Logstash - 安装部署

Elastic官网: https://www.elastic.co/cn/elastic-stack/

下载安装包

搜索下载:  https://www.elastic.co/cn/downloads/past-releases#elasticsearch
注意: 整套组件需要版本一致,当前案例版本为 6.7.0

**elasticsearch**:  wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.7.0.tar.gz
**kibana**:  wget https://artifacts.elastic.co/downloads/kibana/kibana-6.7.0-linux-x86_64.tar.gz
**logstash**:  wget https://artifacts.elastic.co/downloads/logstash/logstash-6.7.0.tar.gz
**filebeat**:  wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.7.0-linux-x86_64.tar.gz

Logstash安装部署

1.上传压缩包 logstash-6.7.0.tar.gz

2.解压 tar -zxvf logstash-6.7.0.tar.gz

3.配置 vim logstash.yml, logstash-sample.conf

4.启动 nohup bin/logstash -f ./config/logstash-sample.conf &
shell:

#!/bin/bash
nohup bin/logstash -f ./config/logstash-syne.conf  --config.reload.automatic >./logs/out.log &

5.案例:

cp logstash-sample.conf logstash-syne.conf

logstash-syne.conf 内容:

input {
    tcp {
        host => "0.0.0.0"
        port => 4560
        codec => "json"
    }
}
filter {
    grok {
                match => {
                        "message" => "\s*Http\s*Request:\s*CommonLog{createBy=%{GREEDYDATA:create_by},\s*updateBy=%{GREEDYDATA:update_by},\s*createTime=%{GREEDYDATA:create_time},\s*updateTime=%{GREEDYDATA:update_time},\s*isDeleted=%{GREEDYDATA:is_deleted},\s*id=%{GREEDYDATA:data_id},\s*type=%{GREEDYDATA:type},\s*traceId=%{GREEDYDATA:trace_id},\s*serviceName=%{GREEDYDATA:service_name},\s*title=%{GREEDYDATA:title},\s*operation=%{GREEDYDATA:operation},\s*method=%{GREEDYDATA:method},\s*url=%{GREEDYDATA:url},\s*params=%{GREEDYDATA:params},\s*ip=%{GREEDYDATA:ip},\s*executeTime=%{GREEDYDATA:execute_time},\s*location=%{GREEDYDATA:location},\s*tenantId=%{GREEDYDATA:tenant_id},\s*exception=%{GREEDYDATA:exception},\s*createName=%{GREEDYDATA:create_name},\s*updateName=%{GREEDYDATA:update_name},\s*operationType=%{GREEDYDATA:operation_type},\s*customsId=%{GREEDYDATA:customs_id},\s*zoneId=%{GREEDYDATA:zone_id},\s*companyId=%{GREEDYDATA:company_id}}"
                }
        }
}
output {
     stdout {
      codec => rubydebug
     }
     elasticsearch {
        action => "index"
        hosts => ["127.0.0.1:9200"]
        index => "syne_sys_log"
        #user => "elastic"
        #password => "changeme"
     }
}
posted @ 2021-12-01 13:33  栋_RevoL  阅读(318)  评论(0编辑  收藏  举报