第三篇:Logstash 安裝配置
Logstash 簡介:html
Logstash 是一個實時數據收集引擎,可收集各種型數據並對其進行分析,過濾和概括。按照本身條件分析過濾出符合數據導入到可視化界面。Logstash 建議使用java1.8 有些版本是不支持的,好比java1.9。java
一. 下載安裝jdk1.8node
下載地址:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.htmlgit
下載好的安裝包上傳到cpy04.dev.xjh.com的/usr/local/ 目錄下並三執行以下操做:github
#解壓文件 tar xf /usr/local/jdk1.8.0_111.tar.gz -C /usr/local mv /usr/local/jdk1.8.0_111 /usr/local/jdk-1.8.0 #添加環境變量 alternatives --install /usr/bin/java java /usr/local/jdk1.8.0/jre/bin/java 3000 alternatives --install /usr/bin/jar jar /usr/local/jdk1.8.0/bin/jar 3000 alternatives --install /usr/bin/javac javac /usr/local/jdk1.8.0/bin/javac 3000 alternatives --install /usr/bin/javaws javaws /usr/local/jdk1.8.0/jre/bin/javaws 3000 alternatives --set java /usr/local/jdk1.8.0/jre/bin/java alternatives --set jar /usr/local/jdk1.8.0/bin/jar alternatives --set javac /usr/local/jdk1.8.0/bin/javac alternatives --set javaws /usr/local/jdk1.8.0/jre/bin/javaws #切換java 版本 alternatives --config java
二. 安裝logstashweb
1. 登錄cpy04.dev.xjh.com(需下載其餘版本請點擊:https://www.elastic.co/downloads/logstash )正則表達式
wget https://artifacts.elastic.co/downloads/logstash/logstash-5.6.1.tar.gz -o /opt/logstash-5.6.1.tar.gz tar xf /opt/logstash-5.6.1.tar.gz -C /usr/local mv /usr/local/logstash-5.6.1 /usr/local/logstash
3、配置logstashvim
1. 編輯 /usr/local/logstash/config/logstash.yml配置文件修改以下內容:tomcat
node.name: cpy04.dev.xjh.com #設置節點名稱,通常寫主機名 path.data: /usr/local/logstash/plugin-data #建立logstash 和插件使用的持久化目錄 config.reload.automatic: true #開啓配置文件自動加載 config.reload.interval: 10 #定義配置文件重載時間週期 http.host: "cpy04.dev.xjh.com" #定義訪問主機名,通常爲域名或IP
2. 新建持久化目錄:ruby
mkdir -p /usr/local/logstash/plugin-data
3. 配置logstash 從Filebeat 輸入、過濾、輸出至elasticsearch(logstash 有很是多插件,詳見官網,此處不列舉)
3.1 安裝logstash-input-jdbc 和logstash-input-beats-master 插件
/usr/local/logstash/bin/logstash-plugin install logstash-input-jdbc wget https://github.com/logstash-plugins/logstash-input-beats/archive/master.zip -O /opt/master.zip unzip -d /usr/local/logstash /opt/master.zip
3.2 配置logstash input 段
vim /usr/local/logstash/from_beat.conf
input {
beats {
port => 5044
}
}
output {
stdout { codec => rubydebug }
}
啓動logstash 看是否能接收到filebeat 傳過來的日誌內容,要確保filebeat 在日誌節點上啓動正常。此時只測試傳入是否正常,並未對原始日誌進行過濾和篩選
/usr/local/logstash/bin/logstash -f /usr/local/logstash/config/from_beat.conf
啓動後若是沒有報錯須要等待logstash 完成,此時間可能比較長
3.3 配置 logstash filter 段,修改/usr/local/logstash/from_beat.conf 爲如下內容,配置完成後再次啓動logstash,此時若是成功,輸出內容應該是本身正則表達式捕獲後的字段切份內容。
input {
beats {
port => 5044
}
}
filter {
#過濾access 日誌
if ( [source] =~ "localhost\_access\_log" ) {
grok {
match => {
message => [ "%{COMMONAPACHELOG}" ]
}
}
date {
match => [ "request_time", "ISO8601" ]
locale => "cn"
target => "request_time"
}
#過濾tomcat日誌
} else if ( [source] =~ "catalina" ) {
#使用正則匹配內容到字段
grok {
match => {
message => [ "(?<webapp_name>\[\w+\])\s+(?<request_time>\d{4}\-\d{2}\-\d{2}\s+\w{2}\:\w{2}\:\w{2}\,\w{3})\s+(?<log_level>\w+)\s+(?<class_package>[^.^\s]+(?:\.[^.\s]+)+)\.(?<class_name>[^\s]+)\s+(?<message_content>.+)" ]
}
}
#解析請求時間
date {
match => [ "request_time", "ISO8601" ]
locale => "cn"
target => "request_time"
}
} else {
drop {}
}
}
output {
stdout { codec => rubydebug }
}
3.4 配置 過濾後內容輸出至elasticsearch,修改from_beat.conf 文件爲如下內容:
input {
beats {
port => 5044
}
}
filter {
#過濾access 日誌
if ( [source] =~ "localhost\_access\_log" ) {
grok {
match => {
message => [ "%{COMMONAPACHELOG}" ]
}
}
date {
match => [ "request_time", "ISO8601" ]
locale => "cn"
target => "request_time"
}
#過濾tomcat日誌
} else if ( [source] =~ "catalina" ) {
#匹配內容到字段
grok {
match => {
message => [ "(?<webapp_name>\[\w+\])\s+(?<request_time>\d{4}\-\d{2}\-\d{2}\s+\w{2}\:\w{2}\:\w{2}\,\w{3})\s+(?<log_level>\w+)\s+(?<class_package>[^.^\s]+(?:\.[^.\s]+)+)\.(?<class_name>[^\s]+)\s+(?<message_content>.+)" ]
}
}
#解析請求時間
date {
match => [ "request_time", "ISO8601" ]
locale => "cn"
target => "request_time"
}
} else {
drop {}
}
}
output {
if ( [source] =~ "localhost_access_log" ) {
elasticsearch {
hosts => ["cpy04.dev.xjh.com:9200"]
index => "access_log"
}
} else {
elasticsearch {
hosts => ["cpy04.dev.xjh.com:9200"]
index => "tomcat_log"
}
}
stdout { codec => rubydebug }
}
至此,logstash 配置完成。若是須要作其餘過濾或者輸出至除elasticsearch 之外插件,如kafka 詳見:https://www.elastic.co/guide/en/logstash/current/index.html
input {
beats {
port =>
5044
}
}
filter {
#過濾access 日誌
if
( [source] =~
"localhost\_access\_log"
) {
grok {
match => {
message => [
"%{COMMONAPACHELOG}"
]
}
}
date {
match => [
"request_time"
,
"ISO8601"
]
locale =>
"cn"
target =>
"request_time"
}
#過濾tomcat日誌
}
else
if
( [source] =~
"catalina"
) {
#匹配內容到字段
grok {
match => {
message => [
"(?<webapp_name>\[\w+\])\s+(?<request_time>\d{4}\-\d{2}\-\d{2}\s+\w{2}\:\w{2}\:\w{2}\,\w{3})\s+(?<log_level>\w+)\s+(?<class_package>[^.^\s]+(?:\.[^.\s]+)+)\.(?<class_name>[^\s]+)\s+(?<message_content>.+)"
]
}
}
#解析請求時間
date {
match => [
"request_time"
,
"ISO8601"
]
locale =>
"cn"
target =>
"request_time"
}
}
else
{
drop {}
}
}
output {
if
( [source] =~
"localhost_access_log"
) {
elasticsearch {
hosts => [
"cpy04.dev.xjh.com:9200"
]
index =>
"access_log"
}
}
else
{
elasticsearch {
hosts => [
"cpy04.dev.xjh.com:9200"
]
index =>
"tomcat_log"
}
}
stdout { codec => rubydebug }
}
- 1. Logstash配置安裝
- 2. 【logstash】安裝配置
- 3. Logstash安裝配置
- 4. Logstash 安裝、配置
- 5. Logstash 安裝配置使用
- 6. elk-安裝配置使用-進階篇logstash高級配置
- 7. 【Prometheus】第三篇:配置alertmamager
- 8. ELk(Elasticsearch, Logstash, Kibana)的安裝配置
- 9. docker+elk7.8實戰之logstash安裝配置
- 10. 第四篇:Elaticsearch 安裝配置
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • MySQL免安裝版配置教程 - MySQL教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. vs2019運行opencv圖片顯示代碼時,窗口亂碼
- 2. app自動化 - 元素定位不到?別慌,看完你就能解決
- 3. 在Win8下用cisco ××× Client連接時報Reason 422錯誤的解決方法
- 4. eclipse快速補全代碼
- 5. Eclipse中Java/Html/Css/Jsp/JavaScript等代碼的格式化
- 6. idea+spring boot +mabitys(wanglezapin)+mysql (1)
- 7. 勒索病毒發生變種 新文件名將帶有「.UIWIX」後綴
- 8. 【原創】Python 源文件編碼解讀
- 9. iOS9企業部署分發問題深入瞭解與解決
- 10. 安裝pytorch報錯CondaHTTPError:******