本文介紹在 CentOS 7.x 操作系統(tǒng)上安裝 Logstash 6.x 的方法與過程。

版本說明

• CentOS 7.6
• Oracle JDK 1.8.0_231
• Logstash 6.8.5

安裝步驟

1. 下載 Logstash，本示例使用 6.8.5 版本，下載文件是 logstash-6.8.5.tar.gz。

2. 執(zhí)行解壓命令 tar -xvf logstash-6.8.5.tar.gz。

3. 新增默認配置文件 logstash_default.conf，本示例將默認配置文件放在 bin 目錄下，內(nèi)容如下。

input {
  stdin{
  }
}

output {
  stdout{
  }
}

4. 進入 bin 目錄，輸入命令 ./logstash -f logstash_default.conf 啟動運行。

[root@... bin]# ./logstash -f logstash_default.conf
Sending Logstash logs to /opt/logstash/logstash-6.8.5/logs which is now configured via log4j2.properties
[2019-11-23T16:44:19,475][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-11-23T16:44:19,491][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"6.8.5"}
[2019-11-23T16:44:26,059][INFO ][logstash.pipeline        ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2019-11-23T16:44:26,205][INFO ][logstash.pipeline        ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x69358b38 run>"}
The stdin plugin is now waiting for input:
[2019-11-23T16:44:26,260][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-11-23T16:44:26,514][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

配置遠程訪問

1. 遠程計算機無法訪問以默認配置啟動的 Logstash 服務(wù)，編輯 config 目錄下 logstash.yml 配置文件，找到 http.host，將注釋 # 去掉后修改為以下內(nèi)容。

# ------------ Metrics Settings --------------
#
# Bind address for the metrics REST endpoint
#
http.host: "0.0.0.0"
#
# Bind port for the metrics REST endpoint, this option also accept a range
# (9600-9700) and logstash will pick up the first available ports.
#
# http.port: 9600-9700

2. 重啟 Logstash 服務(wù)后，在遠程計算機上打開瀏覽器，輸入地址 [Logstash 服務(wù) IP]:9600 訪問可以看到以下信息。

{
  "host": "...",
  "version": "6.8.5",
  "http_address": "0.0.0.0:9600",
  "id": "2c55733e-4569-48ce-b2ae-3e09c9cbd9b3",
  "name": "ctup000105163",
  "build_date": "2019-11-13T21:36:11+00:00",
  "build_sha": "7516754d0be7f9bf96f71f1c1a82a3a504f4d0c8",
  "build_snapshot": false
}

后臺運行

[root@... bin]# nohup ./logstash -f logstash_default.conf > /dev/null &

注意：以上命令會忽略所有日志輸出，詳細信息請參考 nohup 命令指南。

停止運行

1. 輸入命令 ps -ef | grep logstash 查找 Logstash 服務(wù)進程號。

[root@... bin]# ps -ef | grep logstash
root     126410 120649 50 16:53 pts/0    00:01:21 /opt/jdk/jdk1.8.0_231//bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -Djruby.regexp.interruptible=true -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -cp /opt/logstash/logstash-6.8.5/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/commons-codec-1.11.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/commons-compiler-3.0.8.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/error_prone_annotations-2.0.18.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/google-java-format-1.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/guava-22.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/j2objc-annotations-1.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-annotations-2.9.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-core-2.9.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-databind-2.9.9.3.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/janino-3.0.8.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/javassist-3.22.0-GA.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jruby-complete-9.2.7.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/jsr305-1.3.9.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/log4j-api-2.9.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/log4j-core-2.9.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/log4j-slf4j-impl-2.9.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/logstash-core.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/opt/logstash/logstas-6.8.5/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/opt/logstash/logstash-6.8.5/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash -f logstash_default.conf
root     127024 120649  0 16:56 pts/0    00:00:00 grep --color=auto logstash

2. 輸入命令 kill -9 進程號 關(guān)閉 Logstash 服務(wù)，然后再次輸入命令 ps -ef | grep logstash 確認 Logstash 服務(wù)已被關(guān)閉。

[root@... bin]# kill -9 126410
[root@... bin]# ps -ef | grep logstash
root     127279 120649  0 16:57 pts/0    00:00:00 grep --color=auto logstash

附

Logstash Reference