从日志文件中读取日志,输出到elasticsearch集群中,test3_es.conf文件在es目录的conf目录下
1)首先进入es的目录下的bin目录,执行 ./logstash -f ../conf/test3_es.conf
此时如果执行缓慢,就清除一些数据 rm -rf data/*
2)启动es,进入到es的bin目录下,执行命令./elasticsearch
3)
logstash配置文件
配置三 test3_es.conf
========================================
input {
file {
path => "/Users/jack/Desktop/person/elk/elasticsearch-6.1.1/logs/elasticsearch.log"
type => "elasticsearch"
start_position => "beginning" #从文件开始处读写
}
}
output{
elasticsearch{
hosts=>["127.0.0.1:9201"]
index => "es-message-%{+YYYY.MM.dd}"
}
stdout{codec => rubydebug}
}
========================================
验证
查看索引列表 http://localhost:9201/_cat/indices?v
查看数据 http://localhost:9201/es-message-2018.02.26/_search
