Logstash requires Java 8. Java 9 is not supported.

1、检测是否安装了java环境

[root@node3 ~]# java -version

java version "1.8.0_144"

Java(TM) SE Runtime Environment (build 1.8.0_144-b01)

Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

2、安装logstash,这里采用rpm安装

  https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.rpm

  yum install logstash

查看生成了哪些文件,查看logstash的执行文件位置:

/etc/logstash/conf.d

/etc/logstash/jvm.options

/etc/logstash/log4j2.properties

/etc/logstash/logstash.yml

/etc/logstash/startup.options

/usr/share/logstash/CHANGELOG.md

/usr/share/logstash/CONTRIBUTORS

/usr/share/logstash/Gemfile

/usr/share/logstash/Gemfile.jruby-1.9.lock

/usr/share/logstash/LICENSE

/usr/share/logstash/NOTICE.TXT

/usr/share/logstash/bin/cpdump

/usr/share/logstash/bin/ingest-convert.sh

/usr/share/logstash/bin/logstash

/usr/share/logstash/bin/logstash-plugin

/usr/share/logstash/bin/logstash-plugin.bat

/usr/share/logstash/bin/logstash.bat

/usr/share/logstash/bin/logstash.lib.sh

/usr/share/logstash/bin/ruby

/usr/share/logstash/bin/setup.bat

/usr/share/logstash/bin/system-install

/usr/share/logstash/data

 配置文件:

1、配置jvm

/etc/logstash/jvm.options
2、logstash的一些配置
/etc/logstash/logstash.yml
3、环境变量一些的配置
/etc/logstash/startup.options
4、日志与log4j2的配置
/etc/logstash/log4j2.properties
 
开始第一个任务:
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults

Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

 提示warning,解决办法:

mkdir -p /usr/share/logstash/config/

ln -s /etc/logstash/* /usr/share/logstash/config

chown -R logstash:logstash /usr/share/logstash/config/

bin/logstash -e 'input { stdin { } } output { stdout {} }'

 如果logstash不适用命令行执行,而是作为一个服务:

  logstash启动:
  /etc/init.d/logstash start
  systemctl start logstash.service
 
开始编写配置文件进行logstash解析:
1、input插件中file插件的使用
[root@node3 conf.d]# cat file.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf

 2、多个log日志的输入、

[root@node3 conf.d]# cat file_more_choose.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

    file {

        path => ["/var/log/elasticsearch/my-elastic.log"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file_more_choose.conf

 但是发现只打印出elastic的日志,message的日志没有stdout,收集的日志是增量的,之前收集的日志已经存在sincedb中了,所以会默认从之后开始存

Path of the sincedb database file (keeps track of the current position of monitored log files) that will be written to disk. The default will write sincedb files to <path.data>/plugins/inputs/file NOTE: it must be a file path and not a directory path,这是一段sincedb_path的解释

检查配置文件的语法是否正确:
-t, --config.test_and_exit    Check configuration for valid syntax and then exit.

                                   (default: false)

-r, --config.reload.automatic Monitor configuration changes and reload

                                  whenever it is changed.

                                  NOTE: use SIGHUP to manually reload the config

                                   (default: false)

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf -t

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

Configuration OK

 3、以elasticsearch插件输出:

input {

    file {

        path => ["/var/log/logstash/logstash-plain.log"]

        start_position => "beginning"

        type => "logstash"

    }

}

output {

    elasticsearch {

        hosts => ["192.168.44.134:9200"]

        index => "logstash-log"

        codec => rubydebug

    }

}

4、根据插件type来定义输出插件:

[root@node3 conf.d]# cat type.conf

input {

    file {

       path  => ["/var/log/logstash/logstash-plain.log"]

       start_position => "beginning"

       type => "logstash_2"

    }

    file {

       path => ["/var/log/messages"]

       start_position => "beginning"

       type => "system"

    }

}

output {

    if [type] == "logstash_2" {

        elasticsearch {

            hosts => ["192.168.44.134:9200"]

            index => "logstash_2"

            codec => rubydebug

        }

    }

    if [type] == "system" {

         stdout {

            codec => rubydebug

         }

    }

}

 现在向messages日志中echo一段话:

echo "`date +%F`" >> /var/log/messages

 然后开始执行:

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f type.conf

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

{

      "@version" => "1",

          "host" => "node3",

          "path" => "/var/log/messages",

    "@timestamp" => 2017-09-20T08:19:05.782Z,

       "message" => "2017-09-20",                这是刚刚echo新增的内容

          "type" => "system"

}

 查看es中的索引是否有生成:

logstash5.x安装及简单运用的更多相关文章

  1. (转)python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  2. MongoDB在Windows下安装、Shell客户端的使用、Bson扩充的数据类型、MongoVUE可视化工具安装和简单使用、Robomongo可视化工具(2)

    一.Windows 下载安装 1.去http://www.mongodb.org/downloads下载,mongodb默认安装在C:\Program Files\MongoDB目录下,到F:\Off ...

