Logstash notes

Others 2020-01-16 10:51:16 views: null

First, the concept

Elasticsearch is the current mainstream large distributed data storage and search engines can provide a powerful full-text search capabilities for users, is widely used in log retrieval, site-wide search and other fields. Logstash as Elasicsearch common real-time data acquisition engine may collect data from different sources, and the data is output to a variety of post-processing the output source, it is an important part of Elastic Stack.

Logstash data processing process includes: Inputs , the Filters , Outputs of three parts, may additionally be used in the Inputs and Outputs Codecs data format processing. Four parts are present in the form of plug-ins, user defined profile pipeline, the need to input settings, filter, output, codec plug, to achieve a particular data acquisition, data processing, data output etc.

The Inputs : used to obtain data, such as a common plug-in file, syslog, redis, beats from data sources

The Filters : for processing data such as format conversion, the data fork and the like, such as common plug grok, mutate, drop, clone, geoip etc.

The Outputs : a data output, such as a common plug elastcisearch, file, graphite, statsd etc.

Codecs : codecs is not a separate process, but rather a means for converting data input and output plug-in and the like, for the data encoding process, such as the common plug json, multiline

  • (1) Input per one thread start, acquiring data from the corresponding data source
  • (2) Input data is written to a queue: The default is memory bounded queue (stops unexpectedly can cause data loss). In order to prevent the number of lost Logstash provides two features: Persistent Queues : through the queue on the disk to prevent data loss Dead Letter Queues : Save event can not be processed (only supports Elasticsearch as the output source)
  • (3) Logstash have multiple Pipeline worker, each worker would take Pipeline a batch of data from the queue, and then executing the filter output (the number of worker and the amount of data processed by each configuration determination)

Second, the collection log

1, console input and output console

[root@hdp-1 bin]# ./logstash -e input {stdin} putput {stdout}

2, for the configuration file in order to start logstash

 bin/logstash -f console.conf

3, monitor file output to the console

input {
    file{
        path => "/root/apps/logstash-5.6.16/data.txt"
    }
 }
output {
     stdout {}
 }

4, to output console messages collected es

input { 
	file{
        path => "/root/apps/logstash-5.6.16/testFile.txt"
    }
 }
output {
  elasticsearch { hosts => ["hdp-4:9200"] }
  stdout { codec => rubydebug }
}

 

Xincong Ming
Published 77 original articles · won praise 19 · views 4069
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_41861558/article/details/102975218
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com