ELK(ElasticSearch+Logstash+ Kibana)鎼徐瀹炴椂鏃ュ織鍒嗘瀽骞冲彴
涓€銆佺畝浠?/p>
聽聽聽聽聽 ELK 鐢变笁閮ㄥ垎缁勬垚elasticsearch銆乴ogstash銆乲ibana锛宔lasticsearch鏄竴涓繎浼煎疄鏃剁殑鎼滅储骞冲彴,瀹冭浣犱互鍓嶆墍鏈湁鐨勯€熷害澶勭悊澶ф暟鎹垚涓哄彲鑳姐€?/p>
聽聽聽聽聽 Elasticsearch鎵€娑夊強鍒扮殑姣忎竴椤规妧鏈兘涓嶆槸鍒涙柊鎴栬€呴潻鍛芥€х殑锛屽叏鏂囨悳绱紝鍒嗘瀽绯荤粺浠ュ強鍒嗗竷寮忔暟鎹簱杩欎簺鏃╁氨宸茬粡瀛樺湪浜嗐€傚畠鐨勯潻鍛芥€у湪浜庡皢杩欎簺鐙珛涓旀湁鐢ㄧ殑鎶€鏈暣鍚堟垚涓€涓竴浣撳寲鐨勩€佸疄鏃剁殑搴旂敤銆侲lasticsearch鏄潰鍚戞枃妗?document oriented)鐨勶紝杩欐剰鍛崇潃瀹冨彲浠ュ瓨鍌ㄦ暣涓璞℃垨鏂囨。(document)銆傜劧鑰屽畠涓嶄粎浠呮槸瀛樺偍锛岃繕浼氱储寮?index)姣忎釜鏂囨。鐨勫唴瀹逛娇涔嬪彲浠ヨ鎼滅储銆傚湪Elasticsearch涓紝浣犲彲浠ュ鏂囨。锛堣€岄潪鎴愯鎴愬垪鐨勬暟鎹級杩涜绱㈠紩銆佹悳绱€佹帓搴忋€佽繃婊ゃ€傝繖绉嶇悊瑙f暟鎹殑鏂瑰紡涓庝互寰€瀹屽叏涓嶅悓锛岃繖涔熸槸Elasticsearch鑳藉鎵ц澶嶆潅鐨勫叏鏂囨悳绱㈢殑鍘熷洜涔嬩竴銆?/p>
聽聽聽聽聽聽搴旂敤绋嬪簭鐨勬棩蹇楀ぇ閮ㄥ垎閮芥槸杈撳嚭鍦ㄦ湇鍔″櫒鐨勬棩蹇楁枃浠朵腑锛岃繖浜涙棩蹇楀ぇ澶氭暟閮芥槸寮€鍙戜汉鍛樻潵鐪嬶紝鐒跺悗寮€鍙戝嵈娌℃湁鐧婚檰鏈嶅姟鍣ㄧ殑鏉冮檺锛屽鏋滃紑鍙戜汉鍛橀渶瑕佹煡鐪嬫棩蹇楀氨闇€瑕佸埌鏈嶅姟鍣ㄦ潵鎷挎棩蹇楋紝鐒跺悗浜ょ粰寮€鍙戯紱璇曟兂涓嬶紝涓€涓叕鍙告湁10涓紑鍙戯紝涓€涓紑鍙戞瘡澶╂壘杩愮淮鎷夸竴娆℃棩蹇楋紝瀵硅繍缁翠汉鍛樻潵璇村氨鏄竴涓笉灏忕殑宸ヤ綔閲忥紝杩欐牱澶уぇ褰卞搷浜嗚繍缁寸殑宸ヤ綔鏁堢巼锛岄儴缃睧LKstack涔嬪悗锛屽紑鍙戜换鎰忓氨鍙互鐩存帴鐧婚檰鍒癒ibana涓繘琛屾棩蹇楃殑鏌ョ湅锛屽氨涓嶉渶瑕侀€氳繃杩愮淮鏌ョ湅鏃ュ織锛岃繖鏍峰氨鍑忚交浜嗚繍缁寸殑宸ヤ綔銆?/p>
聽聽聽聽聽 鏃ュ織绉嶇被澶氾紝涓斿垎鏁e湪涓嶅悓鐨勪綅缃毦浠ユ煡鎵撅細濡侺AMP/LNMP缃戠珯鍑虹幇璁块棶鏁呴殰锛岃繖涓椂鍊欏彲鑳藉氨闇€瑕侀€氳繃鏌ヨ鏃ュ織鏉ヨ繘琛屽垎鏋愭晠闅滃師鍥狅紝濡傛灉闇€瑕佹煡鐪媋pache鐨勯敊璇棩蹇楋紝灏遍渶瑕佺櫥闄嗗埌Apache鏈嶅姟鍣ㄦ煡鐪嬶紝濡傛灉鏌ョ湅鏁版嵁搴撻敊璇棩蹇楀氨闇€瑕佺櫥闄嗗埌鏁版嵁搴撴煡璇紝璇曟兂涓€涓嬶紝濡傛灉鏄竴涓泦缇ょ幆澧冨嚑鍗佸彴涓绘満鍛紵杩欐椂濡傛灉閮ㄧ讲浜咵LKstack灏卞彲浠ョ櫥闄嗗埌Kibana椤甸潰杩涜鏌ョ湅鏃ュ織锛屾煡鐪嬩笉鍚岀被鍨嬬殑鏃ュ織鍙渶瑕佺數鍔ㄩ紶鏍囧垏鎹竴涓嬬储寮曞嵆鍙€?/p>
Logstash锛氭棩蹇楁敹闆嗗伐鍏凤紝鍙互浠庢湰鍦扮鐩橈紝缃戠粶鏈嶅姟锛堣嚜宸辩洃鍚鍙o紝鎺ュ彈鐢ㄦ埛鏃ュ織锛夛紝娑堟伅闃熷垪涓敹闆嗗悇绉嶅悇鏍风殑鏃ュ織锛岀劧鍚庤繘琛岃繃婊ゅ垎鏋愶紝骞跺皢鏃ュ織杈撳嚭鍒癊lasticsearch涓€?/p>
Elasticsearch锛氭棩蹇楀垎甯冨紡瀛樺偍/鎼滅储宸ュ叿锛屽師鐢熸敮鎸侀泦缇ゅ姛鑳斤紝鍙互灏嗘寚瀹氭椂闂寸殑鏃ュ織鐢熸垚涓€涓储寮曪紝鍔犲揩鏃ュ織鏌ヨ鍜岃闂€?/p>
Kibana锛氬彲瑙嗗寲鏃ュ織Web灞曠ず宸ュ叿锛屽Elasticsearch涓瓨鍌ㄧ殑鏃ュ織杩涜灞曠ず锛岃繕鍙互鐢熸垚鐐附鐨勪华琛ㄧ洏銆?/p>
聽
浜屻€佸畨瑁呴儴缃?鍥犱负鎴戞槸娴嬭瘯鐜锛屽氨灏咵lasticSearch+Logstash+ Kibana瑁呭湪涓€鍙拌櫄鎷熸満涓婇潰浜?
瀹夎jdk
rpm -ivh jdk-8u92-linux-x64.rpm
vi /etc/profile
JAVA_HOME=/usr/java/jdk1.8.0_92/
source /etc/profile
echo $JAVA_HOME聽聽聽
/usr/java/jdk1.8.0_92/
java -version
java version "1.8.0_92"
Java(TM) SE Runtime Environment (build 1.8.0_92-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode)
瀹夎elasticsearch
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
娣诲姞yum鏂囦欢
echo "
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1" >> /etc/yum.repos.d/elasticsearch.repo
yum install elasticsearch -y
mkdir /data/elk/{data,logs}
Type 聽聽聽聽聽聽聽聽聽聽 Description 聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 聽Location
home 聽聽聽聽 elasticsearch瀹夎鐨勭洰褰?聽聽聽聽聽聽聽聽聽聽 {extract.path}
bin 聽聽聽聽聽聽聽聽 elasticsearch浜岃繘鍒惰剼鏈洰褰?聽聽聽聽 {extract.path}/bin
conf 聽聽聽聽聽聽聽聽 閰嶇疆鏂囦欢鐩綍 聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 {extract.path}/config
data聽聽聽聽聽聽聽聽聽聽 鏁版嵁鐩綍 聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 聽 {extract.path}/data
logs 聽聽聽聽聽聽聽聽聽 鏃ュ織鐩綍聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽{extract.path}/logs
plugins 聽聽聽聽 鎻掍欢鐩綍聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽{extract.path}/plugin
閰嶇疆璇存槑锛?br>vi /etc/elasticsearch/elasticsearch.yml
cluster.name: es
path.data: /data/elk/data
path.logs: /data/elk/logs
bootstrap.mlockall: true
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["192.168.2.215", "host2"]
鍚姩锛?br>/etc/init.d/elasticsearch start
http://192.168.2.215:9200/
elasticsearch鐨刢onfig鏂囦欢澶归噷闈㈡湁涓や釜閰嶇疆鏂囦欢锛歟lasticsearch.yml鍜宭ogging.yml锛?/p>
