Also this video tutorial is a lifesaver.
mkdir /opt/logstash/
cd /opt/logstash/
wget https://download.elasticsearch.org/logstash/logstash/logstash-1.3.2-flatjar.jar -O logstash.jar
Exercise one: simple input, simple output:
vi sample.conf
input {
stdin { }
}
output {
stdout {
debug => true
}
}
run it:
java -jar logstash.jar agent -v -f sample.conf
Pipeline started {:level=>:info}
pippo
output received {:event=>#"pippo", "@version"=>"1",
"@timestamp"=>"2014-01-04T11:11:42.559Z",
"host"=>"osb-vagrant.acme.com"}, @cancelled=false>, :level=>:info}
{
"message" => "pippo",
"@version" => "1",
"@timestamp" => "2014-01-04T11:11:42.559Z",
"host" => "osb-vagrant.acme.com"
}
Running "java -jar logstash.jar agent -vv -f sample.conf" can be quite educational.
Removing the "debug => true" from the sample.conf:
java -jar logstash.jar agent -f sample.conf
pippo 2014-01-04T11:34:40.255+0000 osb-vagrant.acme.com pippo
To activate the embedded elasticsearch:
vi es.conf
input {
file {
path => "/opt/logstash/myfile.log"
}
}
output {
elasticsearch {
embedded => true
}
}
at this point, whatever you add in myfile.log will automatically appear in elasticsearch.
If you run logstash with the "web" option:
java -jar logstash.jar agent -f es.conf -- web
then access kibana: http://yourhost:9292
Here http://logstash.net/docs/1.3.2/ you find detailed documentation of each input, codec, output, filter stanzas.
No comments:
Post a Comment