logstash语法格式
logstash语法格式
logstash 默认的语法结构
- input {
- stdin{}
- }
- filter{ #filter可省略
- }
- output{
- stdout{}
- }
配置好conf文件后,使用-f指定该文件启动:
- /usr/share/logstash/bin/logstash -f XXX.conf
后端启动:
- nohup /usr/share/logstash/bin/logstash -f XXX.conf &
logstash-agent
功能:负责在tomcatserver上抓取tomcat的run和operation日志,并把日志提交给redis中间件。
#vim logstash-agent.conf
- input{
- file {
- path => “/etc/logstash/conf.d/run.log”
- start_position => “beginning”
- sincedb_path => “/dev/null”
- }
logstash-indexer
功能:logstash-indexer安装在redis中间件上,将redis中的数据导入到es中。
#vim redis.conf
- input{
- redis{
- host => “redis地址”
- port => “6379”
- db => “储存到哪个库”
- data_type => “list”
- key => “demo”
- password => “test”
- }
- }
- output{
- elasticsearch {
- hosts => [“es地址”]
- index => “djcpslog-%{+YYYY.MM.dd}”
- }