logstash 安装
来源:原创
时间:2019-02-03
作者:脚本小站
分类:Linux
下载:https://www.elastic.co/downloads/logstash
文档:https://www.elastic.co/guide/en/logstash/current/index.html
安装
安装jdk:
yum install -y java-1.8.0-openjdk-devel
下载 logstash:
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.6.0.rpm
安装 logstash:
yum install logstash-6.6.0.rpm -y
环境变量:
vim /etc/profile.d/logstash.sh export PATH=/usr/share/logstash/bin:$PATH
配置文件目录:
/etc/logstash/conf.d
配置
以客户端运行的配置:
httpd
input { file { path => ["/var/log/httpd/access_log"] type => "apachelog" start_position => "beginning" } } filter { grok { match => { "message" => "%{COMBINEDAPACHELOG}" } } } output { stdout { # 输出到屏幕 codec => rubydebug } }
nginx:
添加nginx 日志的匹配模式:
vim /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-patterns-core-4.1.2/patterns/grok-patterns # nginx access log WZ ([^ ]*) NGINXACCESS %{IP:remote_ip} \- \- \[%{HTTPDATE:timestamp}\] "%{WORD:method} %{WZ:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:status} %{NUMBER:bytes} %{QS:referer} %{QS:agent} %{QS:xforward}
配置:
input { file { path => ["/var/log/nginx/access.log"] type => "nginxlog" start_position => "beginning" } } filter { grok { match => { "message" => "%{NGINXACCESS}" } } } output { stdout { codec => rubydebug } }
messages
input { file { path => ["/var/log/messages"] type => "system" start_position => "beginning" } } output { stdout { codec => rubydebug } }
redis:
input { file { path => ["/var/log/nginx/access.log"] type => "nginxlog" start_position => "beginning" } } filter { grok { match => { "message" => "%{NGINXACCESS}" } } } output { redis { # 输出到redis port => "6379" host => ["127.0.0.1"] data_type => "list" key => "logstash-%{type}" # 这里的type 引用的是input里面的type } }
启动:
logstash -f ./redislog.conf
以服务端运行配置:
redis --> elasticsearch
input { redis { port => "6379" host => "192.168.96.135" data_type => "list" key => "logstash-nginxlog" } } output { elasticsearch { hosts => ["localhost:9200"] index => "logstash-%{+YYYY.MM.dd}" } }
redis --> 标准输出
input { redis { port => "6379" host => "192.168.96.135" data_type => "list" key => "logstash-nginxlog" } } output { stdout { codec => rubydebug } }
在 elasticsearch 上查看索引信息:
curl 'localhost:9200/_cat/indices?v' # 查看所有索引 # 创建一个名为“customer”的索引,然后再查看所有的索引 curl -XPUT 'localhost:9200/customer?pretty' curl 'localhost:9200/_cat/indices?v' # 查看某个索引 curl -XGET 'http://localhost:9200/logstash-2019.02.03/_search?pretty'