logstash(7.9.3)安装参考
1、拉取镜像
2、挂载卷
mkdir /home/vvvv/docker/dockerVolumes/logstash/configmkdir /home/vvvv/docker/dockerVolumes/logstash/pipeline
2.1、config文件配置
vim logstash.yml
config:reload:automatic: trueinterval: 3sxpack:management.enabled: falsemonitoring.enabled: false
vim pipelines.yml
- pipeline.id: logstash_dev # !!!"-"前后都有空格!!!path.config: "/usr/share/logstash/pipeline/logstash_dev.conf" # path是容器内的路径!!!
2.2、pipelines文件配置
vim logstash_dev.conf
input{kafka {bootstrap_servers => "10.6.62.211:9092"topics => ["DIDLIST_caesar_dynamic_data"]client_id => "logstash-0-0"group_id => "logstash"codec => "json"add_field => {"s_index" => "caesar_dynamic_data"}}kafka {bootstrap_servers => "10.6.62.211:9092"topics => ["DIDLIST_caesar_data_bank_make_ios"]client_id => "logstash-0-4"group_id => "logstash"codec => "json"add_field => {"s_index" => "caesar_data_bank_make_ios""[@metadata][b_submeter]" => "true"}}}filter {date {match => ["message","UNIX_MS"]target => "@timestamp"}ruby {code => "event.set('timestamp', event.get('@timestamp').time.localtime + 8*60*60)"}ruby {code => "event.set('@timestamp',event.get('timestamp'))"}mutate {convert => ["timestamp", "string"]gsub => ["timestamp", "T([\S\s]*?)Z", ""]gsub => ["timestamp", "-", "."]}}output {if [@metadata][b_submeter] == "true" {elasticsearch {hosts => ["10.6.62.212:9400"]document_id => "%{id}"index => "%{s_index}_%{timestamp}"}} else {elasticsearch {hosts => ["10.6.62.212:9400"]document_id => "%{id}"index => "%{s_index}"}}}
3、部署容器
# restart:只要docker启动,容器就会跟随启动# privileged=true:解决Docker挂载主机目录Docker访问出现cannot open directory.:Permission denied# -d 后台启动docker run -d --restart=always --privileged=true --name=logstash \-p 5047:5047 -p 9600:9600 \-v /home/vvvv/docker/dockerVolumes/logstash/config/:/usr/share/logstash/config \-v /home/vvvv/docker/dockerVolumes/logstash/pipeline/:/usr/share/logstash/pipeline fc2df485e5c5
4、查看日志
docker logs -tf logtstash
若有收获,就点个赞吧
0 人点赞
