注意:安装Logstash需要先安装JDK。
1.下载Logstash,下载地址
2.下载完成后执行以下命令解压:
tar -xzvf logstash-7.4.0.tar.gz
3.编辑配置文件
[xiaoquan@localhost logstash-7.4.0]$ cd config
# 复制一份 logstash 配置文件
[xiaoquan@localhost config]$ cp logstash-sample.conf logstash.conf
修改logstash.conf配置文件内容,内容参数参考 地址
下载测试数据 movies.csv:测试文件数据地址,
input {
file {
path => "/usr/local/java/elk/logstash-7.4.0/bin/movies.csv"
start_position => "beginning"
sincedb_path => "/usr/local/java/elk/logstash-7.4.0/sincedb"
}
}
filter {
csv {
separator => ","
columns => ["id","content","genre"]
}
mutate {
split => { "genre" => "|" }
remove_field => ["path", "host","@timestamp","message"]
}
mutate {
split => ["content", "("]
add_field => { "title" => "%{[content][0]}"}
add_field => { "year" => "%{[content][1]}"}
}
mutate {
convert => {
"year" => "integer"
}
strip => ["title"]
remove_field => ["path", "host","@timestamp","message","content"]
}
}
output {
elasticsearch {
## elasticsearch 服务地址
hosts => "http://localhost:9200"
index => "movies"
document_id => "%{id}"
}
stdout {}
}
4.启动Logstash,执行如下命令,控制台打印下面日志。
cd logstash-7.4.0
bin/logstash -f config/logstash.conf
数据自动导入,如图:
