Logstash常用配置详细介绍
今天小编给大家分享的Logstash常用配置的详细介绍,相信大部分人都不太了解,为了让大家更加了解,给大家总结了以下内容,话不多说,一起往下看吧。
Logstash管道可以配置一个或多个输入插件、过滤器插件和输出插件。其中,输入插件和输出插件是必选的,过滤器插件是可选的。下图是Logstash常见的使用场景。
上一节的例子中我们使用标准的输入和输出插件做了简单的示例。接下来我们演示一些复杂的场景。如下图所示是Logstash的标准管道结构,我们通过一些高级配置来完成Apache日志的过滤。
# The # character at the beginning of a line indicates a comment.
Use# comments to describe your configuration.
input{
}
# The filter part of this file is commented out to indicate that it is# optional.
# filter {
#
# }
output{
}
1. 准备一段apache日志文件,格式如下:
83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/p_w_picpaths/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/p_w_picpaths/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/highlight/highlight.js HTTP/1.1" 200 26185 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:44 +0000] "GET /presentations/logstash-monitorama-2013/plugin/zoom-js/zoom.js HTTP/1.1" 200 7697 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
2. 编写Logstash管道配置文件,放在Logstash/bin目录下
input{file{path=>"/opt/cx/logstash/apache-log.log"start_position=>beginning}}filter{grok{match=>{"message"=>"%{COMBINEDAPACHELOG}"}}geoip{source=>"clientip"}}output{elasticsearch{}stdout{}}
3. 校验配置文件是否正确
[root@Server01bin]#./logstash-fapache-log-pipeline.conf--configtestConfigurationOK
4.启动Logstash
[root@Server05bin]#./logstash-fapache-log-pipeline.conf
Settings:Defaultpipelineworkers:4
Pipelinemainstarted
5.完整的Logstash配置文件如下
input{file{path=>"/opt/cx/logstash/apache-log.log"start_position=>beginning}}filter{grok{match=>{"message"=>"%{COMBINEDAPACHELOG}"}}geoip{source=>"clientip"}}output{elasticsearch{hosts=>["10.0.10.5:9200"]}stdout{}}
关于Logstash常用配置详细介绍就分享到这里了,希望以上内容可以对大家有一定的参考价值,可以学以致用。如果喜欢本篇文章,不妨把它分享出去让更多的人看到。
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
