ELK日志平台之Logstash部署

Logstash 提供三大功能

• INPUT 进入
• FILTER 过滤功能
• OUTPUT 出去

一 、下载解压

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.tar.gz
tar -zxvf logstash-6.2.4.tar.gz
mv logstash-6.2.4 /usr/local/logstash

二、修改Logstash 配置

 提供 indexer 的功能，将数据插入到 elasticsearch 集群中

 这里是将kafka数据写到elasticsearch中

vim nginx.conf
input {  
kafka {    
type => "kafka"    
bootstrap_servers => "192.168.1.10:9092,192.168.1.11:9092,192.168.1.12:9092"    
topics => "nginx-access-log"    
group_id => "logstash"    
consumer_threads => 2  
}
}
output {  
elasticsearch {    
host => ["192.168.1.10","192.168.1.11"，"192.168.1.12"]    
port => "9300"    
index => "nginx-%{+YYYY.MM.dd}"  
}
}

三、启动 Logstash

1、命令启动

 

./bin/logstash -f nginx.conf

 

2、system管理

 

# cat /usr/lib/systemd/system/logstash.service
[Unit]
Description=logstash

[Service]
Type=simple
User=root     #以root用户启动，1024以下端口普通用户无法开启
Group=root
Environment=JAVA_HOME=/usr/local/jdk    #根据实际目录写
Environment=LS_HOME=/usr/local/logstash
Environment=LS_SETTINGS_DIR=/usr/local/logstash/config/
Environment=LS_PIDFILE=/usr/local/logstash/logstash.pid
Environment=LS_USER=root
Environment=LS_GROUP=root
Environment=LS_GC_LOG_FILE=/usr/local/logstash/logs/gc.log
Environment=LS_OPEN_FILES=16384
Environment=LS_NICE=19
Environment=SERVICE_NAME=logstash
Environment=SERVICE_DESCRIPTION=logstash
ExecStart=/usr/local/logstash/bin/logstash "--path.settings" "/usr/local/logstash/config/"
Restart=always
WorkingDirectory=/usr/local/logstash
Nice=19
LimitNOFILE=16384

[Install]
WantedBy=multi-user.target

 

 

到此logstash就部署完成了。