ELK--Logstash 安裝
中國鏡像:https://www.newbe.pro/Mirrors/Mirrors-Logstash/
https://mirrors.huaweicloud.com/logstash/6.4.1/
1.下載logstash安裝包
wget https://mirrors.huaweicloud.com/logstash/6.4.1/logstash-6.4.1.tar.gz
2.解壓安裝包
tar -xvf logstash-6.4.1.tar.gz
安裝包結構:
3.配置Logstash
要配置Logstash,需要創建一個配置文件,指定要使用的插件和每個插件的設置,運行logstash時,使用-f指定配置文件。官網demo:https://www.elastic.co/guide/en/logstash/current/config-examples.html
3.1 直接啓動
bin/logstash -e 'input { stdin {} } output { stdout{} }'
bin/logstash -e 'input { stdin {} } output { stdout{codec => ouyangcheng} }'
bin/logstash -e 'input { stdin {} } output { elasticsearch {hosts => ["127.0.0.1:9200"]} stdout{} }'
bin/logstash -e 'input { stdin {} } output { elasticsearch {hosts => ["192.168.0.101:9200", "192.168.0.102:9200"]} stdout{} }'
3.2 以配置文件的形式
3.2.1 編輯配置文件:vim logstash-comcat.config
input {
file {
type => "tomcatlog"
path => "/home/data/logs/*/*.log"
discover_interval => 10
}
}
output {
elasticsearch {
index => "tomcat-%{+YYYY.MM.dd}"
hosts => ["127.0.0.1:9200"]
}
}
3.2.2 啓動logstack
sh bin/logstash -f logstash-comcat.config
3.2.3 msyql 數據同步
(1)編輯mysql配置文件
vim logstash-mysql.config
(2)文件內容爲:
input {
stdin {}
jdbc {
type => "jdbc"
jdbc_user => "root"
jdbc_password => "123456"
jdbc_driver_library => "/home/data/soft/logstash-6.4.1/mysql-connector-java-8.0.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
statement => "SELECT * from t_blog where update_time >= :sql_last_value"
tracking_column => "update_time"
clean_run => true
schedule => "* * * * *"
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/oyc?characterEncoding=UTF-8"
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "blog"
document_id => "%{id}"
document_type => "blog"
}
stdout {
codec => json_lines
}
}
(3) 啓動
nohup sh bin/logstash -f logstash-mysql.config &
(4) 效果
同步數據:
使用kibana查詢數據:
更多案例可參考 gitbook使用手冊:http://doc.yonyoucloud.com/doc/logstash-best-practice-cn/index.html