Ifihan
Lakoko ti a nfi eto miiran ranṣẹ, a dojuko iwulo lati ṣe ilana nọmba nla ti awọn iwe-ipamọ oriṣiriṣi. ELK ti yan bi ọpa. Nkan yii yoo jiroro iriri wa ni siseto akopọ yii.
A ko ṣeto ibi-afẹde kan lati ṣapejuwe gbogbo awọn agbara rẹ, ṣugbọn a fẹ lati dojukọ pataki lori yanju awọn iṣoro to wulo. Eyi jẹ nitori otitọ pe botilẹjẹpe iye iwe-ipamọ ti o tobi pupọ wa ati awọn aworan ti a ti ṣetan, ọpọlọpọ awọn ipalara wa, o kere ju a rii wọn.
A ran awọn akopọ nipasẹ docker-compose. Pẹlupẹlu, a ni docker-compose.yml ti a kọ daradara, eyiti o fun wa laaye lati gbe akopọ naa fẹrẹ laisi awọn iṣoro. Ati pe o dabi fun wa pe iṣẹgun ti sunmọ tẹlẹ, ni bayi a yoo tweak diẹ lati ba awọn iwulo wa jẹ ati pe iyẹn.
Laanu, igbiyanju lati tunto eto lati gba ati ilana awọn igbasilẹ lati inu ohun elo wa ko ṣaṣeyọri lẹsẹkẹsẹ. Nitorinaa, a pinnu pe o tọ lati kawe paati kọọkan lọtọ, ati lẹhinna pada si awọn asopọ wọn.
Nitorinaa, a bẹrẹ pẹlu logstash.
Ayika, imuṣiṣẹ, nṣiṣẹ Logstash ninu apoti kan
Fun imuṣiṣẹ a lo docker-compose; awọn idanwo ti a ṣalaye nibi ni a ṣe lori MacOS ati Ubuntu 18.0.4.
Aworan logstash ti o forukọsilẹ ni docker-compose.yml atilẹba wa jẹ docker.elastic.co/logstash/logstash:6.3.2
A yoo lo fun awọn idanwo.
A kowe lọtọ docker-compose.yml lati ṣiṣẹ logstash. Nitoribẹẹ, o ṣee ṣe lati ṣe ifilọlẹ aworan naa lati laini aṣẹ, ṣugbọn a n yanju iṣoro kan pato, nibiti a ti ṣiṣẹ ohun gbogbo lati docker-compose.
Ni soki nipa awọn faili iṣeto ni
Gẹgẹbi atẹle lati apejuwe, logstash le ṣee ṣiṣẹ boya fun ikanni kan, ninu eyiti o nilo lati kọja faili * .conf, tabi fun awọn ikanni pupọ, ninu eyiti o nilo lati kọja faili pipelines.yml, eyiti, ni ọna , yoo sopọ si awọn faili .conf fun ikanni kọọkan.
A gba ọna keji. O dabi enipe si wa diẹ gbogbo agbaye ati iwọn. Nitorina, a ṣẹda pipelines.yml, o si ṣe itọnisọna pipelines ninu eyiti a yoo fi awọn faili .conf fun ikanni kọọkan.
Ninu apo eiyan naa faili iṣeto miiran wa - logstash.yml. A ko fi ọwọ kan, a lo bi o ṣe jẹ.
Nitorinaa, ilana ilana wa:
Lati gba data titẹ sii, fun bayi a ro pe eyi ni tcp lori ibudo 5046, ati fun iṣelọpọ a yoo lo stdout.
Eyi ni iṣeto ti o rọrun fun ifilọlẹ akọkọ. Nitoripe iṣẹ akọkọ ni lati ṣe ifilọlẹ.
Nitorina, a ni docker-compose.yml
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
Kini a ri nibi?
- Awọn nẹtiwọọki ati awọn ipele ni a mu lati docker-compose.yml atilẹba (eyiti o ti ṣe ifilọlẹ gbogbo akopọ) ati pe Mo ro pe wọn ko ni ipa pupọ lori aworan gbogbogbo nibi.
- A ṣẹda awọn iṣẹ logstash kan lati docker.elastic.co/logstash/logstash:6.3.2 aworan ati fun lorukọ logstash_one_channel.
- A firanṣẹ ibudo 5046 inu apo eiyan si ibudo inu kanna.
- A ṣe maapu faili iṣeto paipu wa ./config/pipelines.yml si faili /usr/share/logstash/config/pipelines.yml inu apo eiyan, nibiti logstash yoo gbe e soke ki o jẹ ki o ka-nikan, o kan ni irú.
- A ṣe maapu ./config/pipelines liana, nibiti a ti ni awọn faili pẹlu awọn eto ikanni, sinu / usr/share/logstash/config/pipelines liana ati ki o tun jẹ ki o ka-nikan.
Pipelines.yml faili
- pipeline.id: HABR
pipeline.workers: 1
pipeline.batch.size: 1
path.config: "./config/pipelines/habr_pipeline.conf"
Ikanni kan pẹlu idamọ HABR ati ọna si faili iṣeto ni a ṣe apejuwe nibi.
Ati nikẹhin faili naa “./config/pipelines/habr_pipeline.conf”
input {
tcp {
port => "5046"
}
}
filter {
mutate {
add_field => [ "habra_field", "Hello Habr" ]
}
}
output {
stdout {
}
}
Jẹ ki a ma lọ sinu apejuwe rẹ fun bayi, jẹ ki a gbiyanju lati ṣiṣẹ:
docker-compose up
Kini a ri?
Apoti naa ti bẹrẹ. A le ṣayẹwo iṣẹ rẹ:
echo '13123123123123123123123213123213' | nc localhost 5046
Ati pe a rii idahun ninu console eiyan:
Ṣugbọn ni akoko kanna, a tun rii:
logstash_one_channel | [2019-04-29T11:28:59,790][ERROR][logstash.licensechecker.licensereader] Ko le gba alaye iwe-aṣẹ gba lati ọdọ olupin iwe-aṣẹ {: ifiranṣẹ =>“Elasticsearch Unreachable: [http://elasticsearch:9200/] [Manticore] :: Ikuna ipinnu] wiwa rirọ",...
logstash_one_channel | [2019-04-29T11:28:59,894] [INFO] [logstash.pipeline ] Pipeline bẹrẹ ni aṣeyọri {:pipeline_id=>".monitoring-logstash",:thread=>"# "}
logstash_one_channel | [2019-04-29T11:28:59,988] [INFO] [logstash.agent ] Pipelines nṣiṣẹ {: count=>2, : running_pipelines=>[:HABR, :".monitoring-logstash"], :non_running_pipelines=>[ ]}
logstash_one_channel | [2019-04-29T11:29:00,015][ERROR][logstash.inputs.metrics] X-Pack ti wa ni fifi sori Logstash ṣugbọn kii ṣe lori Elasticsearch. Jọwọ fi X-Pack sori ẹrọ lori Elasticsearch lati lo ẹya ibojuwo. Awọn ẹya miiran le wa.
logstash_one_channel | [2019-04-29T11:29:00,526][INFO]][logstash.agent ] Ni aṣeyọri bẹrẹ Logstash API ipari aaye {:port=>9600}
logstash_one_channel | [2019-04-29T11:29:04,478] [INFO] [logstash.outputs.elasticsearch] Ṣiṣe ayẹwo ilera lati rii boya asopọ Elasticsearch kan n ṣiṣẹ {:healthcheck_url=>http://elasticsearch:9200/, :pana=> "/"}
logstash_one_channel | [2019-04-29T11:29:04,487] [KILO] [logstash.outputs.elasticsearch] Gbiyanju lati ji asopọ dide si apẹẹrẹ ES ti o ku, ṣugbọn o ni aṣiṣe kan. {:url=>": 9200/", : error_type => LogStash :: Awọn esi :: ElasticSearch :: HttpClient :: Pool :: HostUnreachableError : aṣiṣe = "Elasticsearch Unreachable: [http://elasticsearch:9200/] [Manticore :: ResolutionFailure] elasticsearch"}
logstash_one_channel | [2019-04-29T11:29:04,704] [INFO] [logstash.licensechecker.licensereader] Ṣiṣe ayẹwo ilera lati rii boya asopọ Elasticsearch kan n ṣiṣẹ {:healthcheck_url=>http://elasticsearch:9200/, :path=> "/"}
logstash_one_channel | [2019-04-29T11:29:04,710] [KILO] [logstash.licensechecker.licensereader] Gbiyanju lati ji asopọ dide si apẹẹrẹ ES ti o ku, ṣugbọn o ni aṣiṣe kan. {:url=>": 9200/", : error_type => LogStash :: Awọn esi :: ElasticSearch :: HttpClient :: Pool :: HostUnreachableError : aṣiṣe = "Elasticsearch Unreachable: [http://elasticsearch:9200/] [Manticore :: ResolutionFailure] elasticsearch"}
Ati pe akọọlẹ wa ti nrakò ni gbogbo igba.
Nibi Mo ti ṣe afihan ni alawọ ewe ifiranṣẹ ti opo gigun ti epo ti ṣe ifilọlẹ ni aṣeyọri, ni pupa ifiranṣẹ aṣiṣe ati ni ofeefee ifiranṣẹ nipa igbiyanju lati kan si : 9200.
Eyi ṣẹlẹ nitori logstash.conf, ti o wa ninu aworan, ni ayẹwo kan fun wiwa elasticsearch. Lẹhinna, logstash dawọle pe o ṣiṣẹ bi apakan ti akopọ Elk, ṣugbọn a yapa.
O ṣee ṣe lati ṣiṣẹ, ṣugbọn kii ṣe rọrun.
Ojutu ni lati mu ayẹwo yii ṣiṣẹ nipasẹ oniyipada ayika XPACK_MONITORING_ENABLED.
Jẹ ki a ṣe iyipada si docker-compose.yml ki o tun ṣiṣẹ lẹẹkansi:
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
Bayi, ohun gbogbo dara. Eiyan ti šetan fun awọn adanwo.
A le tẹ lẹẹkansi ni console atẹle:
echo '13123123123123123123123213123213' | nc localhost 5046
Ati ki o wo:
logstash_one_channel | {
logstash_one_channel | "message" => "13123123123123123123123213123213",
logstash_one_channel | "@timestamp" => 2019-04-29T11:43:44.582Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "host" => "gateway",
logstash_one_channel | "port" => 49418
logstash_one_channel | }
Ṣiṣẹ laarin ọkan ikanni
Nitorina a ṣe ifilọlẹ. Bayi o le gba akoko gangan lati tunto logstash funrararẹ. Jẹ ki a ko fi ọwọ kan faili pipelines.yml fun bayi, jẹ ki a wo ohun ti a le gba nipa ṣiṣẹ pẹlu ikanni kan.
Mo gbọdọ sọ pe ilana gbogbogbo ti ṣiṣẹ pẹlu faili iṣeto ikanni jẹ apejuwe daradara ninu iwe-aṣẹ osise, nibi
Ti o ba fẹ ka ni Russian, a lo eyi (ṣugbọn sintasi ibeere ti o wa ni atijọ, a nilo lati ṣe akiyesi eyi).
Jẹ ki a lọ lẹsẹsẹ lati apakan Input. A ti rii iṣẹ tẹlẹ lori TCP. Kini ohun miiran le jẹ awon nibi?
Idanwo awọn ifiranṣẹ nipa lilo heartbeat
Iru aye ti o nifẹ si wa lati ṣe ipilẹṣẹ awọn ifiranṣẹ idanwo adaṣe.
Lati ṣe eyi, o nilo lati mu ohun itanna heartbean ṣiṣẹ ni apakan titẹ sii.
input {
heartbeat {
message => "HeartBeat!"
}
}
Tan-an, bẹrẹ gbigba ni ẹẹkan ni iṣẹju kan
logstash_one_channel | {
logstash_one_channel | "@timestamp" => 2019-04-29T13:52:04.567Z,
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "HeartBeat!",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "host" => "a0667e5c57ec"
logstash_one_channel | }
Ti a ba fẹ lati gba diẹ sii nigbagbogbo, a nilo lati ṣafikun paramita aarin.
Eyi ni bii a yoo ṣe gba ifiranṣẹ ni gbogbo iṣẹju-aaya 10.
input {
heartbeat {
message => "HeartBeat!"
interval => 10
}
}
Ngba data pada lati faili kan
A tun pinnu lati wo ipo faili naa. Ti o ba ṣiṣẹ daradara pẹlu faili naa, lẹhinna boya ko si oluranlowo ti o nilo, o kere ju fun lilo agbegbe.
Gẹgẹbi apejuwe naa, ipo iṣẹ yẹ ki o jẹ iru si iru -f, i.e. ka awọn laini titun tabi, bi aṣayan kan, ka gbogbo faili naa.
Nitorina kini a fẹ lati gba:
- A fẹ lati gba awọn laini ti o fi kun si faili log kan.
- A fẹ lati gba data ti a kọ si ọpọlọpọ awọn faili log, lakoko ti o ni anfani lati ya ohun ti o gba lati ibiti.
- A fẹ lati rii daju pe nigbati logstash ti tun bẹrẹ, ko gba data yii lẹẹkansi.
- A fẹ lati ṣayẹwo pe ti logstash ba wa ni pipa, ati pe data tẹsiwaju lati kọ si awọn faili, lẹhinna nigba ti a ba ṣiṣẹ, a yoo gba data yii.
Lati ṣe idanwo naa, jẹ ki a ṣafikun laini miiran si docker-compose.yml, ṣiṣi itọsọna ninu eyiti a fi awọn faili sii.
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
- ./logs:/usr/share/logstash/input
Ki o si yi apakan igbewọle pada ni habr_pipeline.conf
input {
file {
path => "/usr/share/logstash/input/*.log"
}
}
Jẹ ká bẹrẹ:
docker-compose up
Lati ṣẹda ati kọ awọn faili log a yoo lo aṣẹ naa:
echo '1' >> logs/number1.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:28:53.876Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log"
logstash_one_channel | }
Bẹẹni, o ṣiṣẹ!
Ni akoko kanna, a rii pe a ti ṣafikun aaye aaye laifọwọyi. Eyi tumọ si pe ni ọjọ iwaju, a yoo ni anfani lati ṣe àlẹmọ awọn igbasilẹ nipasẹ rẹ.
Jẹ ki a gbiyanju lẹẹkansi:
echo '2' >> logs/number1.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:28:59.906Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "2",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log"
logstash_one_channel | }
Ati nisisiyi si faili miiran:
echo '1' >> logs/number2.log
{
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "@timestamp" => 2019-04-29T14:29:26.061Z,
logstash_one_channel | "@version" => "1",
logstash_one_channel | "message" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number2.log"
logstash_one_channel | }
Nla! A ti gbe faili naa, ọna ti wa ni pato ni deede, ohun gbogbo dara.
Duro logstash ki o bẹrẹ lẹẹkansi. Jẹ ki a duro. Fi ipalọlọ. Awon. A ko gba awọn igbasilẹ wọnyi lẹẹkansi.
Ati nisisiyi idanwo ti o daring julọ.
Fi logstash sori ẹrọ ati ṣiṣẹ:
echo '3' >> logs/number2.log
echo '4' >> logs/number1.log
Ṣiṣe logstash lẹẹkansi ki o wo:
logstash_one_channel | {
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "3",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number2.log",
logstash_one_channel | "@timestamp" => 2019-04-29T14:48:50.589Z
logstash_one_channel | }
logstash_one_channel | {
logstash_one_channel | "host" => "ac2d4e3ef70f",
logstash_one_channel | "habra_field" => "Hello Habr",
logstash_one_channel | "message" => "4",
logstash_one_channel | "@version" => "1",
logstash_one_channel | "path" => "/usr/share/logstash/input/number1.log",
logstash_one_channel | "@timestamp" => 2019-04-29T14:48:50.856Z
logstash_one_channel | }
Hooray! Ohun gbogbo ti gbe soke.
Sugbon a gbodo kilo o nipa awọn wọnyi. Ti eiyan logstash ba ti paarẹ (docker stop logstash_one_channel && docker rm logstash_one_channel), lẹhinna ko si nkankan ti yoo gbe. Ipo faili ti o to eyiti o ti ka ni a ti fipamọ sinu apoti naa. Ti o ba ṣiṣẹ lati ibere, yoo gba awọn ila tuntun nikan.
Kika awọn faili to wa tẹlẹ
Jẹ ki a sọ pe a n ṣe ifilọlẹ logstash fun igba akọkọ, ṣugbọn a ti ni awọn akọọlẹ tẹlẹ ati pe a yoo fẹ lati ṣe ilana wọn.
Ti a ba ṣiṣẹ logstash pẹlu apakan titẹ sii ti a lo loke, a kii yoo gba ohunkohun. Awọn laini tuntun nikan ni yoo ṣiṣẹ nipasẹ logstash.
Ni ibere fun awọn laini lati awọn faili ti o wa tẹlẹ lati fa soke, o yẹ ki o ṣafikun laini afikun si apakan titẹ sii:
input {
file {
start_position => "beginning"
path => "/usr/share/logstash/input/*.log"
}
}
Pẹlupẹlu, nuance kan wa: eyi nikan kan awọn faili tuntun ti logstash ko tii rii. Fun awọn faili kanna ti o wa tẹlẹ ni aaye wiwo ti logstash, o ti ranti iwọn wọn tẹlẹ ati pe yoo gba awọn titẹ sii tuntun nikan ninu wọn.
Jẹ ki a duro nihin ki a ṣe iwadi apakan titẹ sii. Awọn aṣayan pupọ tun wa, ṣugbọn iyẹn to fun wa fun awọn idanwo siwaju fun bayi.
Ipa-ọna ati Iyipada Data
Jẹ ki a gbiyanju lati yanju iṣoro wọnyi, jẹ ki a sọ pe a ni awọn ifiranṣẹ lati ikanni kan, diẹ ninu wọn jẹ alaye, ati diẹ ninu awọn ifiranṣẹ aṣiṣe. Wọn yatọ nipasẹ tag. Diẹ ninu jẹ ALAYE, awọn miiran jẹ aṣiṣe.
A nilo lati ya wọn sọtọ ni ijade. Awon. A kọ awọn ifiranṣẹ alaye ni ikanni kan, ati awọn ifiranṣẹ aṣiṣe ni omiiran.
Lati ṣe eyi, gbe lati abala titẹ sii lati ṣe àlẹmọ ati jade.
Lilo apakan àlẹmọ, a yoo sọ ifiranṣẹ ti nwọle, gbigba hash (awọn orisii iye bọtini) lati ọdọ rẹ, eyiti a le ṣiṣẹ pẹlu tẹlẹ, ie. Tutu ni ibamu si awọn ipo. Ati ni apakan abajade, a yoo yan awọn ifiranṣẹ ati firanṣẹ kọọkan si ikanni tirẹ.
Ntọka ifiranṣẹ pẹlu grk
Lati le ṣagbe awọn gbolohun ọrọ ọrọ ati gba awọn aaye ti awọn aaye lati ọdọ wọn, ohun itanna pataki kan wa ni apakan àlẹmọ - grk.
Laisi ṣeto ara mi ni ibi-afẹde ti fifun alaye alaye rẹ nibi (fun eyi Mo tọka si ), Emi yoo fun apẹẹrẹ ti o rọrun mi.
Lati ṣe eyi, o nilo lati pinnu lori ọna kika ti awọn okun titẹ sii. Mo ni wọn bi eleyi:
1 Ifiranṣẹ ALAYE1
2 Aṣiṣe ifiranṣẹ2
Awon. Idanimