Saturday, January 4, 2014

Logstash, getting my feet wet

Some instructions on how to get started:

Also this video tutorial is a lifesaver.

mkdir /opt/logstash/
cd /opt/logstash/
wget -O logstash.jar

Exercise one: simple input, simple output:
vi sample.conf
input {
  stdin { }
output {
  stdout {
    debug => true

run it:
java -jar logstash.jar agent -v -f sample.conf
Pipeline started {:level=>:info}
output received {:event=>#"pippo", "@version"=>"1", 
"host"=>""}, @cancelled=false>, :level=>:info}
       "message" => "pippo",
      "@version" => "1",
    "@timestamp" => "2014-01-04T11:11:42.559Z",
          "host" => ""

Running "java -jar logstash.jar agent -vv -f sample.conf" can be quite educational.

Removing the "debug => true" from the sample.conf:

java -jar logstash.jar agent -f sample.conf
2014-01-04T11:34:40.255+0000 pippo

To activate the embedded elasticsearch:
vi es.conf
input {
  file {
    path => "/opt/logstash/myfile.log"

output {
  elasticsearch {
    embedded => true

at this point, whatever you add in myfile.log will automatically appear in elasticsearch.
If you run logstash with the "web" option:
java -jar logstash.jar agent -f es.conf -- web
then access kibana: http://yourhost:9292
Here you find detailed documentation of each input, codec, output, filter stanzas.

No comments: