centos7.6部署ELK集群(三)之logstash7.7.0部署
32.5. 部署logstash7.7.0(在主节点上操作) 32.6.1. 下载logstash7.7.0 Logstash 官方下载地址:https://www.elastic.co/cn/downloads/logstash
32.6.2. 解压至安装目录 tar –xvf logstash-7.7.0.tar.gz -C /vmdata/
32.6.3. 修改logstash-sample.conf配置文件 以kafka输入,es输出为例
input {
kafka {
bootstrap_servers => ["kafka1:9092,kafka2:9092,kafka3:9092"]
group_id => "elk-consumer"
auto_offset_reset => "latest"
consumer_threads => 3
decorate_events => true
topics => ["elk_log_info"]
type => "zc"
codec => "json"
max_partition_fetch_bytes => "5242940"
}
}
output {
elasticsearch {
hosts => ["http://es1:9200","http://es2:9200","http://es3:9200"]
index => "zc-logstash-%{+YYYY.MM.dd}"
}
}
32.6.4. 将logstash安装目录授权给es用户 chown –R es:es /vmdata/logstash-7.7.0
32.6.5. 设置开机启动logstash服务 cd /etc/rc.d/init.d vim logstash 文件内容如下:
#!/bin/bash
#chkconfig: 346 64 38
#description: logstash
#processname:logstash-7.7.0
export JAVA_HOME=/usr/java/jdk1.8.0_181-cloudera
export LOGSTASH_HOME=/vmdata/logstash-7.7.0
case $1 in
start)
su es<<!
cd $LOGSTASH_HOME
nohup ./bin/logstash -f ./config/logstash-sample.conf &
!
echo "logstash is started"
;;
stop)
pid=`netstat -antp|grep 9600|grep -v grep 9600|awk {print $7}|awk -F/ {print $1}`
kill -9 $pid
echo "logstash is stopped"
;;
restart)
pid=`netstat -antp|grep 9600|grep -v grep 9600|awk {print $7}|awk -F/ {print $1}`
kill -9 $pid
echo "logstash is stopped"
sleep 5
su es<<!
cd $LOGSTASH_HOME
nohup ./bin/logstash -f ./config/logstash-sample.conf &
!
echo "logstash is restarted"
;;
*)
echo "start|stop|restart"
;;
esac
exit 0
32.6.6. 修改文件权限 chmod 777 logstash 添加服务并设置启动方式 chkconfig --add logstash service logstash start 32.6.7. 设置服务是否开机启动 chkconfig logstash on
