拉取镜像
docker pull logstash:7.17.13初始化配置
docker run -d --name logstash -p 5044:5044 logstash:7.17.13
mkdir -p /data/logstash/{config,data,pipeline}
docker cp logstash:/usr/share/logstash/config/. /data/logstash/config && \
docker cp logstash:/usr/share/logstash/pipeline/. /data/logstash/pipeline && \
docker cp logstash:/usr/share/logstash/data/. /data/logstash/data
docker stop logstash && docker rm logstashdata目录必须有可写权限
chmod -R 777 /data/logstash/{config,data,pipeline}编辑配置
vi /data/logstash/config/logstash.yml
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "password"如要降低内存占用,可调如下
vi /data/logstash/config/jvm.options
-Xms512m
-Xmx512m管道过滤配置(待详解)
vi /data/logstash/pipeline/logstash.conf
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 5044
codec => json_lines
}
}
output {
elasticsearch {
hosts => ["http://124.221.147.235:9200"]
user => elastic
password => 123456
index => "logs-%{+YYYY.MM}"
codec => "json"
}
stdout {
codec => rubydebug
}
}运行容器
docker run -d --name logstash \
--restart=always \
-p 5044:5044 \
-p 9600:9600 \
-v /data/logstash/config:/usr/share/logstash/config \
-v /data/logstash/pipeline:/usr/share/logstash/pipeline \
-v /data/logstash/data:/usr/share/logstash/data \
logstash:7.17.13作者:admin 创建时间:2024-06-17 16:36
最后编辑:admin 更新时间:2024-06-17 16:39
最后编辑:admin 更新时间:2024-06-17 16:39