绗竴涓槸es鐨勫熀鏈厤缃枃浠讹紝绗簩涓槸鏃ュ織閰嶇疆鏂囦欢锛宔s涔熸槸浣跨敤log4j鏉ヨ褰曟棩蹇楃殑锛屾墍浠ogging.yml閲岀殑璁剧疆鎸夋櫘閫歭og4j閰嶇疆鏂囦欢鏉ヨ缃氨琛屼簡銆備笅闈富瑕佽瑙d笅elasticsearch.yml杩欎釜鏂囦欢涓彲閰嶇疆鐨勪笢瑗裤€?br>cluster.name:elasticsearch
閰嶇疆es鐨勯泦缇ゅ悕绉帮紝榛樿鏄痚lasticsearch锛宔s浼氳嚜鍔ㄥ彂鐜板湪鍚屼竴缃戞涓嬬殑es锛屽鏋滃湪鍚屼竴缃戞涓嬫湁澶氫釜闆嗙兢锛屽氨鍙互鐢ㄨ繖涓睘鎬ф潵鍖哄垎涓嶅悓鐨勯泦缇ゃ€?br>node.name:鈥滷ranzKafka鈥?br>鑺傜偣鍚嶏紝榛樿闅忔満鎸囧畾涓€涓猲ame鍒楄〃涓悕瀛楋紝璇ュ垪琛ㄥ湪es鐨刯ar鍖呬腑config鏂囦欢澶归噷name.txt鏂囦欢涓紝鍏朵腑鏈夊緢澶氫綔鑰呮坊鍔犵殑鏈夎叮鍚嶅瓧銆?br>node.master:true
鎸囧畾璇ヨ妭鐐规槸鍚︽湁璧勬牸琚€変妇鎴愪负node锛岄粯璁ゆ槸true锛宔s鏄粯璁ら泦缇や腑鐨勭涓€鍙版満鍣ㄤ负master锛屽鏋滆繖鍙版満鎸備簡灏变細閲嶆柊閫変妇master銆?br>node.data:true
鎸囧畾璇ヨ妭鐐规槸鍚﹀瓨鍌ㄧ储寮曟暟鎹紝榛樿涓簍rue銆?br>index.number_of_shards:5
璁剧疆榛樿绱㈠紩鍒嗙墖涓暟锛岄粯璁や负5鐗囥€?br>index.number_of_replicas:1
璁剧疆榛樿绱㈠紩鍓湰涓暟锛岄粯璁や负1涓壇鏈€?br>path.conf:/path/to/conf
璁剧疆閰嶇疆鏂囦欢鐨勫瓨鍌ㄨ矾寰勶紝榛樿鏄痚s鏍圭洰褰曚笅鐨刢onfig鏂囦欢澶广€?br>path.data:/path/to/data
璁剧疆绱㈠紩鏁版嵁鐨勫瓨鍌ㄨ矾寰勶紝榛樿鏄痚s鏍圭洰褰曚笅鐨刣ata鏂囦欢澶癸紝鍙互璁剧疆澶氫釜瀛樺偍璺緞锛岀敤閫楀彿闅斿紑锛屼緥锛?br>path.data:/path/to/data1,/path/to/data2
path.work:/path/to/work
璁剧疆涓存椂鏂囦欢鐨勫瓨鍌ㄨ矾寰勶紝榛樿鏄痚s鏍圭洰褰曚笅鐨剋ork鏂囦欢澶广€?br>path.logs:/path/to/logs
璁剧疆鏃ュ織鏂囦欢鐨勫瓨鍌ㄨ矾寰勶紝榛樿鏄痚s鏍圭洰褰曚笅鐨刲ogs鏂囦欢澶?br>path.plugins:/path/to/plugins
璁剧疆鎻掍欢鐨勫瓨鏀捐矾寰勶紝榛樿鏄痚s鏍圭洰褰曚笅鐨刾lugins鏂囦欢澶?br>bootstrap.mlockall:true
璁剧疆涓簍rue鏉ラ攣浣忓唴瀛樸€傚洜涓哄綋jvm寮€濮媠wapping鏃秂s鐨勬晥鐜囦細闄嶄綆锛屾墍浠ヨ淇濊瘉瀹冧笉swap锛屽彲浠ユ妸ES_MIN_MEM鍜孍S_MAX_MEM涓や釜鐜鍙橀噺璁剧疆鎴愬悓涓€涓€硷紝骞朵笖淇濊瘉鏈哄櫒鏈夎冻澶熺殑鍐呭瓨鍒嗛厤缁檈s銆傚悓鏃朵篃瑕佸厑璁竐lasticsearch鐨勮繘绋嬪彲浠ラ攣浣忓唴瀛橈紝linux涓嬪彲浠ラ€氳繃`ulimit-lunlimited`鍛戒护銆?br>network.bind_host:192.168.0.1
璁剧疆缁戝畾鐨刬p鍦板潃锛屽彲浠ユ槸ipv4鎴杋pv6鐨勶紝榛樿涓?.0.0.0銆俷etwork.publish_host:192.168.0.1
璁剧疆鍏跺畠鑺傜偣鍜岃鑺傜偣浜や簰鐨刬p鍦板潃锛屽鏋滀笉璁剧疆瀹冧細鑷姩鍒ゆ柇锛屽€煎繀椤绘槸涓湡瀹炵殑ip鍦板潃銆?br>network.host:192.168.0.1
杩欎釜鍙傛暟鏄敤鏉ュ悓鏃惰缃産ind_host鍜宲ublish_host涓婇潰涓や釜鍙傛暟銆?br>transport.tcp.port:9300
璁剧疆鑺傜偣闂翠氦浜掔殑tcp绔彛锛岄粯璁ゆ槸9300銆?br>transport.tcp.compress:true
