rhel6.8 安装logstash6.1.3

logstash是什么点这https://doc.yonyoucloud.com/doc/logstash-best-practice-cn/get_start/hello_world.html

1、下载logstash

[root@zqddapp3 bin]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.1.3.rpm

2、安装

[root@zqddapp3 bin]# rpm -ivh logstash-6.1.3.rpm

3、测试

[root@zdhdbbsj ~]# cat /etc/logstash/conf.d/sample.conf  #配置文件  固定格式
input {
	stdin {}
}
output {
	stdout {
		codec => rubydebug
				}
}
检查配置文件语法
[root@zdhdbbsj ~]# logstash -f /etc/logstash/conf.d/sample.conf -t
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
Configuration OK

测试
[root@zdhdbbsj ~]# logstash -f /etc/logstash/conf.d/sample.conf
hello logstash
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
{
      "@version" => "1",
    "@timestamp" => 2018-02-06T08:00:00.558Z,
       "message" => "hello logstash",
          "host" => "zdhdbbsj"
}

logstash可以启动，但此种验证方式会有告警，可以提示方式处理，在“$LS_HOME”下建立“config”目录，并将”/etc/logstash/”下的文件建软链接到“config”目录，再次执行即可，如下：

[root@zqddapp3 bin]# mkdir -p /usr/share/logstash/config/
[root@zqddapp3 bin]# ln -s /etc/logstash/* /usr/share/logstash/config
[root@zqddapp3 bin]# chown -R logstash:logstash /usr/share/logstash/config/

[root@zqddapp3 bin]# ./logstash -e 'input{stdin{}}output{stdout{codec=>rubydebug}}'
ashdlkasjdlkasjdlasjdkas
Sending Logstash's logs to /usr/share/logstash/logs which is now configured via log4j2.properties
The stdin plugin is now waiting for input:
{
    "@timestamp" => 2018-02-01T07:04:42.632Z,
       "message" => "ashdlkasjdlkasjdlasjdkas",
          "host" => "zqddapp3",
      "@version" => "1"
}

默认情况使用rpm包安装完logstash之后没有启动脚本，这一点我觉得算是开发不够彻底。官网给了一个脚本，需要根据不同的系统版本生成对应的启动脚本，而且官网没有给明使用方法，对于新用户来说算是个坑，不过在终端可以查看到脚本的使用帮助。

[root@zqddapp3 bin]# ./system-install --help
Usage: system-install [OPTIONSFILE] [STARTUPTYPE] [VERSION]

NOTE: These arguments are ordered, and co-dependent

OPTIONSFILE: Full path to a startup.options file
OPTIONSFILE is required if STARTUPTYPE is specified, but otherwise looks first
in /usr/share/logstash/config/startup.options and then /etc/logstash/startup.options
Last match wins

STARTUPTYPE: e.g. sysv, upstart, systemd, etc.
OPTIONSFILE is required to specify a STARTUPTYPE.

VERSION: The specified version of STARTUPTYPE to use.  The default is usually
preferred here, so it can safely be omitted.
Both OPTIONSFILE & STARTUPTYPE are required to specify a VERSION.

For more information, see https://github.com/jordansissel/pleaserun

a、要跟startup.options文件的绝对路径，如果是rpm安装的在/etc/logstash/startup.options，如果是二进制包解压安装的则在解压目录下的config目录下面。
b、必须要跟启动类型，比如CentOS6是sysv，CentOS7是systemd。

[root@zqddapp3 bin]# ./system-install /etc/logstash/startup.options sysv
Using provided startup.options file: /etc/logstash/startup.options
Manually creating startup for specified platform: sysv
Successfully created system startup script for Logstash

启动logstash启动脚本

[root@zqddapp3 bin]#  /etc/init.d/logstash start
logstash started
[root@zqddapp3 bin]# 


日志报错
[root@zqddapp3 log]# tail -f  logstash-stderr.log 
          <main> at /usr/share/logstash/logstash-core/lib/logstash/runner.rb:1
         require at org/jruby/RubyKernel.java:955
          <main> at /usr/share/logstash/lib/bootstrap/environment.rb:66
NameError: cannot link Java class org.logstash.RubyUtil org/logstash/RubyUtil : Unsupported major.minor version 52.0
  method_missing at org/jruby/javasupport/JavaPackage.java:259
          <main> at /usr/share/logstash/logstash-core/lib/logstash-core/logstash-core.rb:37
         require at org/jruby/RubyKernel.java:955
          <main> at /usr/share/logstash/logstash-core/lib/logstash/runner.rb:1
         require at org/jruby/RubyKernel.java:955
          <main> at /usr/share/logstash/lib/bootstrap/environment.rb:66
NameError: cannot link Java class org.logstash.RubyUtil org/logstash/RubyUtil : Unsupported major.minor version 52.0
  method_missing at org/jruby/javasupport/JavaPackage.java:259
          <main> at /usr/share/logstash/logstash-core/lib/logstash-core/logstash-core.rb:37
         require at org/jruby/RubyKernel.java:955
          <main> at /usr/share/logstash/logstash-core/lib/logstash/runner.rb:1
         require at org/jruby/RubyKernel.java:955
          <main> at /usr/share/logstash/lib/bootstrap/environment.rb:66

无法启动，经过google说是java版本太低

经过查看版本是1.8啊

[root@zqddapp3 ~]# which java
/usr/local/jdk1.8/bin/java

百思不得解，因为logstash是以logstash用户启动的，所以环境变量不对，java版本还是1.7

[root@zqddapp3 ~]# sudo java -version
java version "1.7.0_45"
OpenJDK Runtime Environment (rhel-2.4.3.3.el6-x86_64 u45-b15)
OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)



vim /etc/sudoers

Defaults    secure_path = /usr/local/jdk1.8/bin:/sbin:/bin:/usr/sbin:/usr/bin

未完。。。。