Logstash requires Java 8. Java 9 is not supported.

1、检测是否安装了java环境

[root@node3 ~]# java -version

java version "1.8.0_144"

Java(TM) SE Runtime Environment (build 1.8.0_144-b01)

Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

2、安装logstash,这里采用rpm安装

  https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.rpm

  yum install logstash

查看生成了哪些文件,查看logstash的执行文件位置:

/etc/logstash/conf.d

/etc/logstash/jvm.options

/etc/logstash/log4j2.properties

/etc/logstash/logstash.yml

/etc/logstash/startup.options

/usr/share/logstash/CHANGELOG.md

/usr/share/logstash/CONTRIBUTORS

/usr/share/logstash/Gemfile

/usr/share/logstash/Gemfile.jruby-1.9.lock

/usr/share/logstash/LICENSE

/usr/share/logstash/NOTICE.TXT

/usr/share/logstash/bin/cpdump

/usr/share/logstash/bin/ingest-convert.sh

/usr/share/logstash/bin/logstash

/usr/share/logstash/bin/logstash-plugin

/usr/share/logstash/bin/logstash-plugin.bat

/usr/share/logstash/bin/logstash.bat

/usr/share/logstash/bin/logstash.lib.sh

/usr/share/logstash/bin/ruby

/usr/share/logstash/bin/setup.bat

/usr/share/logstash/bin/system-install

/usr/share/logstash/data

 配置文件:

1、配置jvm

/etc/logstash/jvm.options
2、logstash的一些配置
/etc/logstash/logstash.yml
3、环境变量一些的配置
/etc/logstash/startup.options
4、日志与log4j2的配置
/etc/logstash/log4j2.properties
 
开始第一个任务:
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults

Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

 提示warning,解决办法:

mkdir -p /usr/share/logstash/config/

ln -s /etc/logstash/* /usr/share/logstash/config

chown -R logstash:logstash /usr/share/logstash/config/

bin/logstash -e 'input { stdin { } } output { stdout {} }'

 如果logstash不适用命令行执行,而是作为一个服务:

  logstash启动:
  /etc/init.d/logstash start
  systemctl start logstash.service
 
开始编写配置文件进行logstash解析:
1、input插件中file插件的使用
[root@node3 conf.d]# cat file.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf

 2、多个log日志的输入、

[root@node3 conf.d]# cat file_more_choose.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

    file {

        path => ["/var/log/elasticsearch/my-elastic.log"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file_more_choose.conf

 但是发现只打印出elastic的日志,message的日志没有stdout,收集的日志是增量的,之前收集的日志已经存在sincedb中了,所以会默认从之后开始存

Path of the sincedb database file (keeps track of the current position of monitored log files) that will be written to disk. The default will write sincedb files to <path.data>/plugins/inputs/file NOTE: it must be a file path and not a directory path,这是一段sincedb_path的解释

检查配置文件的语法是否正确:
-t, --config.test_and_exit    Check configuration for valid syntax and then exit.

                                   (default: false)

-r, --config.reload.automatic Monitor configuration changes and reload

                                  whenever it is changed.

                                  NOTE: use SIGHUP to manually reload the config

                                   (default: false)

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf -t

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

Configuration OK

 3、以elasticsearch插件输出:

input {

    file {

        path => ["/var/log/logstash/logstash-plain.log"]

        start_position => "beginning"

        type => "logstash"

    }

}

output {

    elasticsearch {

        hosts => ["192.168.44.134:9200"]

        index => "logstash-log"

        codec => rubydebug

    }

}

4、根据插件type来定义输出插件:

[root@node3 conf.d]# cat type.conf

input {

    file {

       path  => ["/var/log/logstash/logstash-plain.log"]

       start_position => "beginning"

       type => "logstash_2"

    }

    file {

       path => ["/var/log/messages"]

       start_position => "beginning"

       type => "system"

    }

}

output {

    if [type] == "logstash_2" {

        elasticsearch {

            hosts => ["192.168.44.134:9200"]

            index => "logstash_2"

            codec => rubydebug

        }

    }

    if [type] == "system" {

         stdout {

            codec => rubydebug

         }

    }

}

 现在向messages日志中echo一段话:

echo "`date +%F`" >> /var/log/messages

 然后开始执行:

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f type.conf

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

{

      "@version" => "1",

          "host" => "node3",

          "path" => "/var/log/messages",

    "@timestamp" => 2017-09-20T08:19:05.782Z,

       "message" => "2017-09-20",                这是刚刚echo新增的内容

          "type" => "system"

}

 查看es中的索引是否有生成:

logstash5.x安装及简单运用的更多相关文章

  1. (转)python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  2. MongoDB在Windows下安装、Shell客户端的使用、Bson扩充的数据类型、MongoVUE可视化工具安装和简单使用、Robomongo可视化工具(2)

    一.Windows 下载安装 1.去http://www.mongodb.org/downloads下载,mongodb默认安装在C:\Program Files\MongoDB目录下,到F:\Off ...

