注意:es、logstash、kibana版本必须保持一致,这里用的8.2.2
1.下载logstash
2.解压到指定目录
这里使用/opt/logstash
tar -zxvf Logstash-8.2.2-linux-x86_64.tar.gz -C /opt/logstash3.复制配置文件
进入config目录,复制logstash-sample.conf并改名为logstash-es.conf
cp ./logstash-sample.conf ./logstash-es.conf4.修改配置文件
logstash-es.conf
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
type => "debug"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4561
codec => json_lines
type => "error"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4562
codec => json_lines
type => "business"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4563
codec => json_lines
type => "record"
}
}
filter{
if [type] == "record" {
mutate {
remove_field => "port"
remove_field => "host"
remove_field => "@version"
}
json {
source => "message"
remove_field => ["message"]
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
index => "mall-%{type}-%{+YYYY.MM.dd}"
}
}
5.创建日志、数据目录
在/opt/logstash/目录下新建logs、data目录
cd /opt/logstash
mkdir logs
mkdir data6.安装插件
插件:logstash-codec-json_lines
cd /opt/logstash/logstash-8.2.2/bin
./logstash-plugin install logstash-codec-json_lines7.测试配置文件
最后显示ok就行
/opt/logstash/logstash-8.2.2/bin/logstash -t -f /opt/logstash/logstash-8.2.2/logstash-es.conf --path.data=/opt/logstash/data --path.logs=/opt/logstash/logs8.手动启动
nohup /opt/logstash/logstash-8.2.2/bin/logstash -f /opt/logstash/logstash-8.2.2/logstash-es.conf --path.data=/opt/logstash/data --path.logs=/opt/logstash/logs &9.拓展
logstash.yml 主配置文件
# cat /etc/logstash/logstash.yml |grep -v ^#
path.data: /data/logstash #数据存储路径
path.config: /etc/logstash/conf.d/*.conf #配置文件目录
path.logs: /var/log/logstash #日志输出路径
# mkdir -p /data/logstash #创建data目录
# chown logstash.logstash /data/logstash #授权
jvm.options 配置运行时内存的最大最小值,垃圾清理机制等
-Xms256m #设置内存大小
-Xmx256m
startup.options 运行相关的参数
文章评论