1、elasticsearch和kibana搭建配置见
https://blog.csdn.net/yh_zeng2/article/details/148812447?spm=1001.2014.3001.5501
2、logstash 下载
下载和elasticsearch版本一致的logstash,下载地址:
Past Releases of Elastic Stack Software | Elastic
这里下载的是 logstash-6.8.23
通过网盘分享的文件:logstash-6.8.23.zip
链接: https://pan.baidu.com/s/1bAr_z6Dz8OUVKH0cLhKJ3g?pwd=1234 提取码: 1234
3、配置 logstash.conf
在conf目录下添加 logstash.conf,可以从logstash-sample.conf拷贝,内容 如下:
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.
input {
file{
path => ["D:/log/documentdemo/*.log"]
start_position => "beginning"
# type随便填写个名字
type => "document-demo-system"
}
file{
path => ["D:/log/say/*.log"]
start_position => "beginning"
type => "say-system"
}
}
output {
if [type] == "document-demo-system" {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "document-logs-%{+YYYY.MM.dd}"
}
}
if [type] == "say-system" {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "say-logs-%{+YYYY.MM.dd}"
}
}
# 可选:将日志输出到控制台进行调试
# stdout { codec => rubydebug }
}
4、启动logstash
注意:logstash的路径不能有空格,否则报:
错误: 找不到或无法加载主类 Tools\logstash\logstash-6.8.23\logstash-core\lib\jars
\animal-sniffer-annotations-1.14.jar;E:\java
请按任意键继续. . .启动要指定配置文件 ,命令如下:
call logstash.bat -f E:\tools\logstash\logstash-6.8.23\config\logstash.conf1)Kibana 点击 Management
http://localhost:5601/app/kibana#/management?_g=()
2)访问Management页面上的IndexPatterns,Create index pattern
3)Discover搜索日志,如下图:
