所谓解耦,就是logstash只负责收集日志,然后将收集的日志存到redis或者消息队列里,然后再在kibana展示。
官网的logstash里面inpu件和output有对应的redis插件介绍
yum install redis
vim /etc/redis.conf
daemonize yes 让它在后台运行
bind 192.168.56.11 监听的地址
systemctl start redis
netstat -ntlup
redis-cli -h 192.168.56.11
===========================================================================
vim redis_out.conf //往redis里面写
input {
stdin{}
}
output {
redis{
hosts => "192.168.56.11:9200"
port => "6379"
db => "6"
data_type => "list"
key => "demo"
}
}
/opt/logstash/bin/logstash -f redis_out.conf
redis-cli -h 192.168.56.11
发现写到redis里面了
vim redis_in.conf //从redis里面读,写到ES里面
input {
redis{
hosts => "192.168.56.11:9200"
port => "6379"
db => "6"
data_type => "list"
key => "demo"
}
}
output {
elasticsearch {
hosts => ["192.168.56.11:9200"]
index => "redis-daemon-%{+YYYY.MM.dd}"
}
}
/opt/logstash/bin/logstash -f redis_in.conf
Elasticsearch里面可以看到redis的数据已经写到ES里面了
