有用的","标识用的"]
        start_position => "beginning"
    }
    kafka {
        bootstrap_servers => "192.168.18.18:9092"
        topics => ["log_stream"]
        }

}

output {
        file{
              path => "file.txt"
       }
        elasticsearch {
            action => "index"
            hosts => ["192.168.18.5:9200","192.168.18.20:9200","192.168.18.24:9200"]
            index => "logs-%{+YYYY.MM.dd}"
            document_type => "logs"
        }
}

　　

 

java日志匹配

用grok拆分java日志 - littlevigra - 博客园 (cnblogs.com)

 https://www.jianshu.com/p/443f1ea7b640

https://doc.yonyoucloud.com/doc/logstash-best-practice-cn/output/elasticsearch.html