簡介:從日志文件中讀取日志,輸出到elasticsearch集群中
$ cd /home/es/logstash-6.2.2/config $ vim test3_es.conf $ cd /home/es/logstash-6.2.2/bin $ ./logstash -f ../config/test3_es.conf #注意:先成功啟動es,否則可能報錯
test3_es.conf內容如下:
input { file { path => "/home/es/elasticsearch-6.2.2/logs/elasticsearch.log" type => "elasticsearch" start_position => "beginning" #從文件開始處讀寫 } } output{ elasticsearch { hosts=>["127.0.0.1:9200"] index => "es-message-%{+YYYY.MM.dd}" #對日志進行索引歸檔 } stdout{codec => rubydebug} }
驗證
查看索引列表 curl http://localhost:9200/_cat/indices?v
查看數據 curl http://localhost:9200/es-message-2019.04.20/_search?pretty
