一、下载地址
官网:https://www.elastic.co/cn/downloads/logstash
百度云盘:
二、安装
tar zxvf logstash-6.2.1.tar.gz mv logstash-6.2.1 logstash
配置文件(配置文件放哪个目录都可以,在启动Logstash时可以指定配置文件位置)
vi k_es.conf
input{ kafka { bootstrap_servers => "10.10.6.225:9092" #kafka服务器地址,不是zookeeper client_id => "test" auto_offset_reset => "latest" consumer_threads => 5 decorate_events => true topics => ["test"] #控制kafka哪个topic,可以多个用逗号分割 codec => "json" } } filter{ json { source => "message" remove_field=>["message","beat","@version"] #删除没用的属性 add_field =>["customize","自定义字段"] #增加属性 } } output { elasticsearch { hosts => "localhost:9200" index => "logstash-nginxacclog-%{+YYYY.MM.dd}" #放到elasticsearch哪个index中 } }
启动(到bin目录下)
./logstash -f k_es.conf