第0步:下载Logstash
下载网址:https://www.elastic.co/cn/downloads/logstash
百度网盘有7.12和7.6版本的:https://pan.baidu.com/s/1DugpB7eQ8Azvv-MZ1Ey-Tw
提取码:8n9c
第一步:上传Logstash
CRT的上传方式:alt+p,进入ftp界面
- #上传压缩包
- sftp> put c:/upload/logstash-7.16.2-linux-x86_64.tar.gz
- Uploading logstash-7.16.2-linux-x86_64.tar.gz to /root/logstash-7.16.2-linux-x86_64.tar.gz
- 100% 357048KB 178524KB/s 00:00:02
- c:/upload/logstash-7.16.2-linux-x86_64.tar.gz: 365618045 bytes transferred in 2 seconds (178524 KB/s)
- sftp>
- # 将压缩包解压
- [root@localhost ~]#
- [root@localhost ~]# ls
- anaconda-ks.cfg kibana-7.6.1-linux-x86_64.tar.gz 图片
- apisix logstash-7.16.2-linux-x86_64.tar.gz 文档
- data test_centos.tar 下载
- docker-files testjar 音乐
- elasticsearch-7.6.1-linux-x86_64.tar.gz 公共 桌面
- initial-setup-ks.cfg 模板
- kafka 视频
- [root@localhost ~]# tar zxf logstash-7.16.2-linux-x86_64.tar.gz
- [root@localhost ~]# ls
- anaconda-ks.cfg kibana-7.6.1-linux-x86_64.tar.gz 视频
- apisix logstash-7.16.2 图片
- data logstash-7.16.2-linux-x86_64.tar.gz 文档
- docker-files test_centos.tar 下载
- elasticsearch-7.6.1-linux-x86_64.tar.gz testjar 音乐
- initial-setup-ks.cfg 公共 桌面
- kafka 模板
- [root@localhost ~]#
- # 将解压后的文件剪切到/usr/local中,并命名为logstash
- [root@localhost ~]# mv logstash-7.16.2 /usr/local/logstash
- [root@localhost ~]# ls
- anaconda-ks.cfg kibana-7.6.1-linux-x86_64.tar.gz 图片
- apisix logstash-7.16.2-linux-x86_64.tar.gz 文档
- data test_centos.tar 下载
- docker-files testjar 音乐
- elasticsearch-7.6.1-linux-x86_64.tar.gz 公共 桌面
- initial-setup-ks.cfg 模板
- kafka 视频
- [root@localhost ~]# cd /usr/local/logstash
- [root@localhost logstash]# ls
- bin data jdk logstash-core NOTICE.TXT x-pack
- config Gemfile lib logstash-core-plugin-api tools
- CONTRIBUTORS Gemfile.lock LICENSE.txt modules vendor
- [root@localhost logstash]#
目录说明
- [root@localhost logstash]# ls
- bin data jdk logstash-core NOTICE.TXT x-pack
- config Gemfile lib logstash-core-plugin-api tools
- CONTRIBUTORS Gemfile.lock LICENSE.txt modules vendor
- # bin:启动文件,可执行文件
- # config:配置文件
- # data:数据历史文件
- # lib:依赖的jar包
- # logstash-core-plugin-api:核心插件
- # tools:工具
- # modules:组件
- # logstash-core:logstash核心
- [root@localhost logstash]# ls config/
- jvm.options logstash-sample.conf pipelines.yml
- log4j2.properties logstash.yml startup.options
- # jvm.options:优化配置
- # log4j2.properties:日志配置
- # logstash.yml :核心配置
- # logstash-sample.conf:示例文件
- # pipelines.yml:管道配置
- # startup.options:启动的日志信息
- [root@localhost logstash]#
第二步:修改配置
配置解释说明:
- <code>input:接收日志输入配置
- tcp:协议
- mode: logstash 服务
- host:logstash主机 ip
- port:端口,自己指定。默认4560
- output :日志处理输出
- elasticsearch:交给es处理
- action : es 中index命令。也就是新增命令。(存在就是覆盖,不存在就是新增)
- hosts : es的主机。如果是es集群的话,就是ip:port,ip:port......
- index:存储日志的索引。如果不存在可以自动创建。默认的type名称为doc
我们修改的就是 logstash-sample.conf文件
- <code>input{
- tcp{
- mode => "server"
- post => "192.168.156.131"
- port => 4560
- }
- }
- filter{
- }
- output{
- elasticsearch {
- action => "index"
- hosts => "192.168.156.131:9200"
- index => "test_log"
- }
- }
修改配置文件
- [root@localhost logstash]# cd config/
- [root@localhost config]# ls
- jvm.options logstash-sample.conf pipelines.yml
- log4j2.properties logstash.yml startup.options
- [root@localhost config]# cp logstash-sample.conf my-app.conf
- [root@localhost config]# ls
- jvm.options logstash-sample.conf my-app.conf startup.options
- log4j2.properties logstash.yml pipelines.yml
- [root@localhost config]# vim my-app.conf
- input{
- tcp{
- mode => "server"
- host => "192.168.156.131"
- port => 4560
- }
- }
- filter{
- }
- output{
- elasticsearch {
- action => "index"
- hosts => "192.168.156.131:9200"
- index => "test_log"
- }
- }
- ~
- ~
- ~
- ~
- ~
- ~
- "my-app.conf" 17L, 198C 已写入
- [root@localhost config]#
第三步:启动logstash
可以root启动,要求就是当前的es是启动的
- [root@localhost config]# ../bin/logstash -f my-app.conf
或者是绝对路径:
- [yytest@localhost local]$ /usr/local/logstash/bin/logstash -f /usr/local/logstash/config/my-app.conf
第四步:查看是否启动成功
按如下操作有下面的结果的话,就证明成功了
- [root@localhost config]# curl http://localhost:9600
- {"host":"localhost.localdomain","version":"7.16.2","http_address":"127.0.0.1:9600","id":"12c6f1eb-2634-4ab8-a704-d5466e8661c8","name":"localhost.localdomain","ephemeral_id":"fc9637cf-111e-403c-bc59-437682114163","status":"green","snapshot":false,"pipeline":{"workers":2,"batch_size":125,"batch_delay":50},"build_date":"2021-12-18T19:42:46Z","build_sha":"f1d497fd30cdb16dccebf2de1a788aad1005be9a","build_snapshot":false}
- [root@localhost config]#
来源:https://blog.caogenba.net/yyuggjggg/article/details/122415978
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作! | 
