ElasticSearch 5.2.2 之 logstash
1. 安装java环境,elasticsearch需要java 1.8.0_73以上版本
yum list java* yum install java-1.8.0-openjdk -y java -version
2. yum 源安装,方式一
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch cat > /etc/yum.repos.d/logstash.repo <<EOF [logstash-5.x] name=Elastic repository for 5.x packages baseurl=https://artifacts.elastic.co/packages/5.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF yum clean all yum install logstash
3.先下载rpm直接安装,方式二
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.2.2.rpm rz -y logstash-5.2.2.rpm yum localinstall logstash-5.2.2.rpm
4. 测试logstash
# 测试logstash
/usr/share/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'
/usr/share/logstash/bin/logstash -e 'input { stdin { } } output { stdout{ codec => rubydebug } }'
# 输出到elasticsearch及屏幕打印
/usr/share/logstash/bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["192.168.1.22:9200"] } stdout{ codec => rubydebug } }'
5. 建立logstash文件夹及权限
mkdir /etc/logstash/logs -p mkdir /etc/logstash/data -p chown -R logstash.logstash /etc/logstash/logs chown -R logstash.logstash /etc/logstash/data
6. 修改logstash配置文件
vim /etc/logstash/logstash.yml grep -v "^#" /etc/logstash/logstash.yml path.data: /etc/logstash/data/logstash path.config: /etc/logstash/conf.d path.logs: /etc/logstash/logs/logstash # 启动测试 /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logs.conf
7.多行日志收集
# 多行收集,收集java日志
input {
stdin {
codec => multiline {
pattern => "^\["
negate => true
what => "previous"
}
}
}
output {
stdout {
codec => "rubydebug"
}
}
# 配置logstash https://www.elastic.co/guide/en/logstash/current/configuration.html https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
https://www.elastic.co/guide/en/logstash/current/plugins-codecs-multiline.html
http://www.cnblogs.com/saneri/p/6605853.html
浙公网安备 33010602011771号