www.elastic.co/cn/download…官网
一、下载logstash
[root@jiaxin-ceshi ~]# cd /usr/local/src/
[root@jiaxin-ceshi src]# wget artifacts.elastic.co/downloads/l…
[root@jiaxin-ceshi
src]# tar xf logstash-6.4.2.tar.gz
[root@jiaxin-ceshi src]# cd logstash-6.4.2
[root@jiaxin-ceshi logstash-6.4.2]# bin/logstash -f logstash.conf
could not find java; set JAVA_HOME or ensure java is in PATH
没有找到java 请下载安装JDK
JDK1.8官网下载
www.oracle.com/technetwork…
[root@jiaxin-ceshi
src]# wget download.oracle.com/otn-pub/jav…
[root@jiaxin-ceshi src]# tar xf jdk-8u191-linux-x64.tar.gz
[root@jiaxin-ceshi src]# mv jdk1.8.0_191/ jdk
[root@jiaxin-ceshi src]# pwd
/usr/local/src
[root@jiaxin-ceshi src]# vim /etc/profile
JDK1.8
JAVA_HOME=/usr/local/src/jdk
JRE_HOME=/usr/local/src/jdk/jre
PATH=
P
A
T
H
:" role="presentation">JAVA_HOME/bin:
J
R
E
H
O
M
E
/
b
i
n
C
L
A
S
S
P
A
T
H
=
.
:" role="presentation">
JAVA_HOME/lib/dt.jar:
J
A
V
A
H
O
M
E
/
l
i
b
/
t
o
o
l
s
.
j
a
r
:" role="presentation">
JRE_HOME/lib
export JAVA_HOME JRE_HOME PATH CLASSPATH
[root@jiaxin-ceshi src]# source /etc/profile
[root@jiaxin-ceshi src]# java -version
java version "1.8.0_191"
Java(TM) SE Runtime Environment (build 1.8.0_191-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.191-b12, mixed mode)
二、[root@jiaxin-ceshi logstash-6.4.2]# bin/logstash -e
'input { stdin { } } output { stdout {} }'
[root@jiaxin-ceshi logstash-6.4.2]# vim logs.conf
input {
file {
path => "/usr/local/nginx/logs/access.log"
type => "error"//type是给结果增加一个type属性,值为"error"的条目
start_position => "beginning"//从开始位置开始读取
# 使用 multiline 插件,传说中的多行合并
codec => multiline {
# 通过正则表达式匹配,具体配置根据自身实际情况而定
pattern => "^\d"
negate => true
what => "previous"
}
}}
可配置多种处理规则,他是有顺序,所以通用的配置写下面
filter {
grok {
match => { "message" => "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" }
}}
output {
# 输出到 elasticsearch
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "error-%{+YYYY.MM.dd}"//索引名称
}}
[root@jiaxin-ceshi logstash-6.4.2]# bin/logstash -f logs.conf
