02 - logstash 安装和简单使用

logstash 安装和简单使用

------------------------------------------------

 

1:安装jdk

[root@elk03tools]# rpm -ivh jdk-8u221-linux-x64.rpm

warning: jdk-8u221-linux-x64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:jdk1.8-2000:1.8.0_221-fcs        ################################# [100%]

Unpacking JAR files...

 

2:安装logstash

[root@elk03tools]# wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/7.x/yum/7.1.1/logstash-7.1.1.rpm

[root@elk03tools]# yum localinstall -y logstash-7.1.1.rpm

 

目录授权:

[root@elk03tools]# chown -R logstash.logstash /usr/share/logstash/

 

3: 测试logstash标准输入到标准输出:

[root@elk03tools]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { stdout{ codec => rubydebug }}'

.......

The stdin plugin is now waiting for input:

....启动很慢,请耐心等待,出现input代表启动成功

输入:ggj ,返回:

/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated

{

       "message" => "ggj",

    "@timestamp" => 2019-09-06T14:40:22.382Z,

          "host" => "elk126",

      "@version" => "1"

}

 

 

 

4: 测试logstash标准输入到文件:

[root@elk03tools]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { file { path => "/tmp/test_%{+YYYY.MM.dd}.log"}}'

.......

输入:

sadsd

[INFO ] 2019-09-06 22:49:51.269 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>125, :thread=>"#<Thread:0x12965992 run>"}

[INFO ] 2019-09-06 22:49:51.835 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}

The stdin plugin is now waiting for input:

[INFO ] 2019-09-06 22:49:52.430 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

[INFO ] 2019-09-06 22:49:56.909 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

[INFO ] 2019-09-06 22:49:59.934 [[main]>worker0] file - Opening file {:path=>"/tmp/test_2019.09.06.log"}

j[INFO ] 2019-09-06 22:50:13.769 [[main]>worker0] file - Closing file /tmp/test_2019.09.06.log

 

查看文件是否有刚才输入的内容:

[root@elk03tmp]# cat test_2019.09.06.log

{"@timestamp":"2019-09-06T14:49:52.212Z","host":"elk126","@version":"1","message":"sadsd"}

[root@elk03tmp]#

 

5: 测试logstash标准输入到eselasticsearch):

[root@elk03tools]# /usr/share/logstash/bin/logstash -e 'input { stdin{} } output { elasticsearch { hosts =>["192.168.6.124:9200"] index => "xujin_%{+YYYY.MM.dd}" }}'

.............

The stdin plugin is now waiting for input:

[INFO ] 2019-09-06 22:55:30.818 [Ruby-0-Thread-5: :1] elasticsearch - Installing elasticsearch template to _template/logstash

[INFO ] 2019-09-06 22:55:31.463 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

[INFO ] 2019-09-06 22:55:34.903 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

xujin test - to  el(输入的内容)

 

 

 

posted @ 2019-09-09 21:37  运维魔法师  阅读(1365)  评论(0编辑  收藏  举报