Logstash部署
1.部署JDK环境
2.下载Logstash源码包
$ wget https://artifacts.elastic.co/downloads/logstash/logstash-6.6.0.tar.gz
3.解压源码包
$ tar xvf logstash-6.6.0.tar.gz -C /usr/local/
$ mv /usr/local/logstash-6.6.0/ /usr/local/logstash
4.修改配置文件
$ vim /usr/local/logstash/config/logstash-sample.conf
input {
beats {
port => 5044
}
}
output {
# 标准输出,输出到当前终端
stdout {
codec => rubydebug
}
# 输出到es中
elasticsearch {
hosts => ["http://172.16.142.141:9200"]
index => "test"
# 如果未指定pos点,会从当前位置开始读取,没有产生新日志的话,则不会有数据传输到es中,故kibana中查询不到数据
start_position => "beginning"
}
}
5. Logstash启动加速
# 如果返回值低于1000,安装haveged可以加快logstash的启动速度
$ cat /proc/sys/kernel/random/entropy_avail
# 依赖于epel
$ yum -y install haveged
$ systemctl start haveged
$ systemctl enable haveged
# 再次启动logstash
6.查看数据
# 在Kibana的Dev Tools中查看数据
GET /test/_search?q=*