Logstash requires Java 8. Java 9 is not supported.

1、检测是否安装了java环境

[root@node3 ~]# java -version

java version "1.8.0_144"

Java(TM) SE Runtime Environment (build 1.8.0_144-b01)

Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode)

2、安装logstash,这里采用rpm安装

  https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.rpm

  yum install logstash

查看生成了哪些文件,查看logstash的执行文件位置:

/etc/logstash/conf.d

/etc/logstash/jvm.options

/etc/logstash/log4j2.properties

/etc/logstash/logstash.yml

/etc/logstash/startup.options

/usr/share/logstash/CHANGELOG.md

/usr/share/logstash/CONTRIBUTORS

/usr/share/logstash/Gemfile

/usr/share/logstash/Gemfile.jruby-1.9.lock

/usr/share/logstash/LICENSE

/usr/share/logstash/NOTICE.TXT

/usr/share/logstash/bin/cpdump

/usr/share/logstash/bin/ingest-convert.sh

/usr/share/logstash/bin/logstash

/usr/share/logstash/bin/logstash-plugin

/usr/share/logstash/bin/logstash-plugin.bat

/usr/share/logstash/bin/logstash.bat

/usr/share/logstash/bin/logstash.lib.sh

/usr/share/logstash/bin/ruby

/usr/share/logstash/bin/setup.bat

/usr/share/logstash/bin/system-install

/usr/share/logstash/data

 配置文件:

1、配置jvm

/etc/logstash/jvm.options
2、logstash的一些配置
/etc/logstash/logstash.yml
3、环境变量一些的配置
/etc/logstash/startup.options
4、日志与log4j2的配置
/etc/logstash/log4j2.properties
 
开始第一个任务:
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -e 'input { stdin {} } output { stdout {} }'

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults

Could not find log4j2 configuration at path //usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console

 提示warning,解决办法:

mkdir -p /usr/share/logstash/config/

ln -s /etc/logstash/* /usr/share/logstash/config

chown -R logstash:logstash /usr/share/logstash/config/

bin/logstash -e 'input { stdin { } } output { stdout {} }'

 如果logstash不适用命令行执行,而是作为一个服务:

  logstash启动:
  /etc/init.d/logstash start
  systemctl start logstash.service
 
开始编写配置文件进行logstash解析:
1、input插件中file插件的使用
[root@node3 conf.d]# cat file.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf

 2、多个log日志的输入、

[root@node3 conf.d]# cat file_more_choose.conf

input {

    file {

        path => ["/var/log/messages"]

        start_position => "beginning"

    }

    file {

        path => ["/var/log/elasticsearch/my-elastic.log"]

        start_position => "beginning"

    }

}

output {

    stdout {

        codec => rubydebug

    }

}
[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file_more_choose.conf

 但是发现只打印出elastic的日志,message的日志没有stdout,收集的日志是增量的,之前收集的日志已经存在sincedb中了,所以会默认从之后开始存

Path of the sincedb database file (keeps track of the current position of monitored log files) that will be written to disk. The default will write sincedb files to <path.data>/plugins/inputs/file NOTE: it must be a file path and not a directory path,这是一段sincedb_path的解释

检查配置文件的语法是否正确:
-t, --config.test_and_exit    Check configuration for valid syntax and then exit.

                                   (default: false)

-r, --config.reload.automatic Monitor configuration changes and reload

                                  whenever it is changed.

                                  NOTE: use SIGHUP to manually reload the config

                                   (default: false)

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f file.conf -t

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

Configuration OK

 3、以elasticsearch插件输出:

input {

    file {

        path => ["/var/log/logstash/logstash-plain.log"]

        start_position => "beginning"

        type => "logstash"

    }

}

output {

    elasticsearch {

        hosts => ["192.168.44.134:9200"]

        index => "logstash-log"

        codec => rubydebug

    }

}

4、根据插件type来定义输出插件:

[root@node3 conf.d]# cat type.conf

input {

    file {

       path  => ["/var/log/logstash/logstash-plain.log"]

       start_position => "beginning"

       type => "logstash_2"

    }

    file {

       path => ["/var/log/messages"]

       start_position => "beginning"

       type => "system"

    }

}

output {

    if [type] == "logstash_2" {

        elasticsearch {

            hosts => ["192.168.44.134:9200"]

            index => "logstash_2"

            codec => rubydebug

        }

    }

    if [type] == "system" {

         stdout {

            codec => rubydebug

         }

    }

}

 现在向messages日志中echo一段话:

echo "`date +%F`" >> /var/log/messages

 然后开始执行:

[root@node3 conf.d]# /usr/share/logstash/bin/logstash -f type.conf

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

{

      "@version" => "1",

          "host" => "node3",

          "path" => "/var/log/messages",

    "@timestamp" => 2017-09-20T08:19:05.782Z,

       "message" => "2017-09-20",                这是刚刚echo新增的内容

          "type" => "system"

}

 查看es中的索引是否有生成:

logstash5.x安装及简单运用的更多相关文章

  1. (转)python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  2. MongoDB在Windows下安装、Shell客户端的使用、Bson扩充的数据类型、MongoVUE可视化工具安装和简单使用、Robomongo可视化工具(2)

    一.Windows 下载安装 1.去http://www.mongodb.org/downloads下载,mongodb默认安装在C:\Program Files\MongoDB目录下,到F:\Off ...