  3. python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  4. memcache的windows下的安装和简单使用

    原文:memcache的windows下的安装和简单使用 memcache是为了解决网站访问量大,数据库压力倍增的解决方案之一,由于其简单实用,很多站点现在都在使用memcache,但是memcach ...

  5. 【RabbitMQ】RabbitMQ在Windows的安装和简单的使用

    版本说明 使用当前版本:3.5.4 安装与启动 在官网上下载其Server二进制安装包,在Windows上的安装时简单的,与一般软件没什么区别. 安装前会提示你,还需要安装Erlang,并打开下载页面 ...

  6. Thrift的安装和简单演示样例

    本文仅仅是简单的解说Thrift开源框架的安装和简单使用演示样例.对于具体的解说,后面在进行阐述. Thrift简述                                           ...

  7. libmemcached安装及简单例子

    libmemcached安装及简单例子 1.下载安装libmemcached  $ wget http://launchpad.net/libmemcached/1.0/0.44/+download/ ...

  8. [hadoop系列]Pig的安装和简单演示样例

    inkfish原创,请勿商业性质转载,转载请注明来源(http://blog.csdn.net/inkfish ).(来源:http://blog.csdn.net/inkfish) Pig是Yaho ...

  9. Redis 安装与简单示例

    Redis 安装与简单示例 一.Redis的安装 Redis下载地址如下:https://github.com/dmajkic/redis/downloads 解压后根据自己机器的实际情况选择32位或 ...

随机推荐

  1. Oracle的存储过程编程

    是一个可以用编程的方式来操作SQL的集合. | |目录 1什么是存储过程? 2存储过程的优点? 3存储过程的缺点? 4存储过程的用途? 5存储过程注意事项? 6如何写存储过程? 7如何执行存储过程? ...

  2. Tips-Windows 10【多桌面视窗】操作

    Windows 10[多桌面视窗] 当你点击任务栏上的“task view”按键时,会在屏幕中间显示你当前正在使用的桌面,你可以点击“添加桌面”来创建一个新的桌面,在这个新的桌面你可以打开其他的应用程 ...

  3. ctf-HITCON-2016-houseoforange学习

    目录 堆溢出点 利用步骤 创建第一个house,修改top_chunk的size 创建第二个house,触发sysmalloc中的_int_free 创建第三个house,泄露libc和heap的地址 ...

  4. cross-compler toolchains--clfs

    http://www.cnblogs.com/leaven/archive/2010/11/17/1879679.html

  5. 实现一个自动生成小学四则运算题目的命令行程序(java实现)

    Github项目地址:https://github.com/xiaobaot/wordcount/tree/master/sizeyusuan 团队成员:谢家明(代码生成)    谢竣(测试完善) 项 ...

  6. oracle中 rownum 与 connect by的结合使用

    原文:http://blog.sina.com.cn/s/blog_a26966d90102wwkb.html oracle中 rownum 与 connect by的结合使用 SELECT ROWN ...

  7. AngularJS filter:search 是如何匹配的 ng-repeat filter:search ,filter:{$:search},只取repeat的item的value 不含label

    1.  filter可以接收参数,参数用 : 进行分割,如下: {{ expression | filter:argument1:argument2:... }} 2.   filter参数是 对象 ...

  8. layer插件的常用实例

    layer.msg(提示信息, {time:1000, icon:5, shift:6}, 回调方法); layer.alert(提示信息, function(index){ // 回调方法 laye ...

  9. 转Hibernate 一对多关联的CRUD__@ManyToOne(cascade=(CascadeType.ALL))

    一:Group和Users两个类 假定一个组里有n多用户,但是一个用户只对应一个用户组. 1.所以Group对于Users是“一对多”的关联关系@OneToMany Users对于Group是“多对一 ...

  10. HDU1003:Max Sum(简单dp)

    题目:http://acm.hdu.edu.cn/showproblem.php?pid=1003 题意一目了然就不说了,算法是从左往右扫,一个暂时保存结果的值,如果区间结果<0,那么就更改左右 ...