Linux下如何安装Logstash

目录一、安装Logstash1.解压tar包2.配置config目录下的logstash.conf3.启动命令4.查看Logstash是否启动成功 二、配置应用项目的logback环境1.在pom.xml中添加Logstash依赖2.在resouces目录下添加logback-spring.xml三、在kibana界面查看数据1.查看索引管理2.配置索引模式总结一、安装Logstash1.解压tar包cd /data/app/elk/elk-6.8.5tar zxvf logstash-6.8.5.tar.gz2.配置config目录下的logstash.conf# 数据输入部分input { # 读取nginx访问日志 file {#path：监听文件的路径,绝对路径path => '/data/app/nginx/logs/access.log' #为Nginx的access.log路径# 格式：jsoncodec => 'json'#start_position:监听文件的起始位置，beginning：从文件的头开始读取start_position => 'beginning'#type：自定义类型type => 'nginx-access-log' } # 读取nginx异常日志 file {path => '/data/app/nginx/logs/error.log' #为Nginx的error.log路径# 格式：plain,输入的是字符串，输出把全部内容放到message字段codec => 'plain'start_position => 'beginning'type => 'nginx-error-log' }#filebeats方式beats {port => 5044type => 'beats_log'}#自定义端口，一个项目可对应一个自定义tcp端口接收数据tcp {mode => 'server'host => '192.168.X.X' #IP地址port => 21022codec => jsontype => 'application-log' #application一般为项目名称}}# 数据处理部分filter{if[type] == 'application-log'{mutate {rename => {'host' => 'hostname'}}}}# 数据输出部分output { # beat监控信息if [type] == 'beats_log'{elasticsearch { hosts => ['192.168.X.X:9200']manage_template => falseindex => '%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}' user => 'elastic' password => 'elastic2021'}} # nginx访问日志 if[type] == 'nginx-access-log' {elasticsearch { hosts => ['192.168.X.X:9200'] index => 'nginx-access-log-%{+YYYY.MM.dd}' # elasticsearch的用户名、密码 user => 'elastic' password => 'elastic2021'} } # nginx异常日志 if[type] == 'nginx-error-log'{elasticsearch{ hosts => ['192.168.X.X:9200'] index => 'nginx-error-log-%{+YYYY.MM.dd}' user => 'elastic' password => 'elastic2021'} }# 应用系统日志if[type] == 'application-log'{elasticsearch {hosts => ['192.168.X.X:9200'] index => 'application-log-%{+YYYY.MM.dd}'user => 'elastic'password => 'elastic2021'}}}3.启动命令cd /data/app/elk/elk-6.8.5/logstash-6.8.5nohup ./bin/logstash -f config/logstash.conf &4.查看Logstash是否启动成功ps -ef | grep logstash

二、配置应用项目的logback环境1.在pom.xml中添加Logstash依赖<!-- logstash 6.2 --><dependency> <groupId>net.logstash.logback</groupId> <artifactId>logstash-logback-encoder</artifactId> <version>6.2</version></dependency>2.在resouces目录下添加logback-spring.xml<?xml version='1.0' encoding='UTF-8' ?><configuration debug='false'><!-- 为logstash输出的JSON格式的Appender --><appender name='logstash_dev' class='net.logstash.logback.appender.LogstashTcpSocketAppender'><destination>192.168.X.X:21021</destination><!-- 日志输出编码 --><encoderclass='net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder'><providers><timestamp><timeZone>UTC</timeZone></timestamp><pattern><pattern>{'severity': '%level','service': '${APP_NAME:-}','trace': '%X{X-B3-TraceId:-}','span': '%X{X-B3-SpanId:-}','parent': '%X{X-B3-ParentSpanId:-}','exportable': '%X{X-Span-Export:-}','pid': '${PID:-}','thread': '%thread','class': '%logger','rest': '%message'}</pattern></pattern></providers></encoder></appender><!-- 开发环境 --> <springProfile name='develop'><!--设置根日志级别--><root level='INFO'> <appender-ref ref='logstash_dev'/></root> </springProfile></configuration>三、在kibana界面查看数据

浏览器访问192.168.X.X:5601

1.查看索引管理

2.配置索引模式

总结

以上为个人经验，希望能给大家一个参考，也希望大家多多支持好吧啦网。