Logstash 监听文件变动，并将内容同步到elasticse

logstash.yml 文件添加：

 xpack.monitoring.elasticsearch.url: "http://192.168.198.223:9200"

 xpack.monitoring.elasticsearch.username: "logstash_system"

 xpack.monitoring.elasticsearch.password: "changeme"

Logstash 安装x-pack 插件：

logstash-plugin install file://E:/tmp/x-pack-5.2.2.zip   # (windows)

or

logstash-plugin install file:///tmp/x-pack-5.2.2.zip  # (centos)

配置文件 test.conf：

input{

    file{

        path => ["E:\temp\nginx-1.11.3\nginx-1.11.3\logs\access.log"]

     }

beats{

     port => 5044

}

}

output{

    elasticsearch{

    user => "elastic"

    password => "elasticpassword"

        hosts => ["192.168.198.223:9200"]

    index => "message-%{+YYYY-MM}"

     }stdout{

              codec=>rubydebug

      }

}

可以通过kibana 查看相关内容，并监测相关修改频率。