下载 解压
wget https://artifacts.elastic.co/downloads/logstash/logstash-8.3.2-linux-x86_64.tar.gz tar -xzvf logstash-8.3.2-linux-x86_64.tar.gz
运行指定 conf
./bin/logstash -f logToEs.conf
后台启动
nohup ./bin/logstash -f log_to_es.conf >/dev/null &;
输入插件(input plugins)用于从给定的源系统中提取或接收数据。
Logstash 参考指南中提供了支持的输入插件列表:Input plugins | Logstash Reference [8.3] | Elastic
过滤器插件(filter plugin)用于对传入事件应用转换和丰富。
Logstash 参考指南中提供了支持的过滤器插件列表:https://www.elastic.co/guide/en/logstash/current/filterplugins.html
输出插件(output plugin)用于将数据加载或发送到给定的目标系统。
Logstash 参考指南中提供了支持的输出插件列表:Output plugins | Logstash Reference [8.3] | Elastic
配置输出
input {
beats {
port => 18001
type => beats_log
}
}
filter {
geoip {
source => "clientip"
target => "clientgeo"
}
}
output {
stdout {}
elasticsearch {
# es的ip和端口
hosts => ["localhost:9200"]
# ES索引名称(自己定义的)
index => "http_log"
user => "elastic"
password => "nY2CFqiSEjnbiNiYSseY"
ssl => true
cacert => "/usr/local/elasticsearch/elasticsearch-8.3.1/config/certs/http_ca.crt"
}
}