关键词:
logstash作为数据搜集器,主要分为三个部分:input->filter->output 作为pipeline的形式进行处理,支持复杂的操作,如发邮件等
input配置数据的输入和简单的数据转换
filter配置数据的提取,一般使用grok
output配置数据的输出和简单的数据转换
运行:logstash -f /etc/logstash.conf
-f 指定配置文件
-e 只在控制台运行
具体的配置见官网
https://www.elastic.co/products/logstash
Centralize, Transform & Stash Your Data
input
|
Plugin |
Description |
Github repository |
|
Receives events from the Elastic Beats framework |
||
|
Streams events from CouchDB’s |
||
|
Reads query results from an Elasticsearch cluster |
||
|
Streams events from files |
||
|
Reads GELF-format messages from Graylog2 as events |
||
|
Generates random log events for test purposes |
||
|
Reads metrics from the |
||
|
Generates heartbeat events for testing |
||
|
Receives events over HTTP or HTTPS |
||
|
Decodes the output of an HTTP API into events |
||
|
Creates events from JDBC data |
||
|
Reads events from a Kafka topic |
||
|
Reads events over a TCP socket from a Log4j |
||
|
Receives events using the Lumberjack protocl |
||
|
Pulls events from a RabbitMQ exchange |
||
|
Reads events from a Redis instance |
||
|
Streams events from files in a S3 bucket |
||
|
Pulls events from an Amazon Web Services Simple Queue Service queue |
||
|
Reads events from standard input |
||
|
Reads syslog messages as events |
||
|
Reads events from a TCP socket |
||
|
Reads events from the Twitter Streaming API |
||
|
Reads events over UDP |
Community supported plugins
These plugins are maintained and supported by the community. These plugins have met the Logstash development & testing criteria for integration. Contributors include Community Maintainers, the Logstash core team at Elastic, and the broader community.
|
Plugin |
Description |
Github repository |
|
Pulls events from the Amazon Web Services CloudWatch API |
||
|
Retrieves watchdog log events from Drupal installations with DBLog enabled |
||
|
Pulls events from the Windows Event Log |
||
|
Captures the output of a shell command as an event |
||
|
Reads Ganglia packets over UDP |
||
|
Pushes events to a GemFire region |
||
|
Reads events from a GitHub webhook |
||
|
Streams events from the logs of a Heroku app |
||
|
Reads mail from an IMAP server |
||
|
Reads events from an IRC server |
||
|
Retrieves metrics from remote Java applications over JMX |
||
|
Receives events through an AWS Kinesis stream |
||
|
Captures the output of command line tools as an event |
||
|
Streams events from a long-running command pipe |
||
|
Receives facts from a Puppet server |
||
|
Receives events from a Rackspace Cloud Queue service |
||
|
Receives RELP events over a TCP socket |
||
|
Captures the output of command line tools as an event |
||
|
Creates events based on a Salesforce SOQL query |
||
|
Creates events based on SNMP trap messages |
||
|
Creates events based on rows in an SQLite database |
||
|
Creates events received with the STOMP protocol |
||
|
Reads events over a UNIX socket |
||
|
Reads from the |
||
|
Reads events from a websocket |
||
|
Creates events based on the results of a WMI query |
||
|
Receives events over the XMPP/Jabber protocol |
||
|
Reads Zenoss events from the fanout exchange |
||
|
Reads events from a ZeroMQ SUB socket |
filter
|
Plugin |
Description |
Github repository |
|
Aggregates information from several events originating with a single task |
||
|
Replaces field values with a consistent hash |
||
|
Parses comma-separated value data into individual fields |
||
|
Parses dates from fields to use as the Logstash timestamp for an event |
||
|
Computationally expensive filter that removes dots from a field name |
||
|
Extracts unstructured event data into fields using delimiters |
||
|
Performs a standard or reverse DNS lookup |
||
|
Drops all events |
||
|
Fingerprints fields by replacing values with a consistent hash |
||
|
Adds geographical information about an IP address |
||
|
Parses unstructured event data into fields |
||
|
Parses JSON events |
||
|
Parses key-value pairs |
||
|
Merges multiple lines into a single event |
||
|
Performs mutations on fields |
||
|
Executes arbitrary Ruby code |
||
|
Sleeps for a specified time span |
||
|
Splits multi-line messages into distinct events |
||
|
Parses the |
||
|
Throttles the number of events |
||
|
Replaces field contents based on a hash or YAML file |
||
|
Decodes URL-encoded fields |
||
|
Parses user agent strings into fields |
||
|
Adds a UUID to events |
||
|
Parses XML into fields |
Community supported plugins
These plugins are maintained and supported by the community. These plugins have met the Logstash development & testing criteria for integration. Contributors include Community Maintainers, the Logstash core team at Elastic, and the broader community.
|
Plugin |
Description |
Github repository |
|
Performs general alterations to fields that the |
||
|
Checks IP addresses against a list of network blocks |
||
|
Applies or removes a cipher to an event |
||
|
Duplicates events |
||
|
Collates events by time or count |
||
|
Calculates the elapsed time between a pair of events |
||
|
Copies fields from previous log events in Elasticsearch to current events |
||
|
Stores environment variables as metadata sub-fields |
||
|
Extracts numbers from a string |
||
|
Removes special characters from a field |
||
|
Serializes a field to JSON |
||
|
Adds arbitrary fields to an event |
||
|
Takes complex events containing a number of metrics and splits these up into multiple events, each holding a single metric |
||
|
Aggregates metrics |
||
|
Parse OUI data from MAC addresses |
||
|
Prunes event data based on a list of fields to blacklist or whitelist |
||
|
Strips all non-punctuation content from a field |
||
|
Checks that specified fields stay within given size or length limits |
||
|
Replaces the contents of the default message field with whatever you specify in the configuration |
||
|
Takes an existing field that contains YAML and expands it into an actual data structure within the Logstash event |
||
|
Sends an event to ZeroMQ |
output
Elastic supported plugins
These plugins are maintained and supported by Elastic.
|
Plugin |
Description |
Github repository |
|
Writes events to disk in a delimited format |
||
|
Stores logs in Elasticsearch |
||
|
Sends email to a specified address when output is received |
||
|
Writes events to files on disk |
||
|
Writes metrics to Graphite |
||
|
Sends events to a generic HTTP or HTTPS endpoint |
||
|
Writes events to a Kafka topic |
||
|
Sends events using the |
||
|
Pushes events to a RabbitMQ exchange |
||
|
Sends events to a Redis queue using the |
||
|
Sends Logstash events to the Amazon Simple Storage Service |
||
|
Prints events to the standard output |
||
|
Writes events over a TCP socket |
||
|
Sends events over UDP |
Community supported plugins
These plugins are maintained and supported by the community. These plugins have met the Logstash development & testing criteria for integration. Contributors include Community Maintainers, the Logstash core team at Elastic, and the broader community.
|
Plugin |
Description |
Github repository |
|
Sends annotations to Boundary based on Logstash events |
||
|
Sends annotations to Circonus based on Logstash events |
||
|
Aggregates and sends metric data to AWS CloudWatch |
||
|
Sends events to DataDogHQ based on Logstash events |
||
|
Sends metrics to DataDogHQ based on Logstash events |
||
|
Stores logs in Elasticsearch using the |
||
|
Runs a command for a matching event |
||
|
Writes metrics to Ganglia’s |
||
|
Generates GELF formatted output for Graylog2 |
||
|
Writes events to Google BigQuery |
||
|
Writes events to Google Cloud Storage |
||
|
Sends metric data on Windows |
||
|
Writes events to HipChat |
||
|
Writes metrics to InfluxDB |
||
|
Writes events to IRC |
||
|
Writes strutured JSON events to JIRA |
||
|
Pushes messages to the Juggernaut websockets server |
||
|
Sends metrics, annotations, and alerts to Librato based on Logstash events |
||
|
Ships logs to Loggly |
||
|
Writes metrics to MetricCatcher |
||
|
Writes events to MongoDB |
||
|
Sends passive check results to Nagios |
||
|
Sends passive check results to Nagios using the NSCA protocol |
||
|
Sends logstash events to New Relic Insights as custom events |
||
|
Writes metrics to OpenTSDB |
||
|
Sends notifications based on preconfigured services and escalation policies |
||
|
Pipes events to another program’s standard input |
||
|
Sends events to a Rackspace Cloud Queue service |
||
|
Creates tickets using the Redmine API |
||
|
Writes events to the Riak distributed key/value store |
||
|
Sends metrics to Riemann |
||
|
Sends events to Amazon’s Simple Notification Service |
||
|
Stores and indexes logs in Solr |
||
|
Pushes events to an Amazon Web Services Simple Queue Serice queue |
