elk-4-logstash6.5安装

IT
IT
IT
352
文章
1
评论
更多
 2020年5月25日11:44:40 评论 1,904 6645字阅读22分9秒

解压[vip]

[root@gateway opt]# tar zxf logstash-6.5.1.tar.gz 

[root@gateway opt]# mv logstash-6.5.1 logstash
[root@gateway config]# pwd
/opt/logstash/config
[root@gateway config]# ll
总用量 32
-rw-r--r-- 1 root root 1846 11月 16 11:06 jvm.options
-rw-r--r-- 1 root root 4568 11月 16 11:06 log4j2.properties
-rw-r--r-- 1 root root  342 11月 16 11:06 logstash-sample.conf
-rw-r--r-- 1 root root 8162 11月 16 11:06 logstash.yml
-rw-r--r-- 1 root root 3244 11月 16 11:06 pipelines.yml
-rw-r--r-- 1 root root 1696 11月 16 11:06 startup.options

测试

进入如下目录

[root@operation bin]# pwd
/opt/logstash/bin

输入./logstash -e ""和hello 看到如下信息说明安装成功

[root@operation bin]# ./logstash -e ""
Sending Logstash logs to /opt/logstash/logs which is now configured via log4j2.properties
[2018-12-06T10:15:57,820][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/opt/logstash/data/queue"}
[2018-12-06T10:15:57,828][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/opt/logstash/data/dead_letter_queue"}
[2018-12-06T10:15:58,156][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-12-06T10:15:58,165][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.5.1"}
[2018-12-06T10:15:58,188][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"0231f74b-7caa-4527-849e-e43331985d50", :path=>"/opt/logstash/data/uuid"}
[2018-12-06T10:16:00,855][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>6, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-12-06T10:16:00,967][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x29b3a88e run>"}
The stdin plugin is now waiting for input:
[2018-12-06T10:16:01,003][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2018-12-06T10:16:01,185][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
hello
{
"@timestamp" => 2018-12-06T02:17:04.306Z,
"host" => "operation.gr-data.uat",
"type" => "stdin",
"@version" => "1",
"message" => "hello"
}

创建一个conf.d目录存放配置文件

[root@gateway logstash]# mkdir conf.d
[root@gateway logstash]# pwd
/opt/logstash
[root@gateway logstash]# ll
总用量 844
drwxr-xr-x 2 root root 4096 12月 5 19:04 bin
drwxr-xr-x 2 root root 6 12月 5 19:09 conf.d

比如使用拉取nginx的日志

[root@localhost conf.d]# cat logstash_cli.conf 
input {
file {
path => [ "/var/log/nginx/access.log" ] 
type => "nginx_log" 
start_position => "beginning" 
}

}


output {
stdout {
codec => rubydebug
}
}

检查配置文件是否正确

[root@localhost conf.d]# /opt/logstash-6.5.1/bin/logstash -t -f ./logstash_cli.conf 
Sending Logstash logs to /opt/logstash-6.5.1/logs which is now configured via log4j2.properties
[2018-12-06T22:19:09,895][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
Configuration OK
[2018-12-06T22:19:12,068][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash

写入到es

[root@localhost conf.d]# cat logstash_cli.conf 
input {
file {
path => [ "/var/log/nginx/access.log" ] 
type => "nginx_log" 
start_position => "beginning" 
}

}


output {
elasticsearch {
hosts => "192.168.1.210"
index => "nginx-%{+YYYY.MM.dd}"
}
}

检查配置

[root@localhost conf.d]# /opt/logstash-6.5.1/bin/logstash -t -f ./logstash_cli.conf 
Sending Logstash logs to /opt/logstash-6.5.1/logs which is now configured via log4j2.properties
[2018-12-06T22:26:49,540][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
Configuration OK
[2018-12-06T22:26:50,997][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash

启动

[root@localhost conf.d]# nohup /opt/logstash-6.5.1/bin/logstash -f ./logstash_cli.conf & 
[1] 17621
[root@localhost conf.d]# nohup: 忽略输入并把输出追加到"nohup.out"

[root@localhost conf.d]# ps aux|grep logstash
root 17621 341 8.3 3688884 648416 pts/1 Sl 22:28 0:37 /bin/java -Xms1g -Xmx1g -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -cp /opt/logstash-6.5.1/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/commons-codec-1.11.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/commons-compiler-3.0.8.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/error_prone_annotations-2.0.18.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/google-java-format-1.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/guava-22.0.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/j2objc-annotations-1.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/jackson-annotations-2.9.5.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/jackson-core-2.9.5.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/jackson-databind-2.9.5.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.5.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/janino-3.0.8.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/jruby-complete-9.1.13.0.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/jsr305-1.3.9.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/log4j-api-2.9.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/log4j-core-2.9.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/logstash-core.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/opt/logstash-6.5.1/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/opt/logstash-6.5.1logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash -f ./logstash_cli.conf
root 17651 0.0 0.0 112664 972 pts/1 R+ 22:28 0:00 grep --color=auto logstash

[/vip]

继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
IT
  • 本文由 发表于 2020年5月25日11:44:40
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Elasticsearch7.8集群部署 ELK

Elasticsearch7.8集群部署

ElasticSearch基本概念 Node:运行单个ES实例的服务器. Cluster:一个或多个节点构成集群 Index:索引是多个文档的集合 Document:Index里每条记录称为Docum...
2020年7月2日 20,897 评论