Logstash requires Java 8. Java 9 is not supported.

1、检测是否安装了java环境

[root@node3 ~]# java -version

java version "1.8.0_144"

Java(TM) SE Runtime Environment (build 1.8.0_144-b01)

Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

2、安装logstash,这里采用rpm安装

  https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.rpm

  yum install logstash

查看生成了哪些文件,查看logstash的执行文件位置:

/etc/logstash/conf.d

/etc/logstash/jvm.options

/etc/logstash/log4j2.properties

/etc/logstash/logstash.yml

/etc/logstash/startup.options

/usr/share/logstash/CHANGELOG.md

/usr/share/logstash/CONTRIBUTORS

/usr/share/logstash/Gemfile

/usr/share/logstash/Gemfile.jruby-1.9.lock

/usr/share/logstash/LICENSE

/usr/share/logstash/NOTICE.TXT

/usr/share/logstash/bin/cpdump

/usr/share/logstash/bin/ingest-convert.sh

/usr/share/logstash/bin/logstash

/usr/share/logstash/bin/logstash-plugin

/usr/share/logstash/bin/logstash-plugin.bat

/usr/share/logstash/bin/logstash.bat

/usr/share/logstash/bin/logstash.lib.sh

/usr/share/logstash/bin/ruby

/usr/share/logstash/bin/setup.bat

/usr/share/logstash/bin/system-install

/usr/share/logstash/data

 配置文件:

1、配置jvm

/etc/logstash/jvm.options
2、logstash的一些配置
/etc/logstash/logstash.yml
3、环境变量一些的配置
/etc/logstash/startup.options
4、日志与log4j2的配置
/etc/logstash/log4j2.properties
 
开始第一个任务:
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults

Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

 提示warning,解决办法:

mkdir -p /usr/share/logstash/config/

ln -s /etc/logstash/* /usr/share/logstash/config

chown -R logstash:logstash /usr/share/logstash/config/

bin/logstash -e 'input { stdin { } } output { stdout {} }'

 如果logstash不适用命令行执行,而是作为一个服务:

  logstash启动:
  /etc/init.d/logstash start
  systemctl start logstash.service
 
开始编写配置文件进行logstash解析:
1、input插件中file插件的使用
[root@node3 conf.d]# cat file.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf

 2、多个log日志的输入、

[root@node3 conf.d]# cat file_more_choose.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

    file {

        path => ["/var/log/elasticsearch/my-elastic.log"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file_more_choose.conf

 但是发现只打印出elastic的日志,message的日志没有stdout,收集的日志是增量的,之前收集的日志已经存在sincedb中了,所以会默认从之后开始存

Path of the sincedb database file (keeps track of the current position of monitored log files) that will be written to disk. The default will write sincedb files to <path.data>/plugins/inputs/file NOTE: it must be a file path and not a directory path,这是一段sincedb_path的解释

检查配置文件的语法是否正确:
-t, --config.test_and_exit    Check configuration for valid syntax and then exit.

                                   (default: false)

-r, --config.reload.automatic Monitor configuration changes and reload

                                  whenever it is changed.

                                  NOTE: use SIGHUP to manually reload the config

                                   (default: false)

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf -t

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

Configuration OK

 3、以elasticsearch插件输出:

input {

    file {

        path => ["/var/log/logstash/logstash-plain.log"]

        start_position => "beginning"

        type => "logstash"

    }

}

output {

    elasticsearch {

        hosts => ["192.168.44.134:9200"]

        index => "logstash-log"

        codec => rubydebug

    }

}

4、根据插件type来定义输出插件:

[root@node3 conf.d]# cat type.conf

input {

    file {

       path  => ["/var/log/logstash/logstash-plain.log"]

       start_position => "beginning"

       type => "logstash_2"

    }

    file {

       path => ["/var/log/messages"]

       start_position => "beginning"

       type => "system"

    }

}

output {

    if [type] == "logstash_2" {

        elasticsearch {

            hosts => ["192.168.44.134:9200"]

            index => "logstash_2"

            codec => rubydebug

        }

    }

    if [type] == "system" {

         stdout {

            codec => rubydebug

         }

    }

}

 现在向messages日志中echo一段话:

echo "`date +%F`" >> /var/log/messages

 然后开始执行:

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f type.conf

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

{

      "@version" => "1",

          "host" => "node3",

          "path" => "/var/log/messages",

    "@timestamp" => 2017-09-20T08:19:05.782Z,

       "message" => "2017-09-20",                这是刚刚echo新增的内容

          "type" => "system"

}

 查看es中的索引是否有生成:

logstash5.x安装及简单运用的更多相关文章

  1. (转)python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  2. MongoDB在Windows下安装、Shell客户端的使用、Bson扩充的数据类型、MongoVUE可视化工具安装和简单使用、Robomongo可视化工具(2)

    一.Windows 下载安装 1.去http://www.mongodb.org/downloads下载,mongodb默认安装在C:\Program Files\MongoDB目录下,到F:\Off ...

