Logstash 基础2

高级Logstash管道

大多数情况下Logstash有不止一个输入与输出，在配置更为复杂的情况下使用配置文件进行行为设定

使用 -f /path/to/conf 的方式指定配置文件

配置文件里有两个必要的定义 input 和 output ，还有一个可选的定义 filter ，input 用来指定数据来源，filter 用来进行数据处理 ，output 用来指定存储方式

现在读取Apache web日志，分析后写到Elasticsearch中

代码语言：javascript复制

[root@h102 logstash]# ls
logstash-tutorial.log
[root@h102 logstash]# head -n 3 logstash-tutorial.log
83.149.9.216 - - [04/Jan/2015:05:13:42  0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:42  0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:44  0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
[root@h102 logstash]# vim first-pipeline.conf
[root@h102 logstash]# cat first-pipeline.conf 
input {
    file {
        path => "/root/logstash/logstash-tutorial.log"
        start_position => beginning 
    }
}

filter {
    grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
    }
    geoip {
    	source => "clientip"
    }
}
output {
    elasticsearch {
	hosts => "localhost:9200"
    }
    stdout {}
}
[root@h102 logstash]# /opt/logstash/bin/logstash -f first-pipeline.conf  -t
Configuration OK
[root@h102 logstash]#

filter input logstash output path

0 人点赞