- output 里多出来两条配置,其实代表可以同时指定多个输出,将结果写一份到ES,也写一份到终端
elasticsearch {hosts=>"localhost:9200"}
stdout {codec=>rubydebug}- 使用 hosts 来指定ES的位置,老版使用的是 host ,如果在这里使用 host 会报错
- 可以使用 hosts => [“IP Address 1:port1”, “IP Address 2:port2”, “IP Address 3”] 的方式指定多个进行冗余,和负载均衡
- 如果ES使用的 9200 端口,是可以在配置里省略的
从文件获取数据
生产环境中不太可能手动生成日志(使用人肉输入到stdin的方式),而更多是从一个源日志文件那里读取
代码语言:javascript复制[root@h102 etc]# vim logstash-file-es-simple.conf
[root@h102 etc]# cat logstash-file-es-simple.conf
input {
stdin{}
file {
type=>"syslog"
path=>"/var/log/messages"
start_position => beginning
}
}
output {
elasticsearch {hosts=>"localhost:9200"}
stdout {codec=>rubydebug}
}
[root@h102 etc]# /opt/logstash/bin/logstash -f logstash-file-es-simple.conf -t
Configuration OK
[root@h102 etc]# /opt/logstash/bin/logstash -f logstash-file-es-simple.conf
Settings: Default filter workers: 1
Logstash startup completed
{
"message" => "Dec 22 17:34:02 h102 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1693" x-info="http://www.rsyslog.com"] rsyslogd was HUPed",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.146Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:19:23 h102 dhclient[1624]: DHCPREQUEST on eth3 to 192.168.1.2 port 67 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.148Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:19:23 h102 dhclient[1624]: DHCPACK from 192.168.1.2 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.149Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:19:24 h102 dhclient[1624]: bound to 192.168.1.117 -- renewal in 3538 seconds.",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.150Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 18:27:04 h102 kernel: hrtimer: interrupt took 6428893 ns",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.150Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 19:18:22 h102 dhclient[1624]: DHCPREQUEST on eth3 to 192.168.1.2 port 67 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.151Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
...
...
{
"message" => "Dec 22 21:51:56 h102 dhclient[1624]: DHCPACK from 192.168.1.2 (xid=0x58532bb2)",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.188Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
{
"message" => "Dec 22 21:51:57 h102 dhclient[1624]: bound to 192.168.1.117 -- renewal in 2973 seconds.",
"@version" => "1",
"@timestamp" => "2015-12-22T14:07:12.203Z",
"host" => "h102.temp",
"path" => "/var/log/messages",
"type" => "syslog"
}
abc
{
"message" => "abc",
"@version" => "1",
"@timestamp" => "2015-12-22T14:11:19.994Z",
"host" => "h102.temp"
}
xyz
{
"message" => "xyz",
"@version" => "1",
"@timestamp" => "2015-12-22T14:11:22.893Z",
"host" => "h102.temp"
}
def
{
"message" => "def",
"@version" => "1",
"@timestamp" => "2015-12-22T14:11:25.633Z",
"host" => "h102.temp"
}
...
...
