下载jdk和logstash rpm包
https://www.oracle.com/cn/java/technologies/javase/javase-jdk8-downloads.html
https://artifacts.elastic.co/downloads/logstash/logstash-7.7.1.rpm
JDK
tar -zxvf jdk-8u261-linux-x64.tar.gz -C /usr/share
vi /etc/bashrc
export JAVA_HOME=/usr/share/jdk1.8.0_261
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin
source /etc/bashrc
rpm包一键安装logstash
rpm -ivh logstash-7.7.1.rpm
logstash 安装完成,相关信息如下:
/etc/logstash/
/var/log/logstash
systemctl status logstash
logstash rpm包安装一气呵成,尽量别用tar.gz
tar包安装logstash
systemctl和logstash user也不会像rpm包安装一样自动创建,然后很多权限问题。我使用的场景是使用logstash把数据从mysql/oracle传输到elasticsearch/opensearch。
useradd logstash
tar -zxvf logstash-7.7.1.tar.gz -C /usr/share
/usr/share/logstash/bin/system-install # 创建systemctl
mv -n /usr/share/logstash/config/* /etc/logstash
chown -R logstash:logstash /usr/share/logstash/data
# 和上面一条data命令相同作用,主要看为了logstash.yml中的设置path.data: /var/lib/logstash,不授权报错。
chown -R logstash:logstash /var/lib/logstash
chown -R logstash:logstash /var/log/logstash # 设置为last_run_metadata_path的路径,不然类似报错:org/jruby/rubyio.java:1237:in `sysopen',org/jruby/rubyio.java:3800:in `write'
# 编辑jvm.options文件:
# set the I/O temp directory,不然报错- logstash stopped processing because of an error: (loaderror) could not load ffi provider: (notimplementederror) ffi not available: null
-Djava.io.tmpdir=/opt/logstash/tmp
chown -R logstash:logstash /opt/logstash
chmod 775 -R /opt/logstash