Configuration of logstash

Why use logstash? Because it is specified in the KLF package. Then do it first and then think about it.

I wasn't planning on doing this shit. very messy. most annoying.

Search the internet. It's just copying. So I thought about copying Wang Ma Huateng.

BS! FUCK IT.

Complain about it, get to the point.

Background information. Find a version number that matches the installed es and kinbana to download. The WINDOWS version of 5.4.1


https://artifacts.elastic.co/downloads/logstash/logstash-5.4.1.zip

Which version you want to download is to change the number behind.

Logically speaking. down. Can you run it directly? Report an

error. on horseback. Another few hours of tossing. Grass mud. Find the reason online.

They are all blogs written by a bunch of programmers who can't even talk. No source. There is no whereabouts. Just a few words. Then rely on enlightenment. Realize mud horse force. Sand hanging. Either you don't write. I can't see that kind of way of doing it. FUCK.

Too much sabi. Find it yourself.

Error phenomenon when executing BIN/LOGSTACH.BAT.

C:\Users\Administrator>D:\es\logstash-5.4.1\logstash-5.4.1\bin\logstash.bat
Sending Logstash's logs to D:/es/logstash-5.4.1/logstash-5.4.1/ logs which is now
configured via log4j2.properties
ERROR: No configuration file was specified. Perhaps you forgot to provide the '
-f yourlogstash.conf' flag?
usage:
  bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG ]
  bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace
] [-w COUNT] [-l LOG]
  bin/logstash -i SHELL [--log. level fatal|error|warn|info|debug|trace]
  bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
  bin/logstash --help I looked for

it later.

The final solution is to specify a configuration file at startup.

The format is as follows:
C:\Users\Administrator>D:\es\logstash-5.4.1\logstash-5.4.1\bin\logstash -f D:\es
\logstash-5.4.1\logstash-5.4.1\config \Logstash.conf

and that's it. See the message that the startup was successful.

Sending Logstash's logs to D:/es/logstash-5.4.1/logstash-5.4.1/logs which is no
configured via log4j2.properties
[2018-02-03T15:37:13,090][INFO ][logstash.outputs.elasticsearch] Elasticsearch
ool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2018-02-03T15:37:13,105][INFO ][logstash.outputs.elasticsearch] Running health
check to see if an Elasticsearch connection is working {:healthcheck_url=>http:
/localhost:9200/, :path=>"/"}
[2018-02-03T15:37:13,402][WARN ][logstash.outputs.elasticsearch] Restored conne
tion to ES instance {:url=>#<URI::HTTP:0x7230e6b3 URL:http://localhost:9200/>}
[2018-02-03T15:37:13,402][INFO ][logstash.outputs.elasticsearch] Using mapping
emplate from {:path=>nil}
[2018-02-03T15:37:13,590][INFO ][logstash.outputs.elasticsearch] Attempting to
nstall template {:manage_template=>{"template"=>"logstash-*", "version"=>50001,
"settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"
>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"p
th_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text
, "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"st
ing", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"
>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all
=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"
ynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_p
int"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}
}}}}}
[2018-02-03T15:37:13,621][INFO ][logstash.outputs.elasticsearch] Installing ela
ticsearch template to _template/logstash
[2018-02-03T15:37:13,841][INFO ][logstash.outputs.elasticsearch] New Elasticsea
ch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic:
x2cd6b3f4 URL://localhost:9200>]}
[2018-02-03T15:37:13,856][INFO ][logstash.pipeline        ] Starting pipeline {
id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch
delay"=>5, "pipeline.max_inflight"=>250}
[2018- 02-03T15:37:13,888][INFO ][logstash.inputs.tcp ] Starting tcp input
istener {:address="0.0.0.0:5549"}
[2018-02-03T15:37:13,934][INFO ][ logstash.pipeline ] Pipeline main start
d
[2018-02-03T15:37:14,028][INFO ][logstash.agent ] Successfully starte
Logstash API endpoint {:port=>9600}


That configuration file is written like this. Just throw it anywhere. Just specify it.
input {

tcp {

port=>5549       

}

}

  

  

output {

elasticsearch {

hosts => ["localhost:9200" ]

index => "test-logstash-%{+YYYY-MM}"        

}

}


It's called Logstash.conf

after reading it. It has to be liked if it helps.

on horseback. otherwise. next time. I don't write anymore. Annoying you bastards.