下载Logstash
[centos@us-prod-ops-logan-2 app]$ pwd /data/app [centos@us-prod-ops-logan-2 app]$ wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.5-linux-x86_64.tar.gz [centos@us-prod-ops-logan-2 app]$ tar zxf logstash-7.17.5-linux-x86_64.tar.gz
配置Logstash
[centos@us-prod-ops-logan-2 config]$ pwd
/data/app/logstash-7.17.5/config
[centos@us-prod-ops-logan-2 config]$ cp logstash-sample.conf logstash.conf
[centos@us-prod-ops-logan-2 config]$ vim logstash.conf
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
file {
path => "/data/logs/logan-server/info.log"
path => "/data/logs/logan-server/error.log"
}
}
output {
elasticsearch {
hosts => ["http://10.0.3.174:9200"]
index => "logstash-logan-%{+YYYY.MM.dd}"
user => "elastic"
password => "root2758!@@"
}
}
- 测试是否正确(测试配置文件正确性,如下:-t表示测试,-f 指定文件位置)
[centos@us-prod-ops-logan-2 bin]$ pwd
/data/app/logstash-7.17.5/bin
[centos@us-prod-ops-logan-2 bin]$ ./logstash -t -f /data/app/logstash-7.17.5/config/logstash.conf
Using JAVA_HOME defined java: /data/app/jdk-13.0.1
WARNING: Using JAVA_HOME while Logstash distribution comes with a bundled JDK.
DEPRECATION: The use of JAVA_HOME is now deprecated and will be removed starting from 8.0. Please configure LS_JAVA_HOME instead.
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to /data/app/logstash-7.17.5/logs which is now configured via log4j2.properties
[2022-07-12T07:43:23,143][INFO ][logstash.runner ] Log4j configuration path used is: /data/app/logstash-7.17.5/config/log4j2.properties
[2022-07-12T07:43:23,154][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.17.5", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 Java HotSpot(TM) 64-Bit Server VM 13.0.1+9 on 13.0.1+9 +indy +jit [linux-x86_64]"}
[2022-07-12T07:43:23,155][INFO ][logstash.runner ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djdk.io.File.enableADS=true, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true]
[2022-07-12T07:43:23,429][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-07-12T07:43:24,316][INFO ][org.reflections.Reflections] Reflections took 79 ms to scan 1 urls, producing 119 keys and 419 values
Configuration OK
[2022-07-12T07:43:25,104][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
- 直接运行,加-r参数
[centos@us-prod-ops-logan-2 bin]$ ./logstash -r -f /data/app/logstash-7.17.5/config/logstash.conf
继续阅读
![EFK集群[案例]](https://devops.centoscn.vip/wp-content/uploads/2022/09/2022092017505680.png?x-oss-process=image/resize,m_fill,w_280 ,h_210, limit_0)
评论