Logstash安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)
前提
Elasticsearch-2.4.3的下载(图文详解)
Elasticsearch-2.4.3的单节点安装(多种方式图文详解)
Elasticsearch-2.4.3的3节点安装(多种方式图文详解)
Logstash-2.4.1的下载(图文详解)
Logstash是一个管理日志和事件的工具。
我这里的机器集群情况分别是:
HadoopMaster(192.168.80.10)、HadoopSlave1(192.168.80.11)和HadoopSlave2(192.168.80.12)。
1、上传logstash-2.4.1.tar.gz压缩包
[hadoop@HadoopMaster app]$ ll
total 16832
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rz [hadoop@HadoopMaster app]$ ll
total 98864
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$
2、解压
[hadoop@HadoopMaster app]$ ll
total 98864
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ tar -zxvf logstash-2.4.1.tar.gz
第三步:删除安装包,并修改所属组和用户
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
drwxrwxr-x. 5 hadoop hadoop 4096 Mar 27 03:58 logstash-2.4.1
-rw-r--r--. 1 hadoop hadoop 83999654 Feb 25 11:06 logstash-2.4.1.tar.gz
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
[hadoop@HadoopMaster app]$ rm logstash-2.4.1.tar.gz
[hadoop@HadoopMaster app]$ ll
total 16836
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 22 06:05 elasticsearch-2.4.3
-rw-r--r--. 1 hadoop hadoop 908862 Jan 10 11:38 elasticsearch-head-master.zip
-rw-r--r--. 1 hadoop hadoop 2228252 Jan 10 11:38 elasticsearch-kopf-master.zip
drwxr-xr-x. 2 hadoop hadoop 4096 Mar 27 01:36 filebeat-1.3.1-x86_64
drwxr-xr-x. 10 hadoop hadoop 4096 Oct 31 17:15 hadoop-2.6.0
drwxr-xr-x. 15 hadoop hadoop 4096 Nov 14 2014 hadoop-2.6.0-src
drwxrwxr-x. 8 hadoop hadoop 4096 Nov 2 18:20 hbase-1.2.3
drwxr-xr-x. 8 hadoop hadoop 4096 Apr 11 2015 jdk1.7.0_79
drwxrwxr-x. 11 hadoop hadoop 4096 Nov 4 23:24 kibana-4.6.3-linux-x86_64
drwxrwxr-x. 5 hadoop hadoop 4096 Mar 27 03:58 logstash-2.4.1
-rw-r--r--. 1 hadoop hadoop 10162116 Mar 25 10:00 marvel-2.4.4.tar.gz
-rw-r--r--. 1 hadoop hadoop 2332033 Jan 16 17:25 shield-2.4.3.zip
drwxrwxr-x. 9 hadoop hadoop 4096 Feb 25 19:18 tomcat-7.0.73
-rw-r--r--. 1 hadoop hadoop 1556618 Jan 16 17:22 watcher-2.4.3.zip
drwxr-xr-x. 10 hadoop hadoop 4096 Nov 1 23:39 zookeeper-3.4.6
第四步:认识目录结构
[hadoop@HadoopMaster app]$ cd logstash-2.4.1/
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$
Filebeat啊,根据input来监控数据,根据output来使用数据!!!
对应于,Logstash啊,有input、filter和output。
最简单的Logstash测试(即,输入什么,直接在console打印输出)
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -e 'input { stdin { } } output { stdout {} }'
Settings: Default pipeline workers: 1
Pipeline main started
(输入回车)
2017-03-26T21:01:02.849Z HadoopMaster (显示回车)
abcd
2017-03-26T21:01:10.559Z HadoopMaster abcd
以上是最简单的Logstash测试(即,输入什么,直接在console打印输出)。
^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
Received shutdown signal, but pipeline is still waiting for in-flight events
to be processed. Sending another ^C will force quit Logstash, but this may cause
data loss. {:level=>:warn}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
Logstash可以以指定某种格式来输入。比如如下:
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -e 'input { stdin { } } output { stdout { codec => json} }' Settings: Default pipeline workers: 1
Pipeline main started
{"message":"","@version":"1","@timestamp":"2017-03-26T21:13:09.879Z","host":"HadoopMaster"}hjjjk
{"message":"hjjjk","@version":"1","@timestamp":"2017-03-26T21:13:23.484Z","host":"HadoopMaster"}^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
我们可以看到,我们输入什么内容logstash按照某种格式输出,其中-e参数参数允许Logstash直接通过命令行接受设置。这点尤其快速的帮助我们反复的测试配置是否正确而不用写配置文件。使用Ctrl + C命令可以退出之前运行的Logstash。
使用-e参数在命令行中指定配置是很常用的方式,不过如果需要配置更多设置则需要很长的内容。这种情况,我们首先创建一个简单的配置文件,并且指定logstash使用这个配置文件。例如:在logstash安装目录下创建一个“基本配置”测试文件logstash-simple.conf。
Logstash使用-f参数替换命令行中的-e参数(既可以写到配置文件里,为了方便)
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 160
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ vim logstash-simple.conf
input {
stdin { }
}
output {
stdout { }
}
[hadoop@HadoopMaster logstash-2.4.1]$ pwd
/home/hadoop/app/logstash-2.4.1
[hadoop@HadoopMaster logstash-2.4.1]$ ll
total 164
drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin
-rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md
-rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS
-rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile
-rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib
-rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE
-rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf
-rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT
drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor
[hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -f logstash-simple.conf
Settings: Default pipeline workers: 1
Pipeline main started 2017-03-26T21:32:32.782Z HadoopMaster
abcd
2017-03-26T21:32:36.848Z HadoopMaster abcd
^CSIGINT received. Shutting down the agent. {:level=>:warn}
stopping pipeline {:id=>"main"}
^CSIGINT received. Terminating immediately.. {:level=>:fatal}
[hadoop@HadoopMaster logstash-2.4.1]$
推荐用这个!!!
