logstash 安装
来源:原创
时间:2019-02-03
作者:脚本小站
分类:Linux
下载:https://www.elastic.co/downloads/logstash
文档:https://www.elastic.co/guide/en/logstash/current/index.html
安装
安装jdk:
yum install -y java-1.8.0-openjdk-devel
下载 logstash:
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.6.0.rpm
安装 logstash:
yum install logstash-6.6.0.rpm -y
环境变量:
vim /etc/profile.d/logstash.sh export PATH=/usr/share/logstash/bin:$PATH
配置文件目录:
/etc/logstash/conf.d
配置
以客户端运行的配置:
httpd
input {
file {
path => ["/var/log/httpd/access_log"]
type => "apachelog"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
stdout { # 输出到屏幕
codec => rubydebug
}
}nginx:
添加nginx 日志的匹配模式:
vim /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/grok-patterns
# nginx access log
WZ ([^ ]*)
NGINXACCESS %{IP:remote_ip} \- \- \[%{HTTPDATE:timestamp}\] "%{WORD:method} %{WZ:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:status} %{NUMBER:bytes} %{QS:referer} %{QS:agent} %{QS:xforward}配置:
input {
file {
path => ["/var/log/nginx/access.log"]
type => "nginxlog"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
output {
stdout {
codec => rubydebug
}
}messages
input {
file {
path => ["/var/log/messages"]
type => "system"
start_position => "beginning"
}
}
output {
stdout {
codec => rubydebug
}
}redis:
input {
file {
path => ["/var/log/nginx/access.log"]
type => "nginxlog"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{NGINXACCESS}" }
}
}
output {
redis { # 输出到redis
port => "6379"
host => ["127.0.0.1"]
data_type => "list"
key => "logstash-%{type}" # 这里的type 引用的是input里面的type
}
}启动:
logstash -f ./redislog.conf
以服务端运行配置:
redis --> elasticsearch
input {
redis {
port => "6379"
host => "192.168.96.135"
data_type => "list"
key => "logstash-nginxlog"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
}
}redis --> 标准输出
input {
redis {
port => "6379"
host => "192.168.96.135"
data_type => "list"
key => "logstash-nginxlog"
}
}
output {
stdout {
codec => rubydebug
}
}在 elasticsearch 上查看索引信息:
curl 'localhost:9200/_cat/indices?v' # 查看所有索引 # 创建一个名为“customer”的索引,然后再查看所有的索引 curl -XPUT 'localhost:9200/customer?pretty' curl 'localhost:9200/_cat/indices?v' # 查看某个索引 curl -XGET 'http://localhost:9200/logstash-2019.02.03/_search?pretty'