Logstash的基本骨架
一个 Logstash 配置的基本组件包括, input, codec, filter, output, 其中过滤器filter, codec不是必须的.
下载需要的软件包
wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.3.3/elasticsearch-2.3.3.tar.gz
wget https://download.elastic.co/logstash/logstash/logstash-all-plugins-2.3.1.tar.gz
wget https://download.elastic.co/kibana/kibana/kibana-4.5.1-linux-x64.tar.gz一个基本的配置,用于解析Apache日志
input {
file {
path => "/home/ycc/elk/configs/logstash-tutorial.log"
start_position => beginning
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
}
}
output {
elasticsearch {
hosts => "192.168.212.129:9200"
}
stdout {}
}启动 Elastic Search
/home/ycc/elk/elasticsearch-2.3.3/bin/elasticsearch --network.host 192.168.212.129 --http.port 9200启动 Logstash
/home/ycc/elk/logstash-2.3.1/bin/logstash -f /home/ycc/elk/configs/first-pipeline.conf样本数据: https://download.elastic.co/demos/logstash/gettingstarted/logstash-tutorial.log.gz
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。