elk7.7.1【系列六】logstash7.7.1安装及基础配置

1、下载logstash

https://artifacts.elastic.co/downloads/logstash/logstash-7.7.1.rpm

2、安装logstash

rpm --install logstash-7.7.1.rpm

3、默认文件目录 

TypeDescriptionDefault LocationSetting

home

Home directory of the Logstash installation.

/usr/share/logstash

 

bin

Binary scripts including logstash to start Logstash and logstash-plugin to install plugins

/usr/share/logstash/bin

 

settings

Configuration files, including logstash.yml, jvm.options, and startup.options

/etc/logstash

path.settings

conf

Logstash pipeline configuration files

/etc/logstash/conf.d/*.conf

See /etc/logstash/pipelines.yml

logs

Log files

/var/log/logstash

path.logs

plugins

Local, non Ruby-Gem plugin files. Each plugin is contained in a subdirectory. Recommended for development only.

/usr/share/logstash/plugins

path.plugins

data

Data files used by logstash and its plugins for any persistence needs.

/var/lib/logstash

path.data

4、测试logstash

#启动logstash systemctl start logstash.service #打开启动文件目录 cd /usr/share/logstash #测试命令 bin/logstash -e 'input { stdin { } } output { stdout {} }'

logstash一般接收filebeat采集到的数据，因为filebeat更加轻量化 

5、配置filebeat将日志输入到logstash

vim /etc/filebeat/filebeat.yml

 重启filebeat

systemctl restart filebeat

6、配置logstash接收filebeat推送过来的数据

cd /etc/logstash/conf.d vim file.conf input { beats { port => "5044" } } filter{ } output { stdout { codec => rubydebug } }

这里配置的输出是控制台

#重启logstash systemctl restart logstash

查看控制台输出

systemctl status logstash