  3. python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  4. memcache的windows下的安装和简单使用

    原文:memcache的windows下的安装和简单使用 memcache是为了解决网站访问量大,数据库压力倍增的解决方案之一,由于其简单实用,很多站点现在都在使用memcache,但是memcach ...

  5. 【RabbitMQ】RabbitMQ在Windows的安装和简单的使用

    版本说明 使用当前版本:3.5.4 安装与启动 在官网上下载其Server二进制安装包,在Windows上的安装时简单的,与一般软件没什么区别. 安装前会提示你,还需要安装Erlang,并打开下载页面 ...

  6. Thrift的安装和简单演示样例

    本文仅仅是简单的解说Thrift开源框架的安装和简单使用演示样例.对于具体的解说,后面在进行阐述. Thrift简述                                           ...

  7. libmemcached安装及简单例子

    libmemcached安装及简单例子 1.下载安装libmemcached  $ wget http://launchpad.net/libmemcached/1.0/0.44/+download/ ...

  8. [hadoop系列]Pig的安装和简单演示样例

    inkfish原创,请勿商业性质转载,转载请注明来源(http://blog.csdn.net/inkfish ).(来源:http://blog.csdn.net/inkfish) Pig是Yaho ...

  9. Redis 安装与简单示例

    Redis 安装与简单示例 一.Redis的安装 Redis下载地址如下:https://github.com/dmajkic/redis/downloads 解压后根据自己机器的实际情况选择32位或 ...

随机推荐

  1. [黑金原创教程] FPGA那些事儿《设计篇 II》- 图像处理前夕·续

    简介 一本为入门图像处理的入门书,另外还教你徒手搭建平台(片上系统),内容请看目录. 注意 为了达到最好的实验的结果,请准备以下硬件. AX301开发板, OV7670摄像模块, VGA接口显示器, ...

  2. 【BZOJ4244】邮戳拉力赛 DP

    [BZOJ4244]邮戳拉力赛 Description IOI铁路是由N+2个站点构成的直线线路.这条线路的车站从某一端的车站开始顺次标号为0...N+1. 这条路线上行驶的电车分为上行电车和下行电车 ...

  3. 解Bug之路-TCP粘包Bug

    解Bug之路-TCP粘包Bug - 无毁的湖光-Al的个人空间 - 开源中国 https://my.oschina.net/alchemystar/blog/880659 解Bug之路-TCP粘包Bu ...

  4. multi-paradigm

    w范式 https://developer.mozilla.org/en-US/docs/Web/JavaScript https://developer.mozilla.org/zh-CN/docs ...

  5. [LeetCode] 1.Two Sum - Swift

    1. Two Sum Given an array of integers, return indices of the two numbers such that they add up to a ...

  6. MySQL的表分区详解 - 查看分区数据量,查看全库数据量----转http://blog.csdn.net/xj626852095/article/details/51245844

    查看分区数据量,查看全库数据量 USE information_schema; SELECT PARTITION_NAME,TABLE_ROWS FROM INFORMATION_SCHEMA.PAR ...

  7. Nginx 之 内存池

    1.基本结构 先来学习一下nginx内存池的几个主要数据结构:[见:./src/core/ngx_palloc.h/.c]     ngx_pool_data_t(内存池数据块结构) 1: typed ...

  8. Redis在实际项目中的一应用场景

    1.在游戏的等级排名,可以将用户信息放入到redis的有序集合中,然后取得相应的排名,不用自己写代码去排序. 2.利用rediss的数据特性的自增,自减属性,可以将项目中的一些列入阅读数,点赞数放入到 ...

  9. 1.新建项目出现包名有一道红线The SDK platform-tools version ((23)) is too old to check APIs compiled with API 20

    原因分析: 就是platform-tools的版本太低导致的 解决方法: 1.点开SDK Manager,打开SDK Tools面板,将Platform-tools更新 2.更新完之后重启as即可

  10. Linux 远程复制

    一.将本机文件复制到远程服务器上 #scp /usr/local/kafka_2.11-0.11.0.0/config/server.properties app@172.25.6.11:/haha ...