1. 下载和安装
PS: 注意ELK的各个主版本号需要统一,比如ElasticSearch-6.6 + FileBeat-6.6 + Logstash-6.6 + Kibana-6.6
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.6.0.tar.gz
tar zxf logstash-6.6.0.tar.gz
cd logstash-6.6.0
// 测试安装结果,输入hellow 控制台自动输出hello
bin/logstash -e 'input { stdin { } } output { stdout {} }'
2. 配置和启动
2.1. 构建一个简单的pipeline
# 接口beats的消息,并打印到Logstash控制台
vim ./first-pipeline.conf
input {
beats {
port => 5044
}
}
output {
stdout { codec => rubydebug }
# elasticsearch {
# hosts => [ "localhost:9200" ]
# }
}
:wq
# --config.test_and_exit 解析配置项,判断错误
bin/logstash -f first-pipeline.conf --config.test_and_exit
# 起动,并自动加载配置更新
bin/logstash -f first-pipeline.conf --config.reload.automatic
2.2. 构建复合的pipeline
input {
twitter {
consumer_key => "enter_your_consumer_key_here"
consumer_secret => "enter_your_secret_here"
keywords => ["cloud"]
oauth_token => "enter_your_access_token_here"
oauth_token_secret => "enter_your_access_token_secret_here"
}
beats {
port => "5044"
}
}
output {
elasticsearch {
hosts => ["IP Address 1:port1", "IP Address 2:port2", "IP Address 3"]
}
file {
path => "/path/to/target/file"
}
}
bin/logstash -f second-pipeline.conf