Elk -- logstash

Logstash is an open-source server-side data processing pipeline. It can collect data from multiple sources, convert data, and send the data to your favorite "repository.

Official Website introduction:
Https://www.elastic.co/cn/products/logstash

Https://www.elastic.co/downloads/logstash

1. Download

Logstash depends on jdk1.8. Therefore, make sure that jdk1.8 has been installed and configured on the machine before installation.
1) follow the download tips on the official website and decompress the package.
2) configure the running path to the Environment Variable
3) run the logstash command to test whether the installation is successful.

2. Introduction

After logstash, you can add:
?? -F: Specify the configuration file and configure logstash according to the configuration file.
? -E: string, which is configured. The default value is "stdin input and stdout output (input and output in the console). It can be set through the command line.
?? -L: Output address, which is output by console by default.
?? -T: exit after testing whether the configuration file is correct

 
# Input {...} # filter {...} # output {...}
 

3. Example: read from standard input without any filtering and read to standard output.

Logstash-e 'input {stdin {}} output {stdout {}}'

4. Example: read from a file

 
Input {# Read log information from the file {Path => "/var/log/error. log "type =>" error "start_position =>" beginning "}}# filter {#} output {# stdout {codec => rubydebug }}
 

Run the following command:
Logstash-F logstash. conf

5. Common output: Database

Change the output location to the following:

 
Output {redis {Host => "127.0.0.1" Port => 3213 Password => "123457" DB => 1 data_type => "error" Key => "logstash"} stdout {Codec => rubydebug }}
 

Elk -- logstash