Logstash安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)
前提
Elasticsearch-2.4.3的下载(图文详解)
Elasticsearch-2.4.3的单节点安装(多种方式图文详解)
Elasticsearch-2.4.3的3节点安装(多种方式图文详解)
Logstash-2.4.1的下载(图文详解)
Logstash是一个管理日志和事件的工具。
我这里的机器集群情况分别是:
HadoopMaster(192.168.80.10)、HadoopSlave1(192.168.80.11)和HadoopSlave2(192.168.80.12)。
1、上传logstash-2.4.1.tar.gz压缩包
[hadoop@HadoopMaster app]$ ll
total 16832
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rz [hadoop@HadoopMaster app]$ ll
total 98864
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$
2、解压
[hadoop@HadoopMaster app]$ ll
total 98864
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ tar -zxvf logstash-2.4.1.tar.gz
第三步:删除安装包,并修改所属组和用户
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
drwxrwxr-x. 5 hadoop hadoop 4096 Mar 27 03:58 logstash-2.4.1
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rm logstash-2.4.1.tar.gz
[hadoop@HadoopMaster app]$ ll
total 16836
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
drwxrwxr-x. 5 hadoop hadoop 4096 Mar 27 03:58 logstash-2.4.1
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
第四步:认识目录结构
[hadoop@HadoopMaster app]$ cd logstash-2.4.1/
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$
Filebeat啊,根据input来监控数据,根据output来使用数据!!!
对应于,Logstash啊,有input、filter和output。
最简单的Logstash测试(即,输入什么,直接在console打印输出)
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -e 'input { stdin { } } output { stdout {} }'
Settings: Default pipeline workers: 1
Pipeline main started
(输入回车)
2017-03-26T21:01:02.849Z HadoopMaster (显示回车)
abcd
2017-03-26T21:01:10.559Z HadoopMaster abcd
以上是最简单的Logstash测试(即,输入什么,直接在console打印输出)。
^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
Received shutdown signal, but pipeline is still waiting for in-flight events
to be processed. Sending another ^C will force quit Logstash, but this may cause
data loss. {:level=>:warn}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
Logstash可以以指定某种格式来输入。比如如下:
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -e 'input { stdin { } } output { stdout { codec => json} }' Settings: Default pipeline workers: 1
Pipeline main started
{"message":"","@version":"1","@timestamp":"2017-03-26T21:13:09.879Z","host":"HadoopMaster"}hjjjk
{"message":"hjjjk","@version":"1","@timestamp":"2017-03-26T21:13:23.484Z","host":"HadoopMaster"}^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
我们可以看到,我们输入什么内容logstash按照某种格式输出,其中-e参数参数允许Logstash直接通过命令行接受设置。这点尤其快速的帮助我们反复的测试配置是否正确而不用写配置文件。使用Ctrl + C命令可以退出之前运行的Logstash。
使用-e参数在命令行中指定配置是很常用的方式,不过如果需要配置更多设置则需要很长的内容。这种情况,我们首先创建一个简单的配置文件,并且指定logstash使用这个配置文件。例如:在logstash安装目录下创建一个“基本配置”测试文件logstash-simple.conf。
Logstash使用-f参数替换命令行中的-e参数(既可以写到配置文件里,为了方便)
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ vim logstash-simple.conf
input {
stdin { }
}
output {
stdout { }
}
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 164
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -f logstash-simple.conf
Settings: Default pipeline workers: 1
Pipeline main started 2017-03-26T21:32:32.782Z HadoopMaster
abcd
2017-03-26T21:32:36.848Z HadoopMaster abcd
^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
推荐用这个!!!
bin/logstash -f logstash-simple.conf --auto-reload
因为,在调试,每次都要重启。加这个,不需每次去重启Logstash,即自己会加载。
Logstash安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)的更多相关文章
- Filebeat-1.3.1安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)(以Console Output为例)
前期博客 Filebeat的下载(图文讲解) 前提 Elasticsearch-2.4.3的下载(图文详解) Elasticsearch-2.4.3的单节点安装(多种方式图文详解) Elasticse ...
- Kibana安装(图文详解)(多节点的ELK集群安装在一个节点就好)
对于Kibana ,我们知道,是Elasticsearch/Logstash/Kibana的必不可少成员. 前提: Elasticsearch-2.4.3的下载(图文详解) Elasticsearch ...
- HUE配置文件hue.ini 的hbase模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的sqoop模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的hdfs_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的hive和beeswax模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的yarn_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的mapred_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的zookeeper模块详解(图文详解)(分HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
随机推荐
- Java中的深拷贝(深复制)和浅拷贝(浅复制)
深拷贝(深复制)和浅拷贝(浅复制)是两个比较通用的概念,尤其在C++语言中,若不弄懂,则会在delete的时候出问题,但是我们在这幸好用的是Java.虽然java自动管理对象的回收,但对于深拷贝(深复 ...
- react: next-redux-saga
instead of using the Provider component, you can use the withRedux higher order component to inject ...
- New Concept English three (33)
31 45 We have all experienced days when everything goes wrong. A day may begin well enough, but sudd ...
- 关于linux 编程
emacs 编辑器 gcc/g++ 编译器 gdb 调试工具 valgrind 内存泄露检查 doxygen 文档组织工具
- H264的start code是什么?
H.264起始码 在网络传输h264数据时,一个UDP包就是一个NALU,解码器可以很方便的检测出NAL分界和解码.但是如果编码数据存储为一个文件,原来的解码器将无法从数据流中分别出每个NAL的起始位 ...
- ARM 内核SP,LR,PC寄存器
深入理解ARM的这三个寄存器,对编程以及操作系统的移植都有很大的裨益. 1.堆栈指针r13(SP):每一种异常模式都有其自己独立的r13,它通常指向异常模式所专用的堆栈,也就是说五种异常模式.非异常模 ...
- RabbitMQ学习系列四-EasyNetQ文档跟进式学习与实践
EasyNetQ文档跟进式学习与实践 https://www.cnblogs.com/DjlNet/p/7603554.html 这里可能有人要问了,为什么不使用官方的nuget包呐:RabbitMQ ...
- BZOJ1355:[Baltic2009]Radio Transmission
浅谈\(KMP\):https://www.cnblogs.com/AKMer/p/10438148.html 题目传送门:https://lydsy.com/JudgeOnline/problem. ...
- 批量修改文件名后缀,例如:html修改成HTML
批量修改文件名后缀,例html修改成HTML 把文件后缀名html全部修改成HTML: 例:aa.html aa.HTML #!/bin/bash for file in `ls`;do mv $fi ...
- mysql concat的使用
想要在一个id前都加个0,如果处理呢? mysql concat的使用 update `a_data` set id=CONCAT('0', id) where data_packet_id in ( ...