Logstash概述
ELK三件套:Elasticsearch, Logstash, Kibana.
我的需求是用来将mysql的数据导入到es中,我选择了logstash.
logstsh架构:搜集--->过滤--->处理(input->filter->output).
环境准备
centos7,jdk1.8(添加环境变量)
安装部署
下载地址:https://www.elastic.co/cn/downloads/logstash
*注意:必须和Elasticsearch,Kibana的版本选择相同,避免后续出现问题。(我选择的是logstash7.8.0版本)
tar -zxvf logstash-7.8.0.tar.gz -C 你喜欢的路径
#到logstash-7.8.0根目录下
./bin/logstash -f config/logstash-sample.conf #这是一个测试的配置文件
Successfully started Logstash API endpoint {:port=>9600}#出现这个就证明你部署成功了
mkdir my_config #创建你的配置文件,开始写你的脚本吧。
我的脚本参考
我的脚本是将mysql的数据传到es上
input {
jdbc {
jdbc_connection_string => "jdbc:mysql://localhost:3306/mydatabase"
jdbc_user => "myuser"
jdbc_password => "mypassword"
jdbc_driver_library => "/path/to/mysql-connector-java-5.1.49.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
statement => "SELECT * from mytable"
}
}
filter {
ruby {
code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
}
ruby {
code => "event.set('@timestamp',event.get('timestamp'))"
}
mutate {
remove_field => ["timestamp"]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "myindex"
}
}
在此示例中,Logstash 将连接到名为 mydatabase 的 MySQL 数据库,并使用 myuser 和 mypassword 进行身份验证。
它将读取 mytable 表中的所有数据,并将其写入 Elasticsearch 索引 myindex。
执行
./bin/logstash -f 你的配置脚本位置。
到kibana上查看,发现传过来了。
5.20230403脚本记录
input {
jdbc {
jdbc_driver_library => "/opt/module/logstash-7.8.0/lib/mysql/mysql-connector-java-5.1.49.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://192.168.2.226:3306/db_test01"
jdbc_user => "root"
jdbc_password => "root"
jdbc_paging_enabled => true
tracking_column => "unix_ts_in_secs"
use_column_value => true
tracking_column_type => "numeric"
schedule => "*/5 * * * * *"
statement => "SELECT *, UNIX_TIMESTAMP(modification_time) AS unix_ts_in_secs FROM es_table WHERE (UNIX_TIMESTAMP(modification_time) > :sql_last_value AND modification_time < NOW()) ORDER BY modification_time ASC"
}
}
filter {
mutate {
copy => { "id" => "[@metadata][_id]"}
remove_field => ["id", "@version", "unix_ts_in_secs"]
}
ruby {
code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
}
ruby {
code => "event.set('@timestamp',event.get('timestamp'))"
}
mutate {
remove_field => ["timestamp"]
}
}
output {
# stdout { codec => "rubydebug"}
elasticsearch {
hosts => ["192.168.2.227:9200"]
index => "es_table_index"
document_id => "%{[@metadata][_id]}"
}
}
详情请查看官网: