filebeat+ELK+kafka集群搭建(四:logstash部署)
logstash部署
1.安装java
官网推荐需要安装Java8,不支持Java9所以安装java8
[root@logstash ~]# yum install -y java-1.8.0
[root@logstash ~]# java -version
openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-b10)
OpenJDK 64-Bit Server VM (build 25.171-b10, mixed mode)
2.导入Elasticsearch PGP密钥
[root@ logstash ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
3.建立rpm包的repo
[root@ logstash ~]# vim /etc/yum.repos.d/logstash.repo
[logstash-5.x]
name=Elastic repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
4.安装logstash
[root@logstash ~]# yum -y install logstash
5.添加配置文件logstash.conf (只是简单配置看出效果,后续更新使用)
[root@logstash ~]# cd /etc/logstash/conf.d/
[root@logstash conf.d]# vim logstash.conf #新增配置文件logstash.conf,文件名可自己定义
input {
kafka {
bootstrap_servers => "192.168.205.155:9092,192.168.205.155:9092,192.168.205.155:9092"
topics => ["credit"] ##和filebeat配置文件对应的
# group_id => "test-consumer-group"
# codec => "plain"
# consumer_threads => 1
decorate_events => true
}
}
output {
elasticsearch {
hosts => ["192.168.205.155:9200","192.168.205.156:9200","192.168.205.157:9200"]
index => "logs-%{+YYYY.MM.dd}"
workers => 1
}
}
6.启动、添加开机自启
[root@logstash ~]# systemctl start logstash
[root@logstash ~]# systemctl enable logstash
[root@logstash ~]# systemctl status logstash
● logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
Active: active (running) since 四 2018-05-24 16:13:35 CST; 1min 1s ago
7.检测配置文件是否正确(出现OK正确)
[root@logstash ~]# /usr/share/logstash/bin/logstash -t --path.settings /etc/logstash/ --verbose
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
Configuration OK
自此logstash安装完毕
上一篇:filebeat+ELK+kafka集群搭建(三:kafka集群部署)
下一篇:filebeat+ELK+kafka集群搭建(五:Elasticsearch集群部署)