||
|
Sends metrics using the |
||
|
Writes events using the STOMP protocol |
||
|
Sends events to a |
||
|
Sends Logstash events to HDFS using the |
||
|
Publishes messages to a websocket |
||
|
Posts events over XMPP |
||
|
Sends events to a Zabbix server |
||
|
Writes events to a ZeroMQ PUB socket |
logstash服务启动脚本
logstash服务启动脚本最近在弄ELK,发现logstash没有sysv类型的服务启动脚本,于是按照网上一个老外提供的模板自己进行修改#添加用户useraddlogstash-M-s/sbin/nologinmkdir/var/log/logstash/chown-Rlogstash:logstash/var/log/logstash/chown-Rlogstash:logstash/usr/ 查看详情
logstash|logstash&&logstash-input-jdbc安装
Windows系统: 1、安装Logstash 1.1进入官网下载zip包 [1] https://artifacts.el 查看详情
logstash grok 模式来监控 logstash 本身
】logstashgrok模式来监控logstash本身【英文标题】:logstashgrokpatterntomonitorlogstashitself【发布时间】:2016-05-0316:07:48【问题描述】:我想将logstash.log日志添加到我的ELK堆栈中,但我总是遇到grokparsefailure。我的模式在http://grokconstructor.a... 查看详情
logstash学习小记
logstash学习小记标签(空格分隔):日志收集IntroduceLogstashisatoolformanagingeventsandlogs.Youcanuseittocollectlogs,parsethem,andstorethemforlateruse(like,forsearching).–http://logstash.net自从2013年logstash被ES公司收购之后,ELK 查看详情
docker安装logstash(代码片段)
使用同版本镜像7.4.11、下载Logstash镜像dockerpulllogstash:7.4.1#查看镜像dockerimages 2、编辑logstash.yml配置文件logstash.yml配置文件放在宿主机/data/elk/logstash目录下,内容如下:path.config:/usr/share/logstash/conf.d/*.confpath.logs:/var/log/logstash ... 查看详情
logstash服务配置
配置文件:/usr/lib/systemd/system/logstash.service相关目录:logstash.conf位于/etc/logstash/conf.d中,logstash.yml位于/etc/logstash中[Unit]Description=LogstashDocumentation=http://www.elastic.coAfter=elasticsearch.service[Service]Environment=LS_HOME=/var/lib/logstashEnvironment=LS_HE... 查看详情
elk-logstash
logstash简介: logstash日志分析的配置和使用 logstash是一个数据分析软件,主要目的是分析log日志。整一套软件可以当作一个MVC模型,logstash是controller层,Elasticsearch是一个model层,kibana是view层。 ... 查看详情
了解一下logstash
Logstash 是一个应用程序日志、事件的传输、处理、管理和搜索的平台。你可以用它来统一对应用程序日志进行收集管理,提供 Web 接口用于查询和统计。 Logstash配置要求 Logstash支持Java1.7版本以上。 ... 查看详情
logstash(代码片段)
logstash文档地址:https://www.elastic.co/guide/en/logstash/index.htmllogstash命令接收输入并输出logstash-e‘inputstdinoutputstdout‘其它命令--node.nameNAME-f,--path.configCONFIG_PATH-e,--config.stringCONFIG_STRING 查看详情
Logstash: NoMethodError: 方法 `>=' for nil:NilClass Logstash
】Logstash:NoMethodError:方法`>=\\\'fornil:NilClassLogstash【英文标题】:Logstash:NoMethodError:method`>=’fornil:NilClassLogstashLogstash:NoMethodError:方法`>=\'fornil:NilClassLogstash【发布时间】:2016-06-1314:37:05【问题描述】:这是我的配置文 查看详情
logstash上报数据到elasticsearch(代码片段)
logstash上报数据到elasticsearch前提是已经安装、部署完logstash和elasticsearchWindows安装启动logstash_zhangphil的博客-CSDN博客_logstashwindows安装Windows安装启动logstash(1)下载logstash,下载链接:DownloadLogstashFree|GetStartedN 查看详情
centos7安装logstash(代码片段)
下载建议到官网下载最新版https://www.elastic.co/cn/downloads/logstash本文使用logstash7.0.0https://artifacts.elastic.co/downloads/logstash/logstash-7.0.0.tar.gzwgethttps://artifacts.elastic.co/downloads/logstash/ 查看详情
logstash上报数据到elasticsearch(代码片段)
logstash上报数据到elasticsearch前提是已经安装、部署完logstash和elasticsearchWindows安装启动logstash_zhangphil的博客-CSDN博客_logstashwindows安装Windows安装启动logstash(1)下载logstash,下载链接:DownloadLogstashFree|GetStartedN 查看详情
cron检测并启动logstash(代码片段)
背景线上的logstash总是莫名其妙的挂了,我打算写一个定时任务,一分钟去检查一次logstash进程,不存在时就把它启动步骤编写检测启动脚本让cron定时来调用检测启动脚本1、编写脚本第一次完成是这个样子:#!/usr/bin/envbashpid_blog=... 查看详情
logstash:运用logstash对serviceapi数据进行分析(代码片段)
我记得在之前的文章“Logstash:使用ELK堆栈进行API分析”运用Logstash对一些指标的API进行分析。在今天的练习中,我将展示如何使用Logstash来对一些日志类的ServiceAPI进行分析。我们知道在很多的时候,我们可以很快速... 查看详情
logstash:运用logstash对serviceapi数据进行分析(代码片段)
我记得在之前的文章“Logstash:使用ELK堆栈进行API分析”运用Logstash对一些指标的API进行分析。在今天的练习中,我将展示如何使用Logstash来对一些日志类的ServiceAPI进行分析。我们知道在很多的时候,我们可以很快速... 查看详情
elk实验安装logstash
logstash可以理解为log的采集传输组件老样子第一步下载sudowgethttps://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.tar.gz解压出来sudotar-zxvflogstash-6.2.4.tar.gz编辑一下配置配置ip和日志记录的级别vi/config/logstash.ymlhttp.host:"192. 查看详情
使用filebeat和logstash集中归档日志
方案Filebeat->Logstash->FilesFilebeat->Redis->Logstash->FilesNxlog(Rsyslog、Logstash)->Kafka->Flink(Logstash->ES-Kibana)其他方案(可根据自己需求,选择合适的架构,作者选择了第二种方案)注释: 由于Logstash无法处理输出到文 查看详情