CentOS 安装 Logstash 的详细步骤
环境准备
在开始安装 Logstash 之前,确保您的 CentOS 系统满足以下要求:
- 操作系统:CentOS 7 或更高版本
- 硬件要求:根据实际需求配置
- 软件要求:Java Runtime Environment (JRE) 1.8 或更高版本
安装 Java
Logstash 需要Java运行环境,以下是安装 Java 的步骤:
# 更新软件包 sudo yum update -y # 安装 Java 8 sudo yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel # 验证 Java 版本 java -version
安装依赖
安装 Logstash 所需的一些依赖库:
sudo yum install -y ruby ruby-devel ruby-irb ruby-openssl ruby-json ruby-socket ruby-xml libxslt libxml2 libxml2-devel zlib zlib-devel
安装 Logstash
使用 Yum 包管理器安装 Logstash:
sudo yum install -y logstash
安装完成后,可以通过以下命令查看 Logstash 版本:
logstash --version
配置 Logstash
Logstash 配置文件通常位于 /etc/logstash/ 目录下,以下是一个简单的配置示例:
input {
file {
path => "/path/to/your/input.log"
start_position => "beginning"
}
}
filter {
grok {
match => { "message" => "%{DATE:iso8601} %{NUMBER:count} %{WORD:keyword}" }
}
}
output {
stdout { codec => rubydebug }
} 启动 Logstash
启动 Logstash 服务:
sudo systemctl start logstash
将 Logstash 设置为开机自启:
sudo systemctl enable logstash
测试 Logstash
保存为 /path/to/your/input.log:
2026-04-01 12:00:00 10 hello
2026-04-01 12:05:00 20 world然后运行以下命令查看输出:
logstash -f /etc/logstash/conf.d/your_conf.conf --log.level debug
您应该看到类似以下输出:
2026-04-01 12:00:00.000000000 +0000 [info]: Initializing filter worker: { "id" => "filter_0", "pipeline.id" => "pipeline_1", "pipeline.workers" => 1 }
2026-04-01 12:00:00.000000000 +0000 [info]: Initializing filter worker: { "id" => "filter_1", "pipeline.id" => "pipeline_1", "pipeline.workers" => 1 }
2026-04-01 12:00:00.000000000 +0000 [info]: Initializing output worker: { "id" => "output_0", "pipeline.id" => "pipeline_1", "pipeline.workers" => 1 }
2026-04-01 12:00:00.000000000 +0000 [info]: Initializing output worker: { "id" => "output_1", "pipeline.id" => "pipeline_1", "pipeline.workers" => 1 }
2026-04-01 12:00:00.000000000 +0000 [info]: Initializing pipeline worker: { "id" => "pipeline_1", "pipeline.workers" => 1 }
2026-04-01 12:00:00.000000000 +0000 [info]: pipeline started {"pipeline.id"=>1}
2026-04-01 12:00:00.000000000 +0000 [debug]: Received event:
{
"message" => "2026-04-01 12:00:00 10 hello",
"@version" => "1",
"@timestamp" => "2026-04-01T12:00:00.000Z",
"count" => "10",
"keyword" => "hello"
}
2026-04-01 12:00:00.000000000 +0000 [debug]: Received event:
{
"message" => "2026-04-01 12:05:00 20 world",
"@version" => "1",
"@timestamp" => "2026-04-01T12:05:00.000Z",
"count" => "20",
"keyword" => "world"
}FAQs
Q1: 如何查看 Logstash 的运行状态?
A1: 使用以下命令查看 Logstash 的运行状态:
sudo systemctl status logstash
Q2: Logstash 启动失败,如何查看错误日志?
A2: Logstash 的错误日志通常位于 /var/log/logstash/ 目录下,您可以查看 logstash.log 文件以获取详细信息:
sudo cat /var/log/logstash/logstash.log
【版权声明】:本站所有内容均来自网络,若无意侵犯到您的权利,请及时与我们联系将尽快删除相关内容!
发表回复