1, 解压文件
安装在 cd /usr/local/
tar -zxvf logstash-6.2.1.tar.gz
2,
配置文件1: simple.conf文件
input {
stdin {}
}
output {
stdout {
codec => rubydebug }
}
配置文件1:运行输出
[root@localhost config]# ../bin/logstash -f simple.conf
hello
world
Sending Logstash's logs to /usr/local/logstash-6.3.2/logs which is now configured via log4j2.properties
[2018-08-30T11:55:33,463][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-08-30T11:55:33,949][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.3.2"}
[2018-08-30T11:55:36,606][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>40, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-08-30T11:55:36,711][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x5d5a5912 run>"}
The stdin plugin is now waiting for input:
[2018-08-30T11:55:36,824][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2018-08-30T11:55:37,240][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
{
"host" => "localhost.localdomain",
"@version" => "1",
"message" => "hello",
"@timestamp" => 2018-08-30T03:55:36.761Z
}
{
"host" => "localhost.localdomain",
"@version" => "1",
"message" => "world",
"@timestamp" => 2018-08-30T03:55:36.810Z
}
配置文件2: simple2.conf
input {
file {
path =>"/usr/local/logstash-6.3.2/logstash_data/data.txt"
start_position => "beginning"
}
}
output {
file {
path => "/usr/local/logstash-6.3.2/logstash_data/data_out.txt"
gzip => false
}
}
配置文件2:运行输出
--一个窗口运行
echo ' xxxx' >> data.txt
--另一个窗口看输出数据
tail -f logstash_data/data_out.tx
配置文件3
input {
stdin {}
}
output {
file {
path => "/usr/local/logstash-6.3.2/logstash_data/testlog"
gzip => false
}
}
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
