安装Logstash

2021-02-19 11:48:01 浏览数 (1)

简介

Logstash 是一个功能强大的工具,可与各种部署集成。 它提供了大量插件,可帮助您解析,丰富,转换和缓冲来自各种来源的数据。

下载地址:https://www.elastic.co/cn/downloads/past-releases#logstash

必须安装和Elasticsearch版本一致的 Logstash

安装 Logstash

要下载并安装 Logstash,请打开 Terminal 窗口并使用适用于您的系统的命令:

  • deb
代码语言:javascript复制
curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1.debsudo dpkg -i logstash-7.10.1.deb
  • rpm
代码语言:javascript复制
curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1.rpmsudo rpm -i logstash-7.10.1.rpm
  • mac and linux
代码语言:javascript复制
curl -L -O https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1.tar.gztar -xzvf logstash-7.10.1.tar.gz
  • brew
代码语言:javascript复制
brew tap elastic/tapbrew install elastic/tap/logstash-full
  • win
代码语言:javascript复制
从Logstash下载页面下载Logstash 7.10.1 Windows zip文件。将zip文件的内容解压缩到计算机上的目录,例如CProgram Files。 使用短路径(少于30个字符)以避免在Windows上遇到文件路径长度限制。
  • tar包安装

下载地址:https://www.elastic.co/cn/downloads/past-releases#logstash

代码语言:javascript复制
启动logstash:
cd logstash-6.2.3/bin/
sh logstash -e  'input { stdin {} } output { stdout {} }'

测试:输入hello world,然后回车,出现如下信息即为安装成功

lihuandeMacBook-Pro:bin lihuan$ sh logstash -e  'input { stdin {} } output { stdout {} }'
Using bundled JDK: /Users/lihuan/Documents/opt/elasticsearch-cluster/elasticsearch-7.10.1/logstash-7.10.1/jdk.app/Contents/Home
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.jruby.ext.openssl.SecurityHelper (file:/var/folders/s7/v42c6gpd6w5d3rh0smbw8xh80000gn/T/jruby-8117/jruby3491714406213895817jopenssl.jar) to field java.security.MessageDigest.provider
WARNING: Please consider reporting this to the maintainers of org.jruby.ext.openssl.SecurityHelper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Sending Logstash logs to /Users/lihuan/Documents/opt/elasticsearch-cluster/elasticsearch-7.10.1/logstash-7.10.1/logs which is now configured via log4j2.properties
[2021-01-20T20:49:41,841][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.10.1", "jruby.version"=>"jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 11.0.8 10 on 11.0.8 10  indy  jit [darwin-x86_64]"}
[2021-01-20T20:49:42,010][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-01-20T20:49:42,035][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"6004af70-cda9-4153-b77b-62bb5a8d2b7e", :path=>"/Users/lihuan/Documents/opt/elasticsearch-cluster/elasticsearch-7.10.1/logstash-7.10.1/data/uuid"}
[2021-01-20T20:49:43,006][INFO ][org.reflections.Reflections] Reflections took 31 ms to scan 1 urls, producing 23 keys and 47 values 
[2021-01-20T20:49:43,414][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["config string"], :thread=>"#<Thread:0x6203edbb run>"}
[2021-01-20T20:49:44,041][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>0.61}
[2021-01-20T20:49:49,078][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2021-01-20T20:49:49,115][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2021-01-20T20:49:49,277][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

{
    "@timestamp" => 2021-01-20T12:50:56.188Z,
          "host" => "lihuandeMacBook-Pro.local",
       "message" => "",
      "@version" => "1"
}
hello world
{
    "@timestamp" => 2021-01-20T12:51:29.605Z,
          "host" => "lihuandeMacBook-Pro.local",
       "message" => "hello world",
      "@version" => "1"
}

至此,Logstash 的安装以及完成。

首先,让我们通过运行最基本的 Logstash 管道来测试 Logstash 安装。

Logstash 管道有两个必需元素,输入和输出,以及一个可选元素 filter。 输入插件使用来自源的数据,过滤器插件在您指定时修改数据,输出插件将数据写入目标。

我们也可以创建一个自己的 logstash.conf 文件,并存于你的文件系统的一个目录下。这个 logstash.conf 的文件内容如下:

logstash.conf

代码语言:javascript复制
input {
  heartbeat {
    interval => 10
    type => "heartbeat"
  }
}
 
output {
  stdout {
    codec => rubydebug
  }
}

然后,我们可以使用如下的命令来运行我们的 logstash:

代码语言:javascript复制
sh logstash -f /Users/lihuan/Documents/opt/elasticsearch-cluster/elasticsearch-7.10.1/logstash_conf/logstash.conf

通过这样的 -f 选项,我们可以启动任何一个我们喜欢路径的 longstash 配置文件。这个文件可能并不存在于当前的 Logstash 的安装目录中。以后我们的 Logstash 整个安装目录被删除,那么我们的配置文件也将在这里。

输出:

代码语言:javascript复制
{
    "type" => "heartbeat",
    "@version" => "1",
    "message" => "ok",
    "@timestamp" => 2021-01-21T03:37:44.019Z,
    "host" => "lihuandeMacBook-Pro.local"
}
{
     "type" => "heartbeat",
     "@version" => "1",
     "message" => "ok",
     "@timestamp" => 2021-01-21T03:37:54.013Z,
     "host" => "lihuandeMacBook-Pro.local"
}

更多关于 Logstash 的文章,请参阅 logstash。

参考

【1】https://www.elastic.co/guide/en/logstash/current/keystore.html

【2】 https://www.elastic.co/guide/en/logstash/current/installing-logstash.html

官方产品

0 人点赞