elk7.7.1【系列六】logstash7.7.1安装及基础配置

1、下载logstash

https://artifacts.elastic.co/downloads/logstash/logstash-7.7.1.rpm

2、安装logstash

rpm --install logstash-7.7.1.rpm

3、默认文件目录 

Type	Description	Default Location	Setting
home	Home directory of the Logstash installation.	/usr/share/logstash
bin	Binary scripts including logstash to start Logstash and logstash-plugin to install plugins	/usr/share/logstash/bin
settings	Configuration files, including logstash.yml, jvm.options, and startup.options	/etc/logstash	path.settings
conf	Logstash pipeline configuration files	/etc/logstash/conf.d/*.conf	See /etc/logstash/pipelines.yml
logs	Log files	/var/log/logstash	path.logs
plugins	Local, non Ruby-Gem plugin files. Each plugin is contained in a subdirectory. Recommended for development only.	/usr/share/logstash/plugins	path.plugins
data	Data files used by logstash and its plugins for any persistence needs.	/var/lib/logstash	path.data

4、测试logstash

#启动logstash
systemctl start logstash.service 
#打开启动文件目录
cd /usr/share/logstash
#测试命令
bin/logstash -e 'input { stdin { } } output { stdout {} }'

logstash一般接收filebeat采集到的数据，因为filebeat更加轻量化 

5、配置filebeat将日志输入到logstash

vim /etc/filebeat/filebeat.yml

 重启filebeat

systemctl restart filebeat

6、配置logstash接收filebeat推送过来的数据

cd /etc/logstash/conf.d
vim file.conf 

input {
    beats {
        port => "5044"
    }
}

filter{

}

output {
    stdout { codec => rubydebug }
}

这里配置的输出是控制台

#重启logstash
systemctl restart logstash

查看控制台输出

systemctl status logstash