logstash從不同伺服器收集日誌到一臺總服務
阿新 • • 發佈:2018-12-19
1,wget https://artifacts.elastic.co/downloads/logstash/logstash-6.4.2.tar.gz
2,tar -zxvf logstash-6.4.2.tar.gz
3,cd /opt/tmp/logstash-6.4.2
4,在終端中,像下面這樣執行命令來啟動 Logstash 程序:
# bin/logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
然後你會發現終端在等待你的輸入。沒問題,敲入 Hello World,回車,然後看看會返回什麼結果!
安裝成功!
5,配置服務端conf
input { tcp { mode => "server" port => 9600 ssl_enable => false } } filter { json { source => "message" } } output { file { path => "/opt/lampp/crm_ceshi/logECO/%{+YYYY-MM-dd}/%{servip}-%{filename}" codec => line { format => "%{message}"} } }
啟動bin/logstash -f config/logstash-server.conf
6,另一臺需要收集的客戶端配置
input{ file { path => ["/opt/lampp/crm_ceshi/logECO/2018-10-30/agreeRefundToElemeV2.txt"] type => "ecolog" start_position => "beginning" sincedb_path => "/opt/tmp/logstash-6.4.2/data/plugins/inputs/file/.sincedb_3f3dc7129f441b61d81b1acadb65ed4e" } } filter { if [type] =~ /^ecolog/ { ruby { code => "file_name = event.get('path').split('/')[-1] event.set('file_name',file_name) event.set('servip','客戶端IP')" } mutate { rename => {"file_name" => "filename"} } } } output { tcp { host => "服務端ip" port => 9600 codec => json_lines } }
啟動bin/logstash -f config/logstash-server.conf
好了,遠端收集日誌按ip分已經完成,修改日誌檔案或增加,服務端改變