1、下载
https://artifacts.elastic.co/downloads/logstash/logstash-5.4.0.rpm2、安装
yum install -y logstash-5.4.0.rpm
3、测试
1)输出到屏幕
/usr/share/logstash/bin/logstash -e ‘input { stdin {} } output { stdout { codec => rubydebug}}‘
当屏幕输出:Successfully started Logstash API字样时说明测试成功
输出解释 :
"@timestamp" 当前时间
"@version" 版本
"host" 事件发生的主机
"message" 内容
https://www.elastic.co/guide/index.html查看用法 2)测试输出到文件
/usr/share/logstash/bin/logstash -e ‘input { stdin {} } output { file { path =>"/tmp/log" } }‘
3)输出到文件带压缩
/usr/share/logstash/bin/logstash -e ‘input { stdin {} } output { file { path =>"/tmp/log.tar.gz" gzip => true } }‘
4、输出到elasticsearch
/usr/share/logstash/bin/logstash -e ‘input { stdin {} } output { elasticsearch { hosts => ["10.1.2.184:9200"] index => "logstash-test-%{+YYYY.MM.dd}" }}‘