Centos6.5下 logstash5.2.2的安装 + log4j模式 (实践成功)
1、下载 logstash-5.2.2.tar.gz
2、解压
tar -zxvf logstash-5.2.2.tar.gz
cd logstash-5.2.2
3、修改 jvm heap 大小
/opt/logstash/logstash-5.2.2/config/jvm.options
4、创建log4j_to_es.conf,内容如下:
# For detail structure of this file
# Set: https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
input {
# For detail config for log4j as input,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html
log4j {
mode => "server"
host => "0.0.0.0"
port => 4567
type => "log4j"
}
}
filter {
#Only matched data are send to output.
# Set: https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
input {
# For detail config for log4j as input,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html
log4j {
mode => "server"
host => "0.0.0.0"
port => 4567
type => "log4j"
}
}
filter {
#Only matched data are send to output.
mutate{
remove_field => "class"
remove_field => "path"
remove_field => "timestamp"
remove_field => "@version"
}
}
output {
# For detail config for elasticsearch as output,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
elasticsearch {
action => "index" #The operation on ES
hosts => "127.0.0.1:9200" #ElasticSearch host, can be array.
index => "%{type}-%{+YYYY-MM-dd}" #The index to write data to, can be any string.
}
stdout{
codec => rubydebug{}
}
}
remove_field => "class"
remove_field => "path"
remove_field => "timestamp"
remove_field => "@version"
}
}
output {
# For detail config for elasticsearch as output,
# See: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html
elasticsearch {
action => "index" #The operation on ES
hosts => "127.0.0.1:9200" #ElasticSearch host, can be array.
index => "%{type}-%{+YYYY-MM-dd}" #The index to write data to, can be any string.
}
stdout{
codec => rubydebug{}
}
}
nohup ./logstash -f ../config/log4j_to_es.conf &
扫一扫
7115
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
