编辑配置文件配置logstash
vim /etc/logstash/conf.d/01-logstash.conf
input { stdin{} }
output {
elasticsearch{ hosts => ["192.168.56.11:9200"] }
stdout { code => rubydebug }
}
/opt/logstash/bin/logstash -f /etc/logstash/conf.d/01-logstash.conf
logstash配置文件语法详解参见下面,常用插件也需要去官网查询:
https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
以file插件为例,学习配置文件语法:
vim /etc/logstash/conf.d/file.conf
input {
file {
path => "/var/log/messages"
type => "system"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["192.168.56.11:9200"]
index => "system-%{+YYYY.MM.dd}"
}
}
/opt/logstash/bin/logstash -f /etc/logstash/conf.d/file.conf