Logstash之Logstash inputs(file和redis插件)、Logstash outputs(elasticsearch 和redis插件)和Filter plugins...
?
?
?
?前期博客
Logstash安裝和設(shè)置(圖文詳解)(多節(jié)點(diǎn)的ELK集群安裝在一個(gè)節(jié)點(diǎn)就好)
?
?
?
?
?
?
Filebeat啊,根據(jù)input來監(jiān)控?cái)?shù)據(jù),根據(jù)output來使用數(shù)據(jù)!!!
請(qǐng)移步,
Filebeat之input和output(包含Elasticsearch Output 、Logstash Output、 Redis Output、 File Output和 Console Output)
Logstash啊,根據(jù)input來監(jiān)控?cái)?shù)據(jù),根據(jù)output來使用數(shù)據(jù)!!!
?
?
?
?
?
?
?
手把手帶你看官方文檔(Logstash inputs和Logstash outputs)
https://www.elastic.co/guide/index.html
?
?
?
https://www.elastic.co/guide/en/logstash/index.html
?
?
?
?
https://www.elastic.co/guide/en/logstash/2.4/index.html
?
?
?
?
?
?
?
?
關(guān)于?Logstash inputs、Logstash outputs和Filter plugins,很多很多,自行去官網(wǎng)看,我這里不多贅述。僅僅拿下面來示范:
?
?
?
?
Logstash?的input
file input
最常用的input插件是file。
https://www.elastic.co/guide/en/logstash/2.4/plugins-inputs-file.html
[hadoop@HadoopMaster logstash-2.4.1]$ pwd /home/hadoop/app/logstash-2.4.1 [hadoop@HadoopMaster logstash-2.4.1]$ ll total 164 drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin -rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md -rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS -rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile -rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib -rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE -rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf -rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor [hadoop@HadoopMaster logstash-2.4.1]$ vim file_stdout.conf?
這個(gè),是可以自定義的。我這里是
path => "/home/hadoop/app.log"或者
path => [ "/home/hadoop/app", "/home/hadoop/*.log" ]
?
?
?
?
input {file {path => "/home/hadoop/app.log"} } filter {} output {stdout {} }我這里是, 監(jiān)控/home/hadoop/app.log這個(gè)文件的變化。
?
?
?
[hadoop@HadoopMaster logstash-2.4.1]$ pwd /home/hadoop/app/logstash-2.4.1 [hadoop@HadoopMaster logstash-2.4.1]$ ll total 168 drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin -rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md -rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS -rw-rw-r--. 1 hadoop hadoop 107 Mar 27 05:55 file_stdout.conf -rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile -rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib -rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE -rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf -rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor [hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -f file_stdout.conf Settings: Default pipeline workers: 1 Pipeline main started?
?
?
?
重新打開,另外一個(gè)HadoopMaster界面。
?
[hadoop@HadoopMaster ~]$ pwd /home/hadoop [hadoop@HadoopMaster ~]$ ll total 48 drwxrwxr-x. 12 hadoop hadoop 4096 Mar 27 03:59 app -rw-rw-r--. 1 hadoop hadoop 18 Mar 26 19:59 app.log drwxrwxr-x. 7 hadoop hadoop 4096 Mar 25 06:34 data drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Desktop drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Documents drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Downloads drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Music drwxr-xr-x. 2 hadoop hadoop 4096 Mar 26 20:35 mybeat drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Pictures drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Public drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Templates drwxr-xr-x. 2 hadoop hadoop 4096 Oct 31 17:19 Videos [hadoop@HadoopMaster ~]$ echo bbbbbbb >> app.log [hadoop@HadoopMaster ~]$?
?
?
?
?
[hadoop@HadoopMaster logstash-2.4.1]$ pwd /home/hadoop/app/logstash-2.4.1 [hadoop@HadoopMaster logstash-2.4.1]$ ll total 168 drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin -rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md -rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS -rw-rw-r--. 1 hadoop hadoop 107 Mar 27 05:55 file_stdout.conf -rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile -rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib -rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE -rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf -rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor [hadoop@HadoopMaster logstash-2.4.1]$ bin/logstash -f file_stdout.conf Settings: Default pipeline workers: 1 Pipeline main started 2017-03-26T22:24:35.897Z HadoopMaster bbbbbbb?
?
?
?
?
?
?
?
?
其實(shí),這個(gè)文件,.sincedb_8f3299d0a5bdb7df6154f681fc150341也會(huì)記錄。
?
?
