wget https://artifacts.elastic.co/downloads/logstash/logstash-7.8.1.rpm
rpm --install logstash-7.8.1.rpm
vi /etc/logstash/jvm.options
-Xms256m
-Xmx256m
export PATH=$PATH:/usr/share/logstash/bin
/usr/share/logstash/bin/logstash --version
测试(启动耗时较长,需等待)
/usr/share/logstash/bin/logstash -e 'input { stdin { } } output { stdout {} }'
[INFO ] 2020-08-18 14:48:00.938 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2020-08-18 14:48:01.423 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
输入:
hello world
输出:
{
"host" => "k8s-master",
"message" => "hello world",
"@version" => "1",
"@timestamp" => 2020-08-18T06:48:51.041Z
}
vi /etc/logstash/conf.d/logstash.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://192.168.146.133:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic"
#password => "changeme"
}
}
验证配置文件
/usr/share/logstash/bin/logstash --path.settings /etc/logstash/ -f /etc/logstash/logstash.conf --config.test_and_exit
输出:
Configuration OK
启动
/usr/share/logstash/bin/logstash --path.settings /etc/logstash
输出:
Successfully started Logstash API endpoint {:port=>9600}