Logstash讀取文本信息並寫入到ES
前提是ELK安裝沒問題
進入到logstash安裝目錄下的bin目錄(我的logstash安裝目錄:/usr/local/)
[root@es1 bin]# cd /usr/local/logstash-5.5.2/bin
[root@es1 bin]# ll
total 100
-rwxr-xr-x 1 root root 377 Aug 14 2017 cpdump
-rw-r--r-- 1 root root 15821 Dec 27 00:58 hs_err_pid1888.log
-rw-r--r-- 1 root root 15821 Dec 27 01:01 hs_err_pid1929.log
-rw-r--r-- 1 root root 15821 Dec 27 01:05 hs_err_pid2026.log
-rwxr-xr-x 1 root root 155 Aug 14 2017 ingest-convert.sh
-rwxr-xr-x 1 root root 1949 Aug 14 2017 logstash
-rw-r--r-- 1 root root 677 Aug 14 2017 logstash.bat
-rw-r--r-- 1 root root 756 Dec 27 16:30 logstash.conf
-rwxr-xr-x 1 root root 5400 Aug 14 2017 logstash.lib.sh
-rwxr-xr-x 1 root root 448 Aug 14 2017 logstash-plugin
-rw-r--r-- 1 root root 251 Aug 14 2017 logstash-plugin.bat
-rw-r--r-- 1 root root 1138 Dec 27 17:21 mysqltoes.conf
-rwxr-xr-x 1 root root 840 Aug 14 2017 ruby
-rw-r--r-- 1 root root 2795 Aug 14 2017 setup.bat
-rwxr-xr-x 1 root root 3530 Aug 14 2017 system-install
修改logstash.conf文件
[root@es1 log]# vim /usr/local/logstash-5.5.2/bin/logstash.conf
#
input{
file{
path=>["/var/log/test.log"]
type=>"logstash_log"
start_position =>"beginning"
}
}
output{
elasticsearch{
hosts=>["192.168.100.101:9200","192.168.100.102:9200","192.168.100.103:9200"]
index=>"log-%{+YYYY.MM.dd.HH.mm.ss}"
}
}
運行
./logstash -f logstash.conf