logstash 的基本配置与使用

2020-03-31  本文已影响0人  one_8274

安装kibana

安装logstash

生成logstash模版

PUT _template/logstash_template
{
    "template": "logstash-*",
    "settings": {
        "number_of_replicas": 1,
        "number_of_shards": 3
    },
    "mappings": {
        "logstash": {
            "properties": {
                "module": {
                    "type": "keyword"
                },
                "appid": {
                    "type": "keyword"
                },
                "table_name": {
                    "type": "keyword"
                },
                "cmd": {
                    "type": "keyword"
                },
                "action_type": {
                    "type": "keyword"
                },
                "timestamp": {
                    "type": "long"
                },
                "userid": {
                    "type": "keyword"
                },
                "cid": {
                    "type": "keyword"
                },
                "usercode": {
                    "type": "keyword"
                },
                "depart": {
                    "type": "keyword"
                },
                "orgcode": {
                    "type": "keyword"
                },
                "jobtitle": {
                    "type": "text",
                    "analyzer": "standard",
                    "fields": {
                        "keyword": {
                            "type": "keyword"
                        }
                    }
                },
                "joblevel": {
                    "type": "keyword"
                },
                "query": {
                    "type": "text",
                    "analyzer": "standard",
                    "fields": {
                        "keyword": {
                            "type": "keyword"
                        }
                    }
                },
                "from": {
                    "type": "long"
                },
                "size": {
                    "type": "long"
                },
                "result_count": {
                    "type": "long"
                },
                "resp_time": {
                    "type": "long"
                },
                "sort": {
                    "type": "keyword"
                },
                "itemid": {
                    "type": "keyword"
                },
                "other_info": {
                    "type": "nested"
                }
            }
        }
        "logs": {
            "properties": {
                "module": {
                    "type": "keyword"
                },
                "appid": {
                    "type": "keyword"
                },
                "table_name": {
                    "type": "keyword"
                },
                "cmd": {
                    "type": "keyword"
                },
                "action_type": {
                    "type": "keyword"
                },
                "timestamp": {
                    "type": "long"
                },
                "userid": {
                    "type": "keyword"
                },
                "cid": {
                    "type": "keyword"
                },
                "usercode": {
                    "type": "keyword"
                },
                "depart": {
                    "type": "keyword"
                },
                "orgcode": {
                    "type": "keyword"
                },
                "jobtitle": {
                    "type": "text",
                    "analyzer": "standard",
                    "fields": {
                        "keyword": {
                            "type": "keyword"
                        }
                    }
                },
                "joblevel": {
                    "type": "keyword"
                },
                "query": {
                    "type": "text",
                    "analyzer": "standard",
                    "fields": {
                        "keyword": {
                            "type": "keyword"
                        }
                    }
                },
                "from": {
                    "type": "long"
                },
                "size": {
                    "type": "long"
                },
                "result_count": {
                    "type": "long"
                },
                "resp_time": {
                    "type": "long"
                },
                "sort": {
                    "type": "keyword"
                },
                "itemid": {
                    "type": "keyword"
                },
                "other_info": {
                    "type": "nested"
                }
            }
        }  
    }
}

设置logstash pipeline

input{
    kafka{
                bootstrap_servers=>"kafka_host1:port,kafka_host2:port"
                topics=>["kafka_logstash_pipeline"]
                group_id=>"kafka_logstash"
                codec=>"json"
        }
}
filter{
    mutate{
        add_field=>{ "@fields"=> "%{fields}" }
    }
    json{
        source=>"@fields"
        remove_field=>["fields", "@fields"]
    }
    date{
        match=>["timestamp", "UNIX"]
        remove_field=>"timestamp"
    }
    ruby {
            code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"
    }
    ruby {
            code => "event.set('@timestamp',event.get('timestamp'))"
            remove_field=>"timestamp"
    }
}
output{
        elasticsearch{
                hosts=>["elasticsearch_host1:port", "elasticsearch_host2:port"]
                ilm_pattern=>"{now/d}"
                template_name=>"logstash_template"
                index=>"logstash-%{+YYYY.MM.dd}"
        }
}

启动logstash

# check the validity of configuration file
./bin/logstash -f pipeline/kafka_logstash_pipeline.conf --config.test_and_exit
# run the log scribe process
nohup ./bin/logstash -f pipeline/kafka_logstash_pipeline.conf --config.reload.automatic &
上一篇 下一篇

猜你喜欢

热点阅读