info
-
documentation
-
install steps
-
downloads
#### AAA install with apt-get # 1. import pgp key # download and install the public signing key $ wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - # 2. add the repository definition $ echo "deb https://packages.elastic.co/logstash/2.3/debian stable main" | \ sudo tee -a /etc/apt/sources.list # 2.3 install $ sudo apt-get update && sudo apt-get install logstash #### BBB install from tar.gz $ curl -O https://download.elastic.co/logstash/logstash/logstash-5.0.0-alpha3.tar.gz $ tar zxvf logstash-5.0.0-alpha3.tar.gz -
prepare a
logstash.confconfig file -
run
$ bin/logstash agent -f logstash.conf
-
-
config
-
config file json format
$ cat demo.conf # this is a comment input { ... } filter { ... } output { ... }
-
docker-logstash
processing pipeline
-
-
file
-
syslog
-
redis
-
-
-
grok
parse and structure arbitrary text -
mutate
transform: rename remove replace modify -
drop
-
clone
-
geoip
-
-
-
elasticsearch
-
file
-
statsd
-
-
-
multiline
demo
-
basic logstash pipeline
-
test installation
$ cd logstash-2.3.0 $ bin/logstash -e 'input { stdin { } } output{ stdout{ } }' -
-eflagspecify a configuration from command line
-
-
rubydebug
$ bin/logstash -e 'input { stdin { } } output{ stdout { codec => rubydebug } }' hello -
elasticsearch output
-
command
# if connect to another container # change `elasticsearch { host = localhost }` # to `elasticsearch { hosts => ["192.168.99.100:9200"] }` $ bin/logstash -e 'input { stdin { } } output{ elasticsearch { } }' -
check indexes
$ curl http://localhost:9200/_search?pretty { "name" : "Ellie Phimster", "cluster_name" : "elasticsearch", "version" : { "number" : "2.3.3", "build_hash" : "218bdf10790eef486ff2c41a3df5cfa32dadcfde", "build_timestamp" : "2016-05-17T15:40:04Z", "build_snapshot" : false, "lucene_version" : "5.5.0" }, "tagline" : "You Know, for Search" }
-