Logstash主要做由三部署组成:
- Collect:数据输入
- Enrich:数据加工,如过滤,改写等
- Transport:数据输出
下面来安装一下:
wget https://download.elastic.co/logstash/logstash/logstash-2.3.2.tar.gz tar -zxvf logstash-2.3.2.tar.gz
在logstash-2.3.2目录下创建文件shipper.conf并配置:
input {
file {
path => [ "/var/log/test_logstash.log" ]
}
}
filter {
mutate {
replace => ["host", "192.168.0.127 B[1]"]
}
}
output {
redis {
host => "192.168.0.127"
port => 6379
db => 8
data_type => "channel"
key => "logstash_list_0"
}
}
在logstash-2.3.2目录下创建文件indexer.conf并配置:
input {
redis {
host => "192.168.0.127"
port => 6379
db => 8
data_type => "channel"
key => "logstash_list_0"
}
}
output {
file {
path => "/var/log/all.log"
message_format => "%{host} %{message}"
flush_interval => 0
}
}
下面就可以启动了,命令如下:
bin/logstash agent -f indexer.conf &>/dev/null & bin/logstash agent -f shipper.conf &>/dev/null & tail -f /var/log/all.log
然后再打开一个命令终端,改变被监控的日志内容:
echo "Hello World" >> /var/log/test_logstash.log
如下图:
或者也可以查看redis-cli,如下: