Mac 安裝 Logstash 及啟用

Mac 安裝 Logstash 及啟用

本篇說明如何在 Mac 本地建立 Logstash 流程,其他 Linux 相關主機原則上僅差別在安裝步驟,可直接跳到功能設定參考:

在 Mac 本地直接透過 brew 來安裝,在安裝前,要先 tab Elastic Homebrew repository

brew tap elastic/tap

接著,當完成 tab Elastic Homebrew repo,可以透過下方指令安裝 Logstash

brew install elastic/tap/logstash-full

啟動 Logstash 服務

brew services start elastic/tap/logstash-full

使用中心設定功能:

要使用中心設定,需要編輯 logstash.yml,以 Mac Homebrew 為例,可在下方路徑找到 logstash.yml 的檔案:

vim /usr/local/etc/logstash/logstash.yml

使用 Centralized Pipeline management 功能,首先要先將這個配置打開 ```xpack.management.enable:

接著設定:

CVT2HUGO: true```
xpack.management.enabled: true
xpack.management.pipeline.id: ["main", "apache_logs"]

//使用 Elastic cloud ,可開啟監控 (使用 Metricbeat 蒐集 logstash monitoring)
xpack.monitoring.enabled: true
xpack.monitoring.collection.interval: 10s
xpack.monitoring.elasticsearch.cloud_id: monitoring_cluster_id:xxxxxxxxxx
xpack.monitoring.elasticsearch.cloud_auth: logstash_system:password

//自架 Elastic stack 
xpack.management.elasticsearch.username: logstash_admin_user
xpack.management.elasticsearch.password: password
xpack.management.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]

//使用 Elastic cloud
xpack.monitoring.elasticsearch.cloud_id: monitoring_cluster_id:xxxxxxxxxx
xpack.monitoring.elasticsearch.cloud_auth: logstash_system:password


xpack.management.logstash.poll_interval: 5s

如果使用 Elastic cloud logstash pipeline,則需要記得在 User 添加 logstash_admin,

直接透過logstash 命令來啟動

CVT2HUGO: ```logstash_system```,
logstash

CVT2HUGO: logstash_writer

使用本地設定檔案功能:

另外,最簡單的方式則是直接透過本地的 logstash pipeline 來設定,例如 logstash.conf

input {
	tcp {
		port => 5000
	}
	http {
		host => "0.0.0.0"
		port => 8080
		additional_codecs => {"application/json"=>"json"}
		codec => "plain"
		threads => 4
		ssl => false
	}
	# kafka {
	# 	# bootstrap_servers => "xxxxhost:9092,xxxxhost2:9092"
	# 	topics => ["kafka-topic"]
	# }

}
output {
	elasticsearch {
		hosts => "https:es:9243"
		user => "username"
		password => "password"
		index => "indexName"
	}
}

執行 Logstash,這裡會使用 --config.reload.automatic

CVT2HUGO: 自動來 reload 更新設定檔案,只要內容變更就會自動重新載入。
logstash -f logstash.conf --config.reload.automatic

相關參考

https://ithelp.ithome.com.tw/articles/10248584?sc=iThelpR

https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html

https://www.elastic.co/guide/en/logstash/current/input-plugins.html

https://www.elastic.co/guide/en/logstash/current/output-plugins.html

https://www.elastic.co/guide/en/logstash/current/filter-plugins.html