版权声明: https://blog.csdn.net/Master_chaoAndQi/article/details/83930488
https://www.elastic.co/guide/en/logstash/current/index.html1 下载安装包
wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.2.tar.gz2 官网一些资料
官网安装教程:https://www.elastic.co/guide/en/logstash/current/installing-logstash.html
input插件:https://www.elastic.co/guide/en/logstash/current/input-plugins.html
filter插件:https://www.elastic.co/guide/en/logstash/current/filter-plugins.html
output插件:https://www.elastic.co/guide/en/logstash/current/output-plugins.html3 解压文件
tar -zxvf logstash-6.2.2.tar.gz
4 切换到安装目录快速启动 在控制台输入helloword 在控制台显示 helloword
看到提示 The stdin plugin is now waiting for input: 输入helloword
./bin/logstash -e 'input {stdin {}} output {stdout {}}'2018-11-11T00:40:53,667][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-11-11T00:40:54,005][INFO ][logstash.pipeline ] Pipeline started succesfully {:pipeline_id=>"main", :thread=>"#<Thread:0x4d1e0c29 run>"}
The stdin plugin is now waiting for input:
[2018-11-11T00:40:54,401][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
helloword
2018-11-10T16:41:47.376Z demo helloword
5 简单配置启动完成
6 将elasticsearch生成的日志文件 采集至logstash 并输出在控制台 从文件读取
新建test1.conf配置文件 指定 文件路径
input {
# 从文件读取日志信息 输送到控制台
file {
path =>" /soft/elasticsearch-6.4.3/logs/elasticsearch.log"
#codec =>"json"
type =>"elasticsearch"
start_position =>"beginning"
}
}
# filter {
#
# }
output {
# 标准输出
# stdout {}
# 输出进行格式化,采用Ruby库来解析日志
stdout { codec => rubydebug }
}
7 启动logstash
bin/logstash -f ./config/test1.conf 8 同时启动elasticsearch 可以看到启动信息输出同时输出格式化输出在控制台
[wqwDnl5] stopping watch service, reason [shutdown initiated]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:54:05.825Z
}
{
"message" => "[2018-11-11T00:40:01,542][INFO ][o.e.n.Node ] [wqwDnl5] stopped",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:54:05.827Z
}
{
"message" => "[2018-11-11T00:40:01,542][INFO ][o.e.n.Node ] [wqwDnl5] closing ...",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:54:05.833Z
}
{
"message" => "[2018-11-11T00:40:01,651][INFO ][o.e.n.Node ] [wqwDnl5] closed",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:54:05.834Z
}
{
"message" => "[2018-11-11T00:55:22,893][INFO ][o.e.n.Node ] [] initializing ...",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:23.929Z
}
{
"message" => "[2018-11-11T00:55:23,531][INFO ][o.e.e.NodeEnvironment ] [wqwDnl5] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [16.9gb], net total_space [22gb], types [rootfs]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:23.987Z
}
{
"message" => "[2018-11-11T00:55:23,532][INFO ][o.e.e.NodeEnvironment ] [wqwDnl5] heap size [119.8mb], compressed ordinary object pointers [true]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:23.988Z
}
{
"message" => "[2018-11-11T00:55:23,746][INFO ][o.e.n.Node ] [wqwDnl5] node name derived from node ID [wqwDnl5lTAmSGCniKejViw]; set [node.name] to override",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:23.991Z
}
{
"message" => "[2018-11-11T00:55:23,747][INFO ][o.e.n.Node ] [wqwDnl5] version[6.4.3], pid[7534], build[default/tar/fe40335/2018-10-30T23:17:19.084789Z], OS[Linux/2.6.32-504.el6.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_181/25.181-b13]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:23.991Z
}
{
"message" => "[2018-11-11T00:55:23,748][INFO ][o.e.n.Node ] [wqwDnl5] JVM arguments [-Xms124m, -Xmx124m, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.VKqdpux6, -XX:+HeapDumpOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/soft/elasticsearch-6.4.3, -Des.path.conf=/soft/elasticsearch-6.4.3/config, -Des.distribution.flavor=default, -Des.distribution.type=tar]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:23.992Z
}
{
"message" => "[2018-11-11T00:55:34,186][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [aggs-matrix-stats]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.102Z
}
{
"message" => "[2018-11-11T00:55:34,187][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [analysis-common]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.103Z
}
{
"message" => "[2018-11-11T00:55:34,187][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [ingest-common]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.109Z
}
{
"message" => "[2018-11-11T00:55:34,187][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [lang-expression]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.111Z
}
{
"message" => "[2018-11-11T00:55:34,187][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [lang-mustache]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.112Z
}
{
"message" => "[2018-11-11T00:55:34,188][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [lang-painless]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.114Z
}
{
"message" => "[2018-11-11T00:55:34,191][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [mapper-extras]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.119Z
}
{
"message" => "[2018-11-11T00:55:34,192][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [parent-join]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.120Z
}
{
"message" => "[2018-11-11T00:55:34,193][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [percolator]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.121Z
}
{
"message" => "[2018-11-11T00:55:34,196][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [rank-eval]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.122Z
}
{
"message" => "[2018-11-11T00:55:34,197][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [reindex]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.127Z
}
{
"message" => "[2018-11-11T00:55:34,197][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [repository-url]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.129Z
}
{
"message" => "[2018-11-11T00:55:34,198][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [transport-netty4]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.131Z
}
{
"message" => "[2018-11-11T00:55:34,198][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [tribe]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.133Z
}
{
"message" => "[2018-11-11T00:55:34,198][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-core]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.137Z
}
{
"message" => "[2018-11-11T00:55:34,200][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-deprecation]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.139Z
}
{
"message" => "[2018-11-11T00:55:34,200][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-graph]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.139Z
}
{
"message" => "[2018-11-11T00:55:34,204][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-logstash]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.141Z
}
{
"message" => "[2018-11-11T00:55:34,205][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-ml]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.142Z
}
{
"message" => "[2018-11-11T00:55:34,205][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-monitoring]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.145Z
}
{
"message" => "[2018-11-11T00:55:34,206][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-rollup]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.146Z
}
{
"message" => "[2018-11-11T00:55:34,206][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-security]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.146Z
}
{
"message" => "[2018-11-11T00:55:34,206][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-sql]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.148Z
}
{
"message" => "[2018-11-11T00:55:34,207][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-upgrade]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.149Z
}
{
"message" => "[2018-11-11T00:55:34,210][INFO ][o.e.p.PluginsService ] [wqwDnl5] loaded module [x-pack-watcher]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.150Z
}
{
"message" => "[2018-11-11T00:55:34,211][INFO ][o.e.p.PluginsService ] [wqwDnl5] no plugins loaded",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:35.151Z
}
{
"message" => "[2018-11-11T00:55:50,403][INFO ][o.e.x.s.a.s.FileRolesStore] [wqwDnl5] parsed [0] roles from file [/soft/elasticsearch-6.4.3/config/roles.yml]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:51.177Z
}
{
"message" => "[2018-11-11T00:55:53,439][INFO ][o.e.x.m.j.p.l.CppLogMessageHandler] [controller/7584] [Main.cc@109] controller (64 bit): Version 6.4.3 (Build 7a0781676dd492) Copyright (c) 2018 Elasticsearch BV",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:54.248Z
}
{
"message" => "[2018-11-11T00:55:57,129][DEBUG][o.e.a.ActionModule ] Using REST wrapper from plugin org.elasticsearch.xpack.security.Security",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:55:57.276Z
}
{
"message" => "[2018-11-11T00:56:00,270][INFO ][o.e.d.DiscoveryModule ] [wqwDnl5] using discovery type [zen]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:01.313Z
}
{
"message" => "[2018-11-11T00:56:05,645][INFO ][o.e.n.Node ] [wqwDnl5] initialized",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:06.322Z
}
{
"message" => "[2018-11-11T00:56:05,646][INFO ][o.e.n.Node ] [wqwDnl5] starting ...",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:06.322Z
}
{
"message" => "[2018-11-11T00:56:10,824][INFO ][o.e.t.TransportService ] [wqwDnl5] publish_address {192.168.34.3:9300}, bound_addresses {[::]:9300}",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:11.330Z
}
{
"message" => "[2018-11-11T00:56:11,163][INFO ][o.e.b.BootstrapChecks ] [wqwDnl5] bound or publishing to a non-loopback address, enforcing bootstrap checks",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:11.338Z
}
{
"message" => "[2018-11-11T00:56:15,645][INFO ][o.e.c.s.MasterService ] [wqwDnl5] zen-disco-elected-as-master ([0] nodes joined)[, ], reason: new_master {wqwDnl5}{wqwDnl5lTAmSGCniKejViw}{m0CARPnHQHSNI2PFt5UNbA}{192.168.34.3}{192.168.34.3:9300}{ml.machine_memory=1044717568, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:16.422Z
}
{
"message" => "[2018-11-11T00:56:15,691][INFO ][o.e.c.s.ClusterApplierService] [wqwDnl5] new_master {wqwDnl5}{wqwDnl5lTAmSGCniKejViw}{m0CARPnHQHSNI2PFt5UNbA}{192.168.34.3}{192.168.34.3:9300}{ml.machine_memory=1044717568, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true}, reason: apply cluster state (from master [master {wqwDnl5}{wqwDnl5lTAmSGCniKejViw}{m0CARPnHQHSNI2PFt5UNbA}{192.168.34.3}{192.168.34.3:9300}{ml.machine_memory=1044717568, xpack.installed=true, ml.max_open_jobs=20, ml.enabled=true} committed version [1] source [zen-disco-elected-as-master ([0] nodes joined)[, ]]])",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:16.422Z
}
{
"message" => "[2018-11-11T00:56:15,830][INFO ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [wqwDnl5] publish_address {192.168.34.3:9200}, bound_addresses {[::]:9200}",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:16.422Z
}
{
"message" => "[2018-11-11T00:56:15,832][INFO ][o.e.n.Node ] [wqwDnl5] started",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:16.422Z
}
{
"message" => "[2018-11-11T00:56:20,967][WARN ][o.e.x.s.a.s.m.NativeRoleMappingStore] [wqwDnl5] Failed to clear cache for realms [[]]",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:21.432Z
}
{
"message" => "[2018-11-11T00:56:21,278][INFO ][o.e.l.LicenseService ] [wqwDnl5] license [b234259e-9ad9-4efa-a7c5-5bc0c0bbd157] mode [basic] - valid",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:21.433Z
}
{
"message" => "[2018-11-11T00:56:21,379][INFO ][o.e.g.GatewayService ] [wqwDnl5] recovered [3] indices into cluster_state",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:21.580Z
}
{
"message" => "[2018-11-11T00:56:26,293][INFO ][o.e.c.r.a.AllocationService] [wqwDnl5] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[blog][2], [blog][0]] ...]).",
"type" => "elasticsearch",
"path" => "/soft/elasticsearch-6.4.3/logs/elasticsearch.log",
"@version" => "1",
"host" => "demo",
"@timestamp" => 2018-11-10T16:56:26.590Z
}