3. Logstash部署

--摘自 https://www.kancloud.cn/devops-centos/centos-linux-devops/397455


基础环境部署
阿里YUM源配置（略）
全局JDK 1.8部署

yum install java-1.8.131

部署logstash

rpm -ivh /opt/logstash-5.5.2.rpm
#logstash家目录
/usr/share/logstash/

测试logstash

输出到当前窗口（不推荐）

/usr/share/logstash/bin/logstash -e 'input {stdin {}} output {stdout{ }}'
...13:46:31.584 [Api Webserver INFO  logstash.agent - Successfully started Logstash API endpoint {:port=>9600}

输入信息，logstash会增加时间戳后输出

ding
2017-08-29T05:46:35.339Z web-log.prod.ding ding

备注：时间戳不是东八区，浏览器会自动转换

输出到文件并压缩

/usr/share/logstash/bin/logstash -e 'input {stdin {}} output {file{path => "/tmp/logstash-test-%{+YYYY.MM.dd}.log.tar.gz" gzip => true}}'

输入后查看/tmp下的文件

输出到Elasticsearch

/usr/share/logstash/bin/logstash -e 'input {stdin {}} output {elasticsearch{hosts=>["192.168.0.231:9200"] index => "logstash-test-%{+YYYY.MM.dd}"}}'

输入后查看Elasticsearch

备注：括号位置，双引号位置，容易出错，还需要熟悉logstash的语法

3. Logstash部署

--摘自 https://www.kancloud.cn/devops-centos/centos-linux-devops/397455


基础环境部署
阿里YUM源配置（略）
全局JDK 1.8部署

yum install java-1.8.131

部署logstash

rpm -ivh /opt/logstash-5.5.2.rpm
#logstash家目录
/usr/share/logstash/

测试logstash

输出到当前窗口（不推荐）

/usr/share/logstash/bin/logstash -e 'input {stdin {}} output {stdout{ }}'
...13:46:31.584 [Api Webserver INFO  logstash.agent - Successfully started Logstash API endpoint {:port=>9600}

输入信息，logstash会增加时间戳后输出

ding
2017-08-29T05:46:35.339Z web-log.prod.ding ding

备注：时间戳不是东八区，浏览器会自动转换

输出到文件并压缩

/usr/share/logstash/bin/logstash -e 'input {stdin {}} output {file{path => "/tmp/logstash-test-%{+YYYY.MM.dd}.log.tar.gz" gzip => true}}'

输入后查看/tmp下的文件

输出到Elasticsearch

/usr/share/logstash/bin/logstash -e 'input {stdin {}} output {elasticsearch{hosts=>["192.168.0.231:9200"] index => "logstash-test-%{+YYYY.MM.dd}"}}'

输入后查看Elasticsearch

备注：括号位置，双引号位置，容易出错，还需要熟悉logstash的语法