  3. python requests的安装与简单运用

    requests是python的一个HTTP客户端库,跟urllib,urllib2类似,那为什么要用requests而不用urllib2呢?官方文档中是这样说明的: python的标准库urllib ...

  4. memcache的windows下的安装和简单使用

    原文:memcache的windows下的安装和简单使用 memcache是为了解决网站访问量大,数据库压力倍增的解决方案之一,由于其简单实用,很多站点现在都在使用memcache,但是memcach ...

  5. 【RabbitMQ】RabbitMQ在Windows的安装和简单的使用

    版本说明 使用当前版本:3.5.4 安装与启动 在官网上下载其Server二进制安装包,在Windows上的安装时简单的,与一般软件没什么区别. 安装前会提示你,还需要安装Erlang,并打开下载页面 ...

  6. Thrift的安装和简单演示样例

    本文仅仅是简单的解说Thrift开源框架的安装和简单使用演示样例.对于具体的解说,后面在进行阐述. Thrift简述                                           ...

  7. libmemcached安装及简单例子

    libmemcached安装及简单例子 1.下载安装libmemcached  $ wget http://launchpad.net/libmemcached/1.0/0.44/+download/ ...

  8. [hadoop系列]Pig的安装和简单演示样例

    inkfish原创,请勿商业性质转载,转载请注明来源(http://blog.csdn.net/inkfish ).(来源:http://blog.csdn.net/inkfish) Pig是Yaho ...

  9. Redis 安装与简单示例

    Redis 安装与简单示例 一.Redis的安装 Redis下载地址如下:https://github.com/dmajkic/redis/downloads 解压后根据自己机器的实际情况选择32位或 ...

随机推荐

  1. Go语言 map的实现

    Go中的map在底层是用哈希表实现的,你可以在 $GOROOT/src/pkg/runtime/hashmap.goc 找到它的实现. 数据结构 哈希表的数据结构中一些关键的域如下所示: struct ...

  2. registered the JDBC driver [com.mysql.jdbc.Driver] but failed to unregister it when the web application was stopped.

    最近在用maven整合SSH做个人主页时候,在eclipse里面使用tomcat7插件发布项目是没有问题的,但当打包成war之后,使用tomcat7单独发布项目,就出现了以下的错误. 严重: Cont ...

  3. MapReduce分区和排序

    一.排序 排序: 需求:根据用户每月使用的流量按照使用的流量多少排序 接口-->WritableCompareable 排序操作在hadoop中属于默认的行为.默认按照字典殊勋排序. 排序的分类 ...

  4. logback.xml解读----日志配置解读

    初次接触javaweb项目的日志是log4j文件,但是后来发现通过配置logback.xml文件实现日志输出非常好用.经过上午的学习,现总结如下: 直接上配置文件和注释: <?xml versi ...

  5. Python作用域-->闭包函数-->装饰器

    1.作用域: 在python中,作用域分为两种:全局作用域和局部作用域. 全局作用域是定义在文件级别的变量,函数名.而局部作用域,则是定义函数内部. 关于作用域,我要理解两点:a.在全局不能访问到局部 ...

  6. Oracle 学习笔记 12 -- 序列、索引、同义词

    版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/Topyuluo/article/details/24232449 数据库的对象包含:表.视图.序列. ...

  7. (转)Linux下配置tomcat+apr+native应对高并发

    摘要:在慢速网络上Tomcat线程数开到300以上的水平,不配APR,基本上300个线程狠快就会用满,以后的请求就只好等待.但是配上APR之后,Tomcat将以JNI的形式调用Apache HTTP服 ...

  8. bat命令运行java程序

    注意空格 本文主要介绍在window下bat批处理文件调用java的方法. @echo off echo 正在加密,请稍后....echo path:%~dp0 set base=%~dp0 set ...

  9. SDUT中大数实现的题目,持续更新(JAVA实现)

    SDUT2525:A-B (模板题) import java.util.Scanner; import java.math.*; public class Main { public static v ...

  10. fork和multiprocessing

    多任务理解 单核cpu完成多个cpu的切换 时间片轮转 优先级调度 并发看上去一起执行 并行一起执行 调度算法 什么样的情况下用什么样的规则让谁去执行. 一般情况下电脑都是并发的 进程的创建-fork ...