logstash可以理解为log的采集传输组件
老样子第一步下载
sudo wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.tar.gz
解压出来
sudo tar -zxvf logstash-6.2.4.tar.gz
编辑一下配置配置ip和日志记录的级别
vi /config/logstash.yml
http.host: "192.168.209.160"
log.level: debug
参考运行
https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html
默认启动
./bin/logstash
显示logstash.yml空文件,容我修个错误
根据配置参考
https://www.elastic.co/guide/en/logstash/current/configuration.html
touch bin/simple.conf
vi bin/simple.conf
input { stdin { } } output { elasticsearch { hosts => ["localhost:9200"] } stdout { codec => rubydebug } }
然后到bin目录启动时读取该配置文件,当然您可以再这个配置文件中创立多个input输入的日志
./logstash -f logstash.conf
还是有报错,容我修个错误
[2018-04-18T18:22:50,490][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
无法写入目录配置文件?一看目录权限是root root赶紧chown -R pactera logstash-6.2.4
权限改过来了
tail -f logstash-plain.log
本地端口9200被拒绝了,容我开个es
netstat -lntup
9200 9300 的es , 5601端口的kibana,9600的logstash都起来了