咸鱼翻身记

logstash安装

2023/6/5 Install

# 账号准备

# 1.新建用户

sudo useradd -m -d /home/包名 -s /bin/bash 用户名
1

# 2.设置密码

passwd 用户名
1

# 准备依赖

//8.7.1
链接:https://pan.baidu.com/s/1w9ecq_7v3cnwrlpsUlYReg?pwd=zynt 
提取码:zynt

//7.10.2
链接:https://pan.baidu.com/s/11JNl_jL3eXRYT5gcPDiy3g?pwd=u2ya 
提取码:u2ya
1
2
3
4
5
6
7

# 执行部署

# 1.解压安装包

tar -zxf logstash-8.7.1-linux-x86_64.tar.gz
1

# 2.进入安装目录

cd logstash-8.7.1/
1

# 3.修改配置文件

input {
        kafka {
                bootstrap_servers => ["localhost:9092"]
                topics => ["user_login_log_processed", "app_access_log_processed"]
                group_id => "logstash"
                auto_offset_reset => "latest"
        }
}

filter {
        json {
                source => "message"
                skip_on_invalid_json => true
        }
        mutate {
                add_field => ["[@metadata][date]", "%{+yyyyMMdd}"]
                remove_field => ["message", "@version", "@timestamp","event"]
        }
}

output {
        elasticsearch {
                hosts => ["http://10.2.13.122:9200"]
                index => "%{[index]}_%{[@metadata][date]}"
                document_id => "%{[id]}"
                user => "elastic"
                password => "Sdp@123"
        }

        #stdout { codec => rubydebug }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

# 4.启动logstash服务

bin/logstash -n sdp -f logstash.conf 1>/dev/null &
1

启动 start.sh

#!/bin/bash
# author:sunxiaomin

bin/logstash -f logstash.conf >/dev/null &
1
2
3
4

停止 stop.sh

#!/bin/bash
# author:sunxiaomin

pid=$(ps -ef|grep logstash|grep -v grep|awk '{print $2}')

if [ -n "$pid" ]; then
  echo "found logstash process, pid is $pid"
  kill -9 $pid
fi
1
2
3
4
5
6
7
8
9
10

# 验证部署

# 1.查看logstash进程是否存在

ps -ef|grep logstash|grep -v grep
1

# 2.查看日志是否有异常

tail -100 logs/logstash-plain.log
1