bin/logstash -f logstash-simple.conf --auto-reload
因为,在调试,每次都要重启。加这个,不需每次去重启Logstash,即自己会加载。
Logstash安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)的更多相关文章
- Filebeat-1.3.1安装和设置(图文详解)(多节点的ELK集群安装在一个节点就好)(以Console Output为例)
前期博客 Filebeat的下载(图文讲解) 前提 Elasticsearch-2.4.3的下载(图文详解) Elasticsearch-2.4.3的单节点安装(多种方式图文详解) Elasticse ...
- Kibana安装(图文详解)(多节点的ELK集群安装在一个节点就好)
对于Kibana ,我们知道,是Elasticsearch/Logstash/Kibana的必不可少成员. 前提: Elasticsearch-2.4.3的下载(图文详解) Elasticsearch ...
- HUE配置文件hue.ini 的hbase模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的sqoop模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的hdfs_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的hive和beeswax模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的yarn_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的mapred_clusters模块详解(图文详解)(分HA集群和非HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
- HUE配置文件hue.ini 的zookeeper模块详解(图文详解)(分HA集群)
不多说,直接上干货! 我的集群机器情况是 bigdatamaster(192.168.80.10).bigdataslave1(192.168.80.11)和bigdataslave2(192.168 ...
随机推荐
- JSON和list之间的转换
谷歌的Gson.jar: //list转换为json Gson gson = new Gson(); List<Person> persons = new ArrayList<Per ...
- FLASH动作脚本详解
FLASH动作脚本详解 一.FLASH脚本基础入门讲解 二.按钮AS的编写 三.影片剪辑的AS编写 四.动态文本框 五.影片剪辑的拖拽 六.流程控制与循环语句 七.绘图及颜色的AS的编写 八.声音 A ...
- jsp中解决乱码问题
解决中文乱码 a) 第一种: String name=new String(name.getBytes("ISO-8859-1"),"UTF-8"); b) 第 ...
- maven打的包中含源文件jar包
如何用maven package打的jar包中还包含源文件(resource)jar包: 在pom中如下添加: <build> <plugins> <plugin> ...
- C++函数模版实现
若一个程序的功能是对某种特定的数据类型进行处理,则将所处理的数据类型说明为参数,那么就可以把这个程序改写成为模版,模版可以让程序对任何其他数据类型进行同样方式的处理. 本节主要是说一下C++的函数模版 ...
- 作为一名Java开发工程师需要掌握的专业技能
在学习Java编程完之后,学员们面临的就是就业问题.作为一名Java开发工程师,企业在招聘的时候,也是有一定的标准的. 为了帮助大家更好的找到适合自己的工作,在这里分享了作为一名Java开发工程师需要 ...
- vue前端开发那些事——vue开发遇到的问题
vue web开发并不是孤立的.它需要众多插件的配合以及其它js框架的支持.本篇想把vue web开发的一些问题,拿出来讨论下. 1.web界面采用哪个UI框架?项目中引用了layui框架.引入框架 ...
- Python学习-list操作
Python列表(list)操作: 序列是Python中最基本的数据结构.序列中的每个元素都分配一个数字 - 它的位置,或索引,第一个索引是0,第二个索引是1,依此类推. Python有6个序列的内置 ...
- 给UIButton设置阴影及动画组
//设置“开启旅程”按钮 UIButton *startBtn = self.startBtn; CGFloat btnW = ; CGFloat btnH = ; CGFloat btnX = (s ...
- c# 统计运行时间
long startTime = Environment.TickCount; long endTime = Environment.TickCount; long totalTime = endTi ...