  3. python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  4. memcache的windows下的安装和简单使用

    原文:memcache的windows下的安装和简单使用 memcache是为了解决网站访问量大,数据库压力倍增的解决方案之一,由于其简单实用,很多站点现在都在使用memcache,但是memcach ...

  5. 【RabbitMQ】RabbitMQ在Windows的安装和简单的使用

    版本说明 使用当前版本:3.5.4 安装与启动 在官网上下载其Server二进制安装包,在Windows上的安装时简单的,与一般软件没什么区别. 安装前会提示你,还需要安装Erlang,并打开下载页面 ...

  6. Thrift的安装和简单演示样例

    本文仅仅是简单的解说Thrift开源框架的安装和简单使用演示样例.对于具体的解说,后面在进行阐述. Thrift简述                                           ...

  7. libmemcached安装及简单例子

    libmemcached安装及简单例子 1.下载安装libmemcached  $ wget http://launchpad.net/libmemcached/1.0/0.44/+download/ ...

  8. [hadoop系列]Pig的安装和简单演示样例

    inkfish原创,请勿商业性质转载,转载请注明来源(http://blog.csdn.net/inkfish ).(来源:http://blog.csdn.net/inkfish) Pig是Yaho ...

  9. Redis 安装与简单示例

    Redis 安装与简单示例 一.Redis的安装 Redis下载地址如下:https://github.com/dmajkic/redis/downloads 解压后根据自己机器的实际情况选择32位或 ...

随机推荐

  1. [移动云计算开发 01] 解决 windows 7 安装设置 nginx 出现端口占用的问题

    一开始 到nginx官网 http://nginx.org/en/download.html 下载 1.4.2版本,解压安装到自己希望设置的文件夹即可, 但是打开localhost却出现了 “NOT ...

  2. springboot + ApplicationListener

    ApplicationListener自定义侦听器类 @Component public class InstantiationTracingBeanPostProcessor implements ...

  3. QQ空间的文艺打开方法

    QQ空间被限制?打不开? 看看这里 第一种:http://user.qzone.qq.com/627911903 第二种:http://627911903.qzone.qq.com 第三种:http: ...

  4. 160615、Spring3 MVC 拦截器拦截不到的问题

    昨天项目组有个成员使用拦截器的时候发现不起作用,后来发现了原因,在这里跟大家分享一下(主要是冲突了).分享的是一位网友写的文章,他总结的很好. com.zk.interceptors.MyInterc ...

  5. Java中分页功能源码实例

    一.源码(后附使用说明) package com.zhiyou100.crm.util; /** * 分页功能 * @author YangXianSheng * */ public class Pa ...

  6. 通过TZ来设置嵌入式ARM+Linux的时区

    1.在/etc/profile或者/root/.profile(/home/username/.profile) 在其中加入: TZ=UTC-08:00 export TZ hwclock -s

  7. 2017 Multi-University Training Contest - Team 8

    HDU6140 Hybrid Crystals 题目链接:http://acm.hdu.edu.cn/showproblem.php?pid=6140 题目意思:这场多校是真的坑,题目爆长,心态爆炸, ...

  8. Myeclipse更新SVNStatusSubscriber 时报告了错误。1 中的 0 个资源已经同步。

    1.先确认SVN服务是否能连接,或权限. 方法:在项目目录下右键选择repo-browser 能打开就表示正常. 2.同样在项目目录下选择cleaup 选择下面3个选项 clean up workin ...

  9. 剑指Offer——和为S的连续正数序列

    题目描述: 小明很喜欢数学,有一天他在做数学作业时,要求计算出9~16的和,他马上就写出了正确答案是100.但是他并不满足于此,他在想究竟有多少种连续的正数序列的和为100(至少包括两个数).没多久, ...

  10. squee_spoon and his Cube VI---郑大校赛(求最长子串)

    市面上最常见的魔方,是三阶魔方,英文名为Rubik's Cube,以魔方的发明者鲁比克教授的名字命名.另外,二阶魔方叫Pocket Cube,它只有2*2*2个角块,通常也就比较小:四阶魔方叫Reve ...