官方介绍:Logstash is an open source data collection engine with real-time pipelining capabilities。简单来说logstash就是一根具备实时数据传输能力的管道,负责将数据信息从管道的输入端传输到管道的输出端;与此同时这根管道还可以让你根据自己的需求在中间加上滤网,Logstash提供里很多功能强大的滤网以满足你的各种应用场景。
logstash 官方文档
https://www.elastic.co/guide/en/logstash/current/getting-started-with-logstash.html
1.安装
logstash 依赖JDK8
下载压缩包 https://www.elastic.co/downloads/logstash
下载后,直接解压就可以
2.配置
logstash 主要的配置,就是输入 input 和 输出output,还有 filter
input{
http{
host=> "0.0.0.0"
port=> 8080
id=> "luoyang"
}
}
output{
kafka {
bootstrap_servers => '192.168.23.223:19092,192.168.23.224:19092,192.168.23.225:19092'
topic_id => 'smkAppLog'
# codec => plain
## 对消息进行格式化
codec => line{format=>"%{message}" }
}
## 输出到文件里面
file{
path => "/home/smkapp/my.log"
}
}
logstash 的http_input插件,
默认:
codec => “plain”
additional_codecs =>{“application/json”=>“json”}
在这种 情况下,使用HTTP 方式向 logstash 插件里面发送数据,
如果请求头里面的 content-type = application/json 这种情况下,logstash会默认的把JSON 数据解析出来,放在最外层的JSON数据里面
{
"@version": "1",
"headers": {
"http_accept": null,
"request_method": "POST",
"http_user_agent": "okhttp/3.8.1",
"x_real_ip": "192.168.160.131",
"connection": "close",
"request_path": "/smk_data/",
"x_forwarded_for": "192.168.160.131",
"http_host": "192.168.23.211:80",
"accept_encoding": "gzip",
"content_type": "application/json;charset=utf-8",
"content_length": "266",
"http_version": "HTTP/1.0"
},
"host": "192.168.23.211",
"@timestamp": "2018-12-25T01:16:45.736Z",
"event_type": "click", // 发送的数据
"data_sender": "android",// 发送的数据
"device_id": "00000000-2242-9cf3-0000-0000138614f1",// 发送的数据
"element_id": "31lf",// 发送的数据
"element_type": "advert",// 发送的数据
"current_page_name": "B201812201509559344",// 发送的数据
"business_id": "Y31|8",// 发送的数据
"platform": "android",// 发送的数据
"element_content": "X201812211338438973"// 发送的数据
}
如果 content-type 不是 application/json
{
"@version": "1",
"headers": {
"http_accept": null,
"request_method": "POST",
"http_user_agent": "okhttp/3.8.1",
"x_real_ip": "192.168.160.131",
"connection": "close",
"request_path": "/smk_data/",
"x_forwarded_for": "192.168.160.131",
"http_host": "192.168.23.211:80",
"accept_encoding": "gzip",
"content_type": "application/json;charset=utf-8",
"content_length": "266",
"http_version": "HTTP/1.0"
},
"host": "192.168.23.211",
"@timestamp": "2018-12-25T01:16:45.736Z",
"message": "{\"event_type\":\"click\",\"data_sender\":\"android\",\"device_id\":\"00000000-2242-9cf3-0000-0000138614f1\",\"element_id\":\"31lf\",\"element_type\":\"advert\",\"current_page_name\":\"B201812201509559344\",\"business_id\":\"Y31|8\",\"platform\":\"android\",\"element_content\":\"X201812211338438973\"}" // 发送的数据
}
那么发送的数据就是这样的,会有一个message 字段。
因为我个人习惯于无论发送方使用什么样的 请求头,接收到的数据格式都保持一致,所有,我去掉默认的 codec
input{
http{
host=> "0.0.0.0"
port=> 6000
id=> "fff"
additional_codecs =>{} ##去除默认添加的codec
}
}
output{
kafka {
bootstrap_servers => '192.168.23.223:19092,192.168.23.224:19092,192.168.23.225:19092'
topic_id => 'smkAppLog'
codec => line{format=>"%{message}" }
}
file {
path=>'/home/smkapp/my.log'
# codec => line{format=>"%{message}"}
}
}
提供给 H5使用的话,就会出现 跨域问题,解决办法
input{
http{
host=> "0.0.0.0"
port=> 6000
id=> "luoyang"
additional_codecs =>{}
#codec => json
#解决跨域问题
response_headers => {"Content-Type"=>"text/plain"}
response_headers => {"Access-Control-Allow-Origin"=>"*"}
response_headers => {"Access-Control-Max-Age"=>"86400"}
}
}
output{
kafka {
bootstrap_servers => '192.168.23.223:19092,192.168.23.224:19092,192.168.23.225:19092'
topic_id => 'smkAppLog'
codec => line{format=>"%{message}" }
}
file {
path=>'/home/smkapp/my.log'
# codec => line{format=>"%{message}"}
}
}
logstash 提供了一个管道,快速把数据导入到其他的中间件里面,比如ES,kafka,等
然后今天有提到一个需求,需要使用logstash 提供2个http 接口对外,然后分别分发到 同一个kafka里面,不同的topic.
input{
http{
## logstash 固有配置,可以自定一个type,输出可以做判断
type => "type_smkapplog"
host=> "0.0.0.0"
port=> 6000
## 同一个插件,需要使用2次,ID 一定要不一样
id=> "http_smkapplog"
additional_codecs =>{}
#codec => json
response_headers => {"Content-Type"=>"text/plain"}
response_headers => {"Access-Control-Allow-Origin"=>"*"}
response_headers => {"Access-Control-Max-Age"=>"86400"}
}
http{
## logstash 固有配置,可以自定一个type,输出可以做判断
type => "type_smkadlog"
host=> "0.0.0.0"
port=> 6001
## 同一个插件,需要使用2次,ID 一定要不一样
id=> "smk_ad_log"
additional_codecs =>{}
#codec => json
response_headers => {"Content-Type"=>"text/plain"}
response_headers => {"Access-Control-Allow-Origin"=>"*"}
response_headers => {"Access-Control-Max-Age"=>"86400"}
}
}
output{
## 根据type 判断消息类型,输入到指定KAFKA的指定topic
if [type] == "type_smkapplog"{
kafka {
## 同一个插件,需要使用2次,ID 一定要不一样
id => "output_smkapplog"
bootstrap_servers => '192.168.23.223:19092,192.168.23.224:19092,192.168.23.225:19092'
topic_id => 'smkAppLog'
codec => line{format=>"%{message}" }
}
file {
id => "file_spplog"
path=>'/home/smkapp/applog.log'
#codec => line{format=>"%{message}"}
}
}
if [type] == "type_smkadlog"{
kafka {
id => "output_smkadlog"
bootstrap_servers => '192.168.23.223:19092,192.168.23.224:19092,192.168.23.225:19092'
topic_id => 'smk_ad_log'
codec => line{format=>"%{message}" }
}
file {
id =>"file_adlog"
path=>'/home/smkapp/my.log'
#codec => line{format=>"%{message}"}
}
}
}