Logstash Quick Start, logstashOriginal article address: WorkshopIntroduction Logstash is a tool for receiving, processing, and forwarding logs. Supports system logs, webserver logs, error logs, and application logs. In short, it includes all types of logs that can be flushed. How does it sound amazing?In a typical use case (ELK): Elasticsearch is used as the stor
/compiler.rb:12 : In ' block in Compile_sources ' "," org/jruby/rubyarray.java:2486:in ' map ' "," f:/search/logstash-6.3.2/logstash-core/ Lib/logstash/compiler.rb:11:in ' compile_sources ' "," f:/search/logstash-6.3.2/logst Solution:is the configuration file format error # The user we wish to excute our statement asjd
Environmental conditions:System version: CentOS 6.8Logstash version: 6.3.2Redis Version: 2.4Logstash input configuration:Input {redis {host="172.16.73.33"#redis IP Port="52611"#redis Port Password="123456"#redis Password db=9# Specify Redis library number data_type="List"#数据类型 Key="filebeat"#key Value name}}View CodeProblem:1. When I do not add the password parameter in the above input configuration, will report the following warning, do not forget to configure the password Oh .[2018--29t17: +:8
Windows system:1, installation Logstash1.1 access to the official website Download Zip package[1] https://artifacts.elastic.co/downloads/logstash/logstash-6.3.2.zip 6.3.2 versionif you want to download the latest or other version, you can go to the official website and select the download page[2] https://www.elastic.co/products/logstash
The concept and characteristics of 1.logstash.Concept: Logstash is a tool for data acquisition, processing, and transmission (output).Characteristics:-Centralized processing of all types of data-Normalization of data in different patterns and formats-Rapid expansion of custom log formats-Easily add plugins for custom data sources2.logstash installation configuration.①. Download and install[Email protected]
elk is simple, just download the binary package and unzip it, the required binary package is as follows:Elasticsearch-1.7.1.tar.gzKibana-4.1.1-linux-x64.tar.gzLogstash-1.5.3.tar.gz1) Start Redis (10.1.11.13)After the official download of the Redis source code compiled installation, after the following configuration to start:#调整内核参数: echo1>/proc/sys/vm/overcommit_memoryechonever>/sys/ kernel/mm/transparent_
SummaryWhen we use Logsatsh to write the configuration file, if we read too many files, the matching is too much, will make the configuration file hundreds of thousands of lines of code, may cause reading and modification difficulties. At this time, we can put the configuration file input, filter, output in a different configuration file, or even the input, filter, output again separated, put in a different file.At this time, the later need to delete and change the contents of the search, it is
}"]
}
Syslog_pri {}
date {
match = = ["Syslog_timestamp", "Mmm d HH:mm:ss", "MMM dd HH:mm:ss"]
}
}
}
Save and quit. This filter looks for logs marked as "Syslog" type (by Filebeat) and will attempt to parse the incoming syslog log using Grok to make it structured and queryable. Create a configuration file named Logstash-simple, sample file:
Vim/etc/logstash/conf.d/
Logstash output format.
Start with the following command:
1
#./bin/logstash agent-f logstash-test.conf
When you start, what you enter on the screen will be displayed in the console. If you enter "hehe", it appears as follows:
Indicates that the in
the logs together to the full-text search service Elasticsearch, you can use Elasticsearch to customize the search by Kibana to combine custom search for page presentation.4. Service distributionHost a 192.168.0.100 Elasticsearch+logstash-server+kinaba+redis Host B 192.168.0.101 logstash-agentIi. start of Deployment ServicesOn Host B above 192.168.0.101Deploying
certificate for the servercd/etc/pki/tls/OpenSSL req-subj '/cn=www.elk.com/'-x509-days 3650-batch-nodes-newkey rsa:2048-keyout private/logstash-forwarder.ke Y-out CERTS/LOGSTASH-FORWARDER.CRTCopy the LOGSTASH-FORWARDER.CRT to the client sideSCP CERTS/LOGSTASH-FORWARDER.CRT 192.168.100.13:/etc/pki/tls/certs/Configurati
:
Set User Resource parameters:
vim /etc/security/limits.d/20-nproc.conf#添加elk soft nproc 65536
Create a user and empower:useradd elkgroupadd elkuseradd elk -g elk
Create data and log directories and modify directory permissions:
mkdir –pv /opt/elk/{data,logs}chown –R elk:elk /opt/elkchown –R elk:elk /usr/local/elasticsearch
Switch user and background start es: (Elk user Modified resource parameter
5 1 1530 0 2.7mb 1.3mb green open .kibana YN93vVWQTESA-cZycYHI6g 1 1 2 0 22.9kb 11.4kb green open logstash-2017.12.29.05 kPQAlVkGQL-izw8tt2FRaQ 5 1 1289 0 2mb 1mb
Used with the elasticsearch cluster head plug-in !! Observe log generation !!
4. Install and deploy kibana
Download rpm package
kibana-5.0.1-x86_64.rpm
I
channel, and then the duplicate content is output.
You can try to do the above experiment again, this time in two terminals simultaneously start the logstash-f redis-input.conf process, the result will be two terminals are output messages.
At this point, you need to use the list type. In this type, the data is entered into the Redis server staging, Logstash is c
two configuration files sync_table1.cfg andsync_table2.cfgIn the config/pipelines.yml configure- pipeline.id: table1 path.config: "config/sync_table1.cfg"- pipeline.id: table2 path.config: "config/sync_table2.cfg"Direct bin/logstash Start@timestampFieldBy default, the field @timestamp is the field added by Logstash-input-jdbc, and the default is the current ti
occurs, the service starts normallyTest Logstash interacting with Elasticsearch data/app/logstash/bin/logstash-e ' input {stdin {}} output {elasticsearch {host = 192.168.1.140}} 'Enter you knowCurl ' Http://192.168.1.140:9200/_search?pretty ' # if there is output and no error indicates successful server interactionNote: May appear the following error message, I
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.