璁剧疆鏄惁鍘嬬缉tcp浼犺緭鏃剁殑鏁版嵁锛岄粯璁や负false锛屼笉鍘嬬缉銆?br>http.port:9200
璁剧疆瀵瑰鏈嶅姟鐨刪ttp绔彛锛岄粯璁や负9200銆?br>http.max_content_length:100mb
璁剧疆鍐呭鐨勬渶澶у閲忥紝榛樿100mb
http.enabled:false
鏄惁浣跨敤http鍗忚瀵瑰鎻愪緵鏈嶅姟锛岄粯璁や负true锛屽紑鍚€?br>gateway.type:local
gateway鐨勭被鍨嬶紝榛樿涓簂ocal鍗充负鏈湴鏂囦欢绯荤粺锛屽彲浠ヨ缃负鏈湴鏂囦欢绯荤粺锛屽垎甯冨紡鏂囦欢绯荤粺锛宧adoop鐨凥DFS锛屽拰amazon鐨剆3鏈嶅姟鍣紝鍏跺畠鏂囦欢绯荤粺鐨勮缃柟娉曚笅娆″啀璇︾粏璇淬€?br>gateway.recover_after_nodes:1
璁剧疆闆嗙兢涓璑涓妭鐐瑰惎鍔ㄦ椂杩涜鏁版嵁鎭㈠锛岄粯璁や负1銆?br>gateway.recover_after_time:5m
璁剧疆鍒濆鍖栨暟鎹仮澶嶈繘绋嬬殑瓒呮椂鏃堕棿锛岄粯璁ゆ槸5鍒嗛挓銆?br>gateway.expected_nodes:2
璁剧疆杩欎釜闆嗙兢涓妭鐐圭殑鏁伴噺锛岄粯璁や负2锛屼竴鏃﹁繖N涓妭鐐瑰惎鍔紝灏变細绔嬪嵆杩涜鏁版嵁鎭㈠銆?br>cluster.routing.allocation.node_initial_primaries_recoveries:4
鍒濆鍖栨暟鎹仮澶嶆椂锛屽苟鍙戞仮澶嶇嚎绋嬬殑涓暟锛岄粯璁や负4銆?br>cluster.routing.allocation.node_concurrent_recoveries:2
娣诲姞鍒犻櫎鑺傜偣鎴栬礋杞藉潎琛℃椂骞跺彂鎭㈠绾跨▼鐨勪釜鏁帮紝榛樿涓?銆?br>indices.recovery.max_size_per_sec:0
璁剧疆鏁版嵁鎭㈠鏃堕檺鍒剁殑甯﹀锛屽鍏?00mb锛岄粯璁や负0锛屽嵆鏃犻檺鍒躲€?br>indices.recovery.concurrent_streams:5
璁剧疆杩欎釜鍙傛暟鏉ラ檺鍒朵粠鍏跺畠鍒嗙墖鎭㈠鏁版嵁鏃舵渶澶у悓鏃舵墦寮€骞跺彂娴佺殑涓暟锛岄粯璁や负5銆?br>discovery.zen.minimum_master_nodes:1
璁剧疆杩欎釜鍙傛暟鏉ヤ繚璇侀泦缇や腑鐨勮妭鐐瑰彲浠ョ煡閬撳叾瀹僋涓湁master璧勬牸鐨勮妭鐐广€傞粯璁や负1锛屽浜庡ぇ鐨勯泦缇ゆ潵璇达紝鍙互璁剧疆澶т竴鐐圭殑鍊硷紙2-4锛?br>discovery.zen.ping.timeout:3s
璁剧疆闆嗙兢涓嚜鍔ㄥ彂鐜板叾瀹冭妭鐐规椂ping杩炴帴瓒呮椂鏃堕棿锛岄粯璁や负3绉掞紝瀵逛簬姣旇緝宸殑缃戠粶鐜鍙互楂樼偣鐨勫€兼潵闃叉鑷姩鍙戠幇鏃跺嚭閿欍€?br>discovery.zen.ping.multicast.enabled:false
璁剧疆鏄惁鎵撳紑澶氭挱鍙戠幇鑺傜偣锛岄粯璁ゆ槸true銆?br>discovery.zen.ping.unicast.hosts:[鈥渉ost1鈥?鈥漢ost2:port鈥?鈥漢ost3[portX-portY]鈥漖
璁剧疆闆嗙兢涓璵aster鑺傜偣鐨勫垵濮嬪垪琛紝鍙互閫氳繃杩欎簺鑺傜偣鏉ヨ嚜鍔ㄥ彂鐜版柊鍔犲叆闆嗙兢鐨勮妭鐐?/p>
瀹夎head鎻掍欢锛堥泦缇ょ鐞嗘彃浠讹級
cd /usr/share/elasticsearch/bin/
./plugin install mobz/elasticsearch-head
ll /usr/share/elasticsearch/plugins/head
http://192.168.2.215:9200/_plugin/head/
瀹夎kopf鎻掍欢锛堥泦缇よ祫婧愭煡鐪嬪拰鏌ヨ鎻掍欢锛?br>/usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
http://192.168.2.215:9200/_plugin/kopf
鍚姩elasticearch
/etc/init.d/elasticsearch start
瀹夎kibana
kibana鏈川涓婃槸elasticsearch web瀹㈡埛绔紝鏄竴涓垎鏋愬拰鍙鍖杄lasticsearch骞冲彴锛屽彲閫氳繃kibana鎼滅储銆佹煡鐪嬪拰涓庡瓨鍌ㄥ湪elasticsearch鐨勭储寮曡繘琛屼氦浜掋€傚彲浠ュ緢鏂逛究鐨勬墽琛屽厛杩涚殑鏁版嵁鍒嗘瀽鍜屽彲瑙嗗寲澶氱鏍煎紡鐨勬暟鎹紝濡傚浘琛ㄣ€佽〃鏍笺€佸湴鍥剧瓑銆?/p>
Discover椤甸潰:浜や簰寮忕殑娴忚鏁版嵁銆傚彲浠ヨ闂墍鍖归厤鐨勭储寮曟ā寮忕殑姣忎釜绱㈠紩鐨勬瘡涓枃妗c€傚彲浠ユ彁浜ゆ悳绱㈡煡璇紝杩囨护鎼滅储缁撴灉鍜屾煡鐪嬫枃妗f暟鎹€傝繕鍙互鎼滅储鏌ヨ鍖归厤鐨勬枃妗f暟鎹拰瀛楁鍊肩殑缁熻鏁版嵁銆傝繕鍙互閫夊畾鏃堕棿浠ュ強鍒锋柊棰戠巼
https://download.elastic.co/kibana/kibana/kibana-4.5.1-linux-x64.tar.gz
tar zxvf kibana-4.5.1-linux-x64.tar.gz
mv kibana-4.5.1-linux-x64 /usr/local/
vi /etc/rc.local
/usr/local/kibana-4.5.1-linux-x64/bin/kibana > /var/log/kibana.log 2>&1 &
vi /usr/local/kibana-4.5.1-linux-x64/config/kibana.yml
server.port: 5601
server.host: "192.168.2.215"
elasticsearch.url: "http://192.168.2.215:9200"
灏唍ginx鏃ュ織杞崲鎴恓son
vim /usr/local/nginx/conf/nginx.conf
log_format access1 '{"@timestamp":"$time_iso8601",'
聽聽聽聽聽聽聽 '"host":"$server_addr",'
聽聽聽聽聽聽聽 '"clientip":"$remote_addr",'
聽聽聽聽聽聽聽 '"size":$body_bytes_sent,'
聽聽聽聽聽聽聽 '"responsetime":$request_time,'
聽聽聽聽聽聽聽 '"upstreamtime":"$upstream_response_time",'
聽聽聽聽聽聽聽 '"upstreamhost":"$upstream_addr",'
聽聽聽聽聽聽聽 '"http_host":"$host",'
聽聽聽聽聽聽聽 '"url":"$uri",'
聽聽聽聽聽聽聽 '"domain":"$host",'
聽聽聽聽聽聽聽 '"xff":"$http_x_forwarded_for",'
聽聽聽聽聽聽聽 '"referer":"$http_referer",'
聽聽聽聽聽聽聽 '"status":"$status"}';
聽聽聽 access_log聽 /var/log/nginx/access.log聽 access1;
閲嶆柊杞藉叆nginx
/usr/local/nginx/sbin/nginx -s reload
瀹夎logstash
鍦╨ogstash涓紝鍖呮嫭浜嗕笁涓樁娈?
杈撳叆input --> 澶勭悊filter锛堜笉鏄繀椤荤殑锛?--> 杈撳嚭output
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
echo "
[logstash-2.1]
name=Logstash repository for 2.1.x packages
baseurl=http://packages.elastic.co/logstash/2.1/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1" >> /etc/yum.repos.d/logstash.repo
yum install logstash -y
閫氳繃閰嶇疆楠岃瘉Logstash鐨勮緭鍏ュ拰杈撳嚭
vim /etc/logstash/conf.d/stdout.conf
input {
聽聽聽聽聽聽聽 stdin {}
}
output {
聽聽聽聽聽聽聽 stdout {
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 codec => "rubydebug"
聽聽聽聽聽聽聽 }
}
vim /etc/logstash/conf.d/logstash.conf
input {
聽聽聽聽聽聽聽 stdin {}
}
input {
聽聽聽聽聽聽聽 stdin {}
聽}
output {
聽聽聽聽聽聽聽 elasticsearch {
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 hosts => ["192.168.2.215:9200"]
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 index => "test"
聽聽聽聽聽聽聽 }
}
http://192.168.2.215:9200/_plugin/head/
vim /etc/logstash/conf.d/logstash.conf
output {
聽聽聽聽聽聽聽 elasticsearch {
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 hosts => ["192.168.2.215:9200"]
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 index => "test"
聽聽聽聽聽聽聽 }
input {
聽聽聽聽聽聽聽 file {
聽聽聽聽聽聽聽聽聽 type => "messagelog"
聽聽聽聽聽聽聽聽聽 path => "/var/log/messages"
聽聽聽聽聽聽聽聽聽 start_position => "beginning"
聽聽聽聽聽聽聽 }
}
output {
聽聽聽聽聽聽聽 file {
聽聽聽聽聽聽聽聽聽 path => "/tmp/123.txt"
聽聽聽聽聽聽聽 }
聽聽聽聽聽聽聽 elasticsearch {
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 hosts => ["192.168.2.215:9200"]
聽聽聽聽聽聽聽聽聽聽聽聽聽聽聽 index => "system-messages-%{+yyyy.MM.dd}"
聽聽聽聽聽聽聽 }
}
妫€鏌ラ厤缃枃浠惰娉?br>/etc/init.d/logstash configtest
vim /etc/init.d/logstash
LS_USER=root
LS_GROUP=root