安装:logstash-input-mongodb插件
环境:ElasticSearch5.5.2、logstash5.5.2
步骤:
1.进入logstash 下bin目录 查看已安装的插件:
./logstash-plugin list
2.没有logstash-input-mongodb插件那么:
./logstash-plugin install logstash-input-mongodb
3.安装失败:换成国内镜像
4.没有gem命令的先安装:
yum install gem
5.可以先看下镜像库地址命令如下:
gem sources -l
可以看到地址是:https://rubygems.org/
6.现在替换为国内的ruby-china库:
gem sources --add https://gems.ruby-china.org/ --remove https://rubygems.org/
#在查看
gem sources -l
7.此时一切换成功,当然,并没有完成,需要进入logstash目录对 Gemfile文件 进行编辑:
vim Gemfile
将文件里的 source "https://rubygems.org" 换成 source "https://gems.ruby-china.org"
8.wq保存退出,好了进入bin再执行:
./logstash-plugin install logstash-input-mongodb
9.依然失败的话:
10.后台在Google上找到解决方案:
将https替换成http,
sudo gem sources -r http://rubygems.org
11.查看镜像
12.进入bin再执行:
./logstash-plugin install logstash-input-mongodb
13.安装成功:
14.查看插件列表:
./logstash-plugin list
15.改回镜像
sudo gem sources -a https://rubygems.org
16.添加logstash配置文件
进入logstash-5.5.2/config
vim logstash.conf
input {
mongodb {
uri => 'mongodb://192.168.1.43:27017/testData'
placeholder_db_dir => '/opt/logstash-mongodb/'
placeholder_db_name =>'testData.db'
collection => 'test_Current'
}
}
filter
{
# 把mongodb的_id替换掉,因为_id是跟es中的_id相冲突
mutate {
rename => ["_id", "uid"]
}
# ruby {
# code => "event.set('message', eval(event('title')))"
# }
}
output {
file {
path => "/var/log/mongons.log"
}
stdout {
codec => json_lines
}
elasticsearch {
hosts => ["192.168.1.171:9200"]
index => "testData"
manage_template=>true
document_type => "judicial"
}
}
17.启动logstash
bin/logstash -f logstash.conf