docker搭建ELK日志采集系统(四)
环境:
| 服务器 | 系统 | IP | 掩码 |
| elk | centos 7 | 10.99.101.232 | 255.255.255.0 |
四、logstash输入日志文件输出到elasticsearch
#进入container
docker exec -it logstash /bin/bash
#建立测试文件
bash-4.2$ mkdir /usr/share/logstash/logtest
bash-4.2$ cd /usr/share/logstash/logtest/
bash-4.2$ touch messages
bash-4.2$ chmod 644 /usr/share/logstash/logtest/messages
bash-4.2$ exit
#退出container
#编辑日志文件 input
vi /home/elk/logstashconfig/logstash.conf
input {
tcp {
port => 5044
codec => "plain"
}
file {
path => "/usr/share/logstash/logtest/messages"
type => "systemlog"
start_position => "beginning"
stat_interval => "3"
}
}
filter{
}
output {
# 这个是logstash的控制台打印(进行安装调试的开启,稍后成功后去掉这个配置即可)
stdout {
codec => rubydebug
}
# elasticsearch配置
elasticsearch {
hosts => ["10.99.101.232:9200"]
index => "system-log-%{+YYYY.MM.dd}"
}
}
#重启container
docker restart logstashkibana添加索引模式
#进入container 添加message l信息 docker exec -it logstash /bin/bash bash-4.2$ echo test2 >> messages bash-4.2$ echo test3 >> messages bash-4.2$ echo test4 >> messages bash-4.2$ echo test5 >> messages bash-4.2$ echo test6 >> messages
在kibana查看数据
