前提:部署了elasticsearch、kibana,现在部署logstash,需要三个版本一致,如果jdk是17以后的,最好全部是部署最新版的,不然有些垃圾回收器废弃。
1、拉取镜像
docker pull docker.elastic.co/logstash/logstash:7.13.4
2、 启动镜像
docker run -d --name logstash --net es-net --restart=always -p 9600:9600 -p 4560:4560 --privileged=true docker.elastic.co/logstash/logstash:7.13.4
3、修改logstash.yml,找不到就用find / -name logstash.yml
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://127.0.0.1:9200" ]
path.config: /usr/share/logstash/config/conf.d/*.conf
path.logs: /usr/share/logstash/logs
4、logstash.conf找不到就用find / -name logstash.conf
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
}
}
output {
elasticsearch {
action => "index"
hosts => ["127.0.0.1:9200"]
index => "index-logstash"
}
stdout {
codec => rubydebug
}
}
5、重启kibana、logstash
###如果是windows启动
#查看配置是否成功
logstash -f logstash.conf -t
#启动
logstash -f logstash.conf