为啥要用logstash?因为KLF套件里指定。那就先搞定再思考吧。
本来是不打算弄这个破玩意的。乱七八糟的。最烦人。
一搜互联网。就是抄抄抄。于是就想了抄王麻花腾。
BS!FUCK IT.
牢骚一下,入正题.
背景信息。找了一个和已安装的es,kinbana匹配版本号下载。5.4.1的WINDOWS版本
https://artifacts.elastic.co/downloads/logstash/logstash-5.4.1.zip
想下哪个版本,就是改后面的编号。
按理来说。下下来。直接运行就可以了吧?
报错啊。踏马的。又是折腾几个小时。草泥麻。网上找原因。
都是一帮连话都说不利索的程序猿写的博客。没有来源。没有去向。就是只言片语。然后要靠悟。悟泥马逼。沙吊。要么你就别写。看不得那种要死不断气的搞法。FUCK.
沙比太多。还是自己找吧。
执行BIN/LOGSTACH.BAT的时候错误现象。
C:\Users\Administrator>D:\es\logstash-5.4.1\logstash-5.4.1\bin\logstash.bat
Sending Logstash's logs to D:/es/logstash-5.4.1/logstash-5.4.1/logs which is now
configured via log4j2.properties
ERROR: No configuration file was specified. Perhaps you forgot to provide the '-
f yourlogstash.conf' flag?
usage:
bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG]
bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace
] [-w COUNT] [-l LOG]
bin/logstash -i SHELL [--log.level fatal|error|warn|info|debug|trace]
bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
bin/logstash --help
后来找来找去。
最终的解决方法就是在启动的时候指定一个配置文件即可。
格式如下:
C:\Users\Administrator>D:\es\logstash-5.4.1\logstash-5.4.1\bin\logstash -f D:\es
\logstash-5.4.1\logstash-5.4.1\config\Logstash.conf
就这样就搞定了。看到启动成功的消息。
Sending Logstash's logs to D:/es/logstash-5.4.1/logstash-5.4.1/logs which is no
configured via log4j2.properties
[2018-02-03T15:37:13,090][INFO ][logstash.outputs.elasticsearch] Elasticsearch
ool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2018-02-03T15:37:13,105][INFO ][logstash.outputs.elasticsearch] Running health
check to see if an Elasticsearch connection is working {:healthcheck_url=>http:
/localhost:9200/, :path=>"/"}
[2018-02-03T15:37:13,402][WARN ][logstash.outputs.elasticsearch] Restored conne
tion to ES instance {:url=>#<URI::HTTP:0x7230e6b3 URL:http://localhost:9200/>}
[2018-02-03T15:37:13,402][INFO ][logstash.outputs.elasticsearch] Using mapping
emplate from {:path=>nil}
[2018-02-03T15:37:13,590][INFO ][logstash.outputs.elasticsearch] Attempting to
nstall template {:manage_template=>{"template"=>"logstash-*", "version"=>50001,
"settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"
>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"p
th_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text
, "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"st
ing", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"
>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all
=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"
ynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_p
int"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}
}}}}}
[2018-02-03T15:37:13,621][INFO ][logstash.outputs.elasticsearch] Installing ela
ticsearch template to _template/logstash
[2018-02-03T15:37:13,841][INFO ][logstash.outputs.elasticsearch] New Elasticsea
ch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic:
x2cd6b3f4 URL://localhost:9200>]}
[2018-02-03T15:37:13,856][INFO ][logstash.pipeline ] Starting pipeline {
id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch
delay"=>5, "pipeline.max_inflight"=>250}
[2018-02-03T15:37:13,888][INFO ][logstash.inputs.tcp ] Starting tcp input
istener {:address=>"0.0.0.0:5549"}
[2018-02-03T15:37:13,934][INFO ][logstash.pipeline ] Pipeline main start
d
[2018-02-03T15:37:14,028][INFO ][logstash.agent ] Successfully starte
Logstash API endpoint {:port=>9600}
那个配置文件这么写。随便扔哪个地方。只要指定的到就行。
input {
tcp {
port=>5549
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "test-logstash-%{+YYYY-MM}"
}
}
取名就叫Logstash.conf
你们看完。有帮助就必须点赞。
踏马的。要不然。下次。我也不写了。烦死你们这帮吊毛。
logstash的配置
猜你喜欢
转载自arpenker.iteye.com/blog/2410149
今日推荐
周排行