ELK 搭建12
- output 里多出来两条配置,其实代表可以同时指定多个输出,将结果写一份到ES,也写一份到终端
elasticsearch {hosts=>"localhost:9200"}
stdout {codec=>rubydebug}- 使用 hosts 来指定ES的位置,老版使用的是 host ,如果在这里使用 host 会报错
- 可以使用 hosts => [“IP Address 1:port1”, “IP Address 2:port2”, “IP Address 3”] 的方式指定多个进行冗余,和负载均衡
- 如果ES使用的 9200 端口,是可以在配置里省略的
从文件获取数据
生产环境中不太可能手动生成日志(使用人肉输入到stdin的方式),而更多是从一个源日志文件那里读取
[root@h102 etc]# vim logstash-file-es-simple.conf
[root@h102 etc]# cat logstash-file-es-simple.conf
input {
stdin{}
file {
type=>"syslog"
path=>"/var/log/messages"
start_position => beginning
}
}
output {
elasticsearch {hosts=>"localhost:9200"}
stdout {codec=>rubydebug}
}
[root@h102 etc]# /opt/logstash/bin/logstash -f logstash-file-es-simple.conf -t
Configuration OK
[root@h102 etc]# /opt/logstash/bin/logstash -f logstash-file-es-simple.conf
Settings: Default filter workers: 1
Logstash startup completed
{
"message" => "Dec 22 17:34:02 h102 rsyslogd: [origin software=\"rsyslogd\" swVersion=\"5.8.10\" x-pid=\"1693\" x-info=\"http://www.rsyslog.com\"] rsyslogd was HUPed",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.146Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:19:23 h102 dhclient[1624]: DHCPREQUEST on eth3 to 192.168.1.2 port 67 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.148Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:19:23 h102 dhclient[1624]: DHCPACK from 192.168.1.2 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.149Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:19:24 h102 dhclient[1624]: bound to 192.168.1.117 -- renewal in 3538 seconds.",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.150Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:27:04 h102 kernel: hrtimer: interrupt took 6428893 ns",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.150Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 19:18:22 h102 dhclient[1624]: DHCPREQUEST on eth3 to 192.168.1.2 port 67 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.151Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
...
...
{
"message" => "Dec 22 21:51:56 h102 dhclient[1624]: DHCPACK from 192.168.1.2 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.188Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 21:51:57 h102 dhclient[1624]: bound to 192.168.1.117 -- renewal in 2973 seconds.",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.203Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
abc
{
"message" => "abc",
"@version" => "1",
"@timestamp" => "2015-12-22T14:11:19.994Z",
"host" => "h102.temp"
}
xyz
{
"message" => "xyz",
"@version" => "1",
"@timestamp" => "2015-12-22T14:11:22.893Z",
"host" => "h102.temp"
}
def
{
"message" => "def",
"@version" => "1",
"@timestamp" => "2015-12-22T14:11:25.633Z",
"host" => "h102.temp"
}
...
...本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
Elasticsearch Service
腾讯云 Elasticsearch Service(ES)是云端全托管海量数据检索分析服务,拥有高性能自研内核,集成X-Pack。ES 支持通过自治索引、存算分离、集群巡检等特性轻松管理集群,也支持免运维、自动弹性、按需使用的 Serverless 模式。使用 ES 您可以高效构建信息检索、日志分析、运维监控等服务,它独特的向量检索还可助您构建基于语义、图像的AI深度应用。
腾讯云开发者
