下載
建議到官網下載最新版
https://www.elastic.co/cn/downloads/logstash
本文使用logstash7.0.0
https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gz
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gz tar -xzvf logstash-7.0.0.tar.gz mv logstash-7.0.0.tar.gz /usr/local/logstash 讀取文件直接發送到es
- 修改/usr/local/logstash/config/logstash-sample.conf
# Sample Logstash configuration for creating a simple # Beats -> Logstash -> Elasticsearch pipeline. input { #beats { # port => 5044 #} file { path => "/var/log/httpd/access_log" start_position => beginning } } output { elasticsearch { hosts => ["http://localhost:9200"] index => "%{[@metadata][logstash]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" #user => "elastic" #password => "changeme" } } - 檢查配置文件是否正確:(假設當前目錄為/usr/local/logstash/config/)
../bin/logstash -t -f logstash-sample.conf
啟動:
../bin/logstash -f logstash-sample.conf
加載本文件夾所有配置文件啟動:
../bin/logstash -f ./
或后台啟動:
nohup ../bin/logstash -f config/ &
- 常用命令參數
-f:通過這個命令可以指定Logstash的配置文件,根據配置文件配置logstash
-e:后面跟着字符串,該字符串可以被當做logstash的配置(如果是“” 則默認使用stdin作為輸入,stdout作為輸出)
-l:日志輸出的地址(默認就是stdout直接在控制台中輸出)
-t:測試配置文件是否正確,然后退出。
讀取filebeat發送到es
filebeat端配置請參照本文開頭的[安裝filebeat]一文中的logstash相關部分
- 創建 /usr/local/logstash/config/logstash-filebeats.conf
input {
beats {
port => 5044 } } output { elasticsearch { hosts => ["http://localhost:9200"] index => "%{[@metadata][logstash-filebeats]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" #user => "elastic" #password => "changeme" } } - 檢查配置文件
../bin/logstash -t -f logstash-filebeats.conf
- 啟動
../bin/logstash -f logstash-filebeats.conf &