?注意:
? ?第一次讀取新文件,不會(huì)有.sincedb等這些,默認(rèn)根據(jù)這個(gè)start_position去讀,若start_position是end,則讀最后。若start_position是begin,則讀最開始。
若不是第一次讀取文件了,重啟Logstash,則會(huì)有.sincedb文件了,則就轉(zhuǎn)去根據(jù)這個(gè).sincedb文件讀了。不管start_position是什么,都不起效了。
start_position:指定從什么位置開始讀取文件數(shù)據(jù),默認(rèn)是結(jié)束位置,也可以指定為從頭開始。
注意:start_position僅在該文件從未被監(jiān)聽過的時(shí)候起作用,因?yàn)閘ogstash在讀取文件的時(shí)候會(huì)記錄一個(gè).sincedb文件來跟蹤文件的讀取位置,當(dāng)文件被讀取過一次之后,下次就會(huì)從.sincedb中記錄的位置讀取,start_position參數(shù)就無效了。文件默認(rèn)在用戶目錄下。
注意一個(gè)坑:ignore_older屬性,表示忽略老的數(shù)據(jù),值默認(rèn)為86400,表示忽略24小時(shí)以前的數(shù)據(jù)。如果你新監(jiān)控一個(gè)24小時(shí)以上沒有被修改過的老文件的話,就算把start_position設(shè)置為beginning,也無法獲取之前的數(shù)據(jù)。
?
?
?
?
redis?input
https://www.elastic.co/guide/en/logstash/2.4/plugins-inputs-redis.html
?
?
?
?
?
[hadoop@HadoopMaster logstash-2.4.1]$ pwd /home/hadoop/app/logstash-2.4.1 [hadoop@HadoopMaster logstash-2.4.1]$ ll total 168 drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin -rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md -rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS -rw-rw-r--. 1 hadoop hadoop 107 Mar 27 05:55 file_stdout.conf -rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile -rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib -rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE -rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf -rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor [hadoop@HadoopMaster logstash-2.4.1]$ vim redis_stdout.conf?
?
?
?
input {redis {host => "192.168.80.12"port => 6379data_type => "list"key => "filebeat"} } filter {} output {stdout {} }?
? 這里,用到redis,不會(huì)用的博友,請(qǐng)移步
redis的安裝(圖文詳解)
? 這里,等我安裝好了之后,再來。
?
?
?
?
?
?
?
Logstash?的output
redis output
https://www.elastic.co/guide/en/logstash/2.4/plugins-outputs-redis.html
?
?
?
?
[hadoop@HadoopMaster logstash-2.4.1]$ pwd /home/hadoop/app/logstash-2.4.1 [hadoop@HadoopMaster logstash-2.4.1]$ ll total 172 drwxrwxr-x. 2 hadoop hadoop 4096 Mar 27 03:58 bin -rw-rw-r--. 1 hadoop hadoop 102879 Nov 14 10:04 CHANGELOG.md -rw-rw-r--. 1 hadoop hadoop 2249 Nov 14 10:04 CONTRIBUTORS -rw-rw-r--. 1 hadoop hadoop 107 Mar 27 05:55 file_stdout.conf -rw-rw-r--. 1 hadoop hadoop 5084 Nov 14 10:07 Gemfile -rw-rw-r--. 1 hadoop hadoop 23015 Nov 14 10:04 Gemfile.jruby-1.9.lock drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 lib -rw-rw-r--. 1 hadoop hadoop 589 Nov 14 10:04 LICENSE -rw-rw-r--. 1 hadoop hadoop 46 Mar 27 05:30 logstash-simple.conf -rw-rw-r--. 1 hadoop hadoop 149 Nov 14 10:04 NOTICE.TXT -rw-rw-r--. 1 hadoop hadoop 155 Mar 27 06:43 redis_stdout.conf drwxrwxr-x. 4 hadoop hadoop 4096 Mar 27 03:58 vendor [hadoop@HadoopMaster logstash-2.4.1]$ vim stdin_es.conf?
?
?
?
?
?
?
elasticsearch output
即把Logstash里的數(shù)據(jù),寫到elasticsearch 集群(這臺(tái)192.168.80.10里)
hosts=>"192.168.80.00"或hosts=>["192.168.80.10:9200","192.168.80.11:9200","192.168.80.12:9200"] 1.x中屬性名稱叫host
默認(rèn)向es中創(chuàng)建的索引庫(kù)是logstash-%{+YYYY.MM.dd},可以利用es中的索引模板特性定義索引庫(kù)的一些基礎(chǔ)配置。
?
input {stdin { } } filter {} output {elasticsearch {hosts => "192.168.80.10:9200"} }?
?
?
?
?
?
繼續(xù)
?
?
?
?
?
?
Filter plugins
繼續(xù)
?
轉(zhuǎn)載于:https://www.cnblogs.com/zlslch/p/6624457.html
總結(jié)
以上是生活随笔為你收集整理的Logstash之Logstash inputs(file和redis插件)、Logstash outputs(elasticsearch 和redis插件)和Filter plugins...的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 解决iOS地图持续定位耗电问题
- 下一篇: jQuery_2_常规选择器-进阶选择器