32.5. 部署logstash7.7.0(在主节点上操作)
32.6.1. 下载logstash7.7.0
Logstash 官方下载地址:https://www.elastic.co/cn/downloads/logstash
32.6.2. 解压至安装目录
tar –xvf logstash-7.7.0.tar.gz -C /vmdata/
32.6.3. 修改logstash-sample.conf配置文件
以kafka输入,es输出为例
input {
kafka {
bootstrap_servers => ["kafka1:9092,kafka2:9092,kafka3:9092"]
group_id => "elk-consumer"
auto_offset_reset => "latest"
consumer_threads => 3
decorate_events => true
topics => ["elk_log_info"]
type => "zc"
codec => "json"
max_partition_fetch_bytes => "5242940"
}
}
output {
elasticsearch {
hosts => ["http://es1:9200","http://es2:9200","http://es3:9200"]
index => "zc-logstash-%{+YYYY.MM.dd}"
}
}
32.6.4. 将logstash安装目录授权给es用户
chown –R es:es /vmdata/logstash-7.7.0
32.6.5. 设置开机启动logstash服务
cd /etc/rc.d/init.d
vim logstash
文件内容如下:
#!/bin/bash
#chkconfig: 346 64 38
#description: logstash
#processname:logstash-7.7.0
export JAVA_HOME=/usr/java/jdk1.8.0_181-cloudera
export LOGSTASH_HOME=/vmdata/logstash-7.7.0
case $1 in
start)
su es<<!
cd $LOGSTASH_HOME
nohup ./bin/logstash -f ./config/logstash-sample.conf &
!
echo "logstash is started"
;;
stop)
pid=`netstat -antp|grep 9600|grep -v 'grep 9600'|awk '{print $7}'|awk -F'/' '{print $1}'`
kill -9 $pid
echo "logstash is stopped"
;;
restart)
pid=`netstat -antp|grep 9600|grep -v 'grep 9600'|awk '{print $7}'|awk -F'/' '{print $1}'`
kill -9 $pid
echo "logstash is stopped"
sleep 5
su es<<!
cd $LOGSTASH_HOME
nohup ./bin/logstash -f ./config/logstash-sample.conf &
!
echo "logstash is restarted"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
32.6.6. 修改文件权限
chmod 777 logstash
添加服务并设置启动方式
chkconfig --add logstash
service logstash start
32.6.7. 设置服务是否开机启动
chkconfig logstash on
