ELK-logstash案例实战之读取日志输出到elasticsearch

简介:从日志文件中读取日志,输出到elasticsearch集群中

$ cd /home/es/logstash-6.2.2/config
$ vim test3_es.conf
$ cd /home/es/logstash-6.2.2/bin
$ ./logstash -f ../config/test3_es.conf #注意:先成功启动es,否则可能报错

 

test3_es.conf内容如下:

input {
    file {
        path => "/home/es/elasticsearch-6.2.2/logs/elasticsearch.log"
        type => "elasticsearch"
        start_position => "beginning" #从文件开始处读写
    }
}

output{
    elasticsearch {
        hosts=>["127.0.0.1:9200"]  
        index => "es-message-%{+YYYY.MM.dd}" #对日志进行索引归档
    }
    
    stdout{codec => rubydebug}
}

 

验证
查看索引列表 curl http://localhost:9200/_cat/indices?v
查看数据 curl http://localhost:9200/es-message-2019.04.20/_search?pretty

posted on 2019-04-20 10:52  Ruthless  阅读(5430)  评论(1编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 Ruthless
Powered by .NET 8.0 on Kubernetes