1.下载压缩
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.3.tar.gz
tar -xzvf logstash-6.2.3.tar.gz
mv logstash-6.2.3/ logstash
2.测试
./bin/logstash -e 'input{ stdin { } } output{ stdout { } }'
3.修改配置
在logstash的主目录下
vim config/log_to_es.conf
内容如下:
#For detail structure of this file
#Set:https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
input{
#For detail config for log4j as input
#See:https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html
tcp:{
mode => "server",
host => "[ip]",
port => [port] #logstash port ex:9250
}
filter {
#Only matched data are send to output.
}
}
output {
#For detail config for elasticsearch as output
#See:https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
elasticsearch {
action => "index" #The operation on ES
hosts => "[ip]:[port]" #ElasticSearch host,can be array
index => "applog"
}
}
2.启动
./bin/logstash -f config/log_to_es.conf或者后台运行守护进程
./bin/logstash -f config/log_to_es.conf &
3.测试
curl 'http://[ip]:[port]/_search?pretty'(ip和port为elasticsearch的ip和port)
2185
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
