Logstash安装搭建(⼀)
  Logstash是⼀个具有实时管道的开源数据收集引擎。可以动态地统⼀不同来源的数据,并将数据归到不同⽬的地。也是⼀个管理事件和⽇志⼯具。你可以⽤它来收集⽇志,分析它们,并将它们储存起来以供以后使⽤。
  Logstash 通常都是和 Kibana 以及 Elasticsearch ⼀起使⽤,其实还有很多其他的⽤法值得我们关注的。Elasticsearch的相关配置与搭建可以查看本。本⽂将详细讲述logstash的安装和简单配置。
1、从官⽹下载Logstash
# wget /logstash/logstash/logstash-2.3.
2、下载logstash的rpm版本,解压使⽤官⽅启动脚本
# wget /logstash/logstash/packages/centos/logstash-2.arch.rpm
3、Java 8 下载地址:
acle/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
4、配置java环境
# tar zxf -C /usr/local/
# vi /etc/profile
export JAVA_HOME=/usr/local/jdk1.8.0_91
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin
# source /etc/profile
输⼊ java -version若看到如下信息,则java环境配置成功
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)
5、解压rpm软件包
# mv logstash-2.arch.rpm /tmp
# cd /tmp/
# rpm2cpio logstash-2.arch.rpm | cpio -div
6、解压tar包,并配置启动脚本
# tar zxf logstash-2.3. -C /usr/local/
# cd /usr/local/
# mv logstash-2.3.2/ logstash
# groupadd -r logstash  //创建logstash组
# useradd -r -g logstash -d /usr/local/logstash -s /sbin/nologin -c "logstash" logstash  //创建logstash⽤户
将rpm软件包中的脚本复制到系统指定位置
# cp /tmp/etc/init.d/logstash /etc/init.d/
# cp /tmp/etc/sysconfig/logstash /etc/sysconfig/
# cp /tmp/etc/logrotate.d/logstash /etc/logrotate.d/
# chmod0644 /etc/logrotate.d/logstash
创建logstash的⽇志、HOME以及配置⽂件⽬录
# mkdir -p /etc/logstash/conf.d/  //配置⽂件⽬录
# mkdir /var/log/logstash  //⽇志⽬录
# mkdir /var/lib/logstash  //HOME⽬录
# chown logstash /var/log/logstash
# chown logstash:logstash /var/lib/logstash
# chown -R logstash:logstash /usr/local/logstash/
配置启动脚本中的变量,将其修改为logstash的实际路径
# vi /etc/init.d/logstash
program=/usr/local/logstash/bin/logstash
此时就可以将⾃⼰写好的logstash配置⽂件放到  /etc/logstash/conf.d/ 下,并设置开机启动。
7、使⽤简单的配置⽂件测试
# cat /etc/logstash/conf.f
input {
stdin {}
}
output {
stdout {
codec => rubydebug }
}
使⽤命令运⾏logstash
# /usr/local/logstash/bin/logstash -f /etc/logstash/conf.f    // -f 指定配置⽂件,在启动之前还可以使⽤ -t 参数指定配置⽂件检查配置是否正确Settings: Default pipeline workers: 4
Pipeline main started
输⼊hello world ,查看输出结果
#/usr/local/logstash/bin/logstash -f /etc/logstash/conf.f
Settings: Default pipeline workers: 4
Pipeline main started
hello world !
{
"message" => "hello world !",
"@version" => "1",
"@timestamp" => "2016-06-13T02:35:01.737Z",
"host" => "localhost.localdomain"
}
可以看到,输⼊什么内容logstash按照某种格式输出,使⽤CTRL-C命令可以退出之前运⾏的Logstash。
8、配置logstash使⽤elasticsearch作为logstash后端
# cat /usr/local/logstash/conf.f
input {
stdin {}
}
output {
elasticsearch {
hosts => "127.0.0.1"}
stdout {
codec => rubydebug }
}
执⾏命令
执⾏命令:
# /usr/local/logstash/bin/logstash agent -f conf.f
Settings: Default pipeline workers: 4
Pipeline main started
hello logstash
{
"message" => "hello logstash",
"@version" => "1",
"@timestamp" => "2016-06-13T02:39:25.112Z",
"host" => "localhost.localdomain"
}
使⽤curl命令发送请求来查看ES是否接收到了数据:
# curl '127.0.0.1:9200/_search?pretty'
{
"took" : 21,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1,
"max_score" : 1.0,
"hits" : [ {
"_index" : "logstash-2016.06.13",
"_type" : "logs",
"_id" : "AVRg9UHczZ2iuimLmajG",
"_score" : 1.0,
"_source" : {linux安装jdk rpm安装
"message" : "hello logstash",
"@version" : "1",
"@timestamp" : "2016-06-13T02:39:25.112Z",
"host" : "localhost.localdomain"
}
} ]
}
}
此时已经成功利⽤elasticsearch和logstash收集数据。
相关教程:

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。