logstash
第一步
vi config/logstash.conf
input {
kafka {
bootstrap_servers => "127.0.0.1:9092"
# 从kafka 中读取匹配到的topic
topics => ["host-message","host-secure"]
# kafka收集到的文件格式是json,因此这里选择json解析
codec => "json"
}
}
output {
stdout {
codec => rubydebug
}
}
检查语法:logstash -f 配置文件 -t
启动服务:logstash -f 配置文件
第二步
input {
kafka {
bootstrap_servers => "127.0.0.1:9092"
topics => ["host-message","host-secure"]
# kafka收集到的文件格式是json,因此这里选择json解析
codec => "json"
}
}
output {
elasticsearch {
# 把 topics => ["host-message","host-secure"] 传递给 elasticseach 中"host-message-%{+YYYY.MM.dd}"这个index。这样的情况下host-message和 host-secre都会混在一起不方便查看
index => "host-message-%{+YYYY.MM.dd}"
hosts => ["172.16.100.6:9200"]
}
}
检查语法:logstash -f 配置文件 -t
启动服务:logstash -f 配置文件
第三步
input {
kafka {
bootstrap_servers => "127.0.0.1:9092"
topics => ["host-message","host-secure"]
# kafka收集到的文件格式是json,因此这里选择json解析
codec => "json"
}
}
output {
if [fields][type] == "host-message" {
elasticsearch {
index => "host-message-%{+YYYY.MM.dd}"
hosts => ["172.16.100.6:9200"]
}
}
if [fields][type] == "host-secure" {
elasticsearch {
index => "host-secure-%{+YYYY.MM.dd}"
hosts => ["172.16.100.6:9200"]
}
}
}
检查语法:logstash -f 配置文件 -t
启动服务:logstash -f 配置文件
logstash 也可以通过命令行传递配置文件 **输出到标准输出**
/opt/logstash/bin/logstash -e '
input {
stdin {
}
}
output {
stdout {
codec =>rubydebug
}
}'
输出到文件
/opt/logstash/bin/logstash -e '
input {
stdin {
}
}
output {
file {
path => "/tmp/test-%{+YYYY.MM.dd}.log"
gzip => true
}
}'
输出到elasticsearch
/opt/logstash/bin/logstash -e '
input{
stdin{
}
}
output{
elasticsearch{
hosts => ["10.4.7.12:9200"]
index => "logstash-test-%{+YYY.MM.dd}"
}
}'
/opt/logstash/bin/logstash -e '
input{
stdin{
}
}
output{
redis{
host => ["10.4.7.21:6379"]
data_type => "list"
key => "test"
}
}'
