logstash-Windows下安装

准备：

安装jdk并配置环境变量

1.下载zip安装包

https://www.elastic.co/cn/downloads/logstash 选择zip包下载

2.解压logstash-5.6.1.zip

3.启动

进入安装目录 \elk\logstash-5.6.1\bin

logstash -e 'input { stdin { } } output { stdout {} }'

看到Successfully started Logstash API endpoint {:port=>9600} 启动成功。

若启动失败，报错日志查看目录如下：elk\logstash-5.6.1\logs\logstash-plain.log

4.测试

在控制台输入 helloworld

返回：

2017-09-20T06:03:52.516Z WDD-PC helloworld

ctrl+c 终止批处理操作吗？（Y/N）选择Y 

logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } }'

启动失败。

查看报错日志

[2017-09-20T14:06:25,432][ERROR][logstash.agent           ] Cannot create pipeline {:reason=>"Expected one of #, => at line 1, column 45 (byte 45) after output { stdout { codec "}

我在网上找了原因，有个帖子说是可能是windows字符集的问题，也没给出解决方案。尝试把单引号改成双引号

logstash -e "input { stdin { } } output { stdout { codec => rubydebug } }"

启动成功。我也不是很明白，有明白原因的小伙伴请告知。

在控制台输入 test again 回车

控制台返回：

{
      "@version" => "1",
          "host" => "WDD-PC",
    "@timestamp" => 2017-09-20T06:10:26.104Z,
       "message" => "test again\r"
}

5.设置Logstash作为Elasticsearch的后端

前一篇已完成Elasticsearch的安装

现在重新启动Logstash

logstash -e "input { stdin { } } output { elasticsearch { hosts => localhost } }"

启动成功后

控制台输入

something

访问 http://localhost:9200/_search?pretty测试是否接受到了数据

返回如下格式。（我输入了 三组）

{
  "took" : 9,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 3,
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "logstash-2017.09.20",
        "_type" : "logs",
        "_id" : "AV6d7upvk0suU6xbiPtf",
        "_score" : 1.0,
        "_source" : {
          "@version" : "1",
          "host" : "WDD-PC",
          "@timestamp" : "2017-09-20T06:17:14.059Z",
          "message" : "something\r"
        }
      },
      {
        "_index" : "logstash-2017.09.20",
        "_type" : "logs",
        "_id" : "AV6d2rP0k0suU6xbiPtc",
        "_score" : 1.0,
        "_source" : {
          "@version" : "1",
          "host" : "WDD-PC",
          "@timestamp" : "2017-09-20T05:55:09.417Z",
          "message" : "msgs\r"
        }
      },
      {
        "_index" : "logstash-2017.09.20",
        "_type" : "logs",
        "_id" : "AV6d2fNIk0suU6xbiPtb",
        "_score" : 1.0,
        "_source" : {
          "@version" : "1",
          "host" : "WDD-PC",
          "@timestamp" : "2017-09-20T05:54:19.466Z",
          "message" : "you know\r"
        }
      }
    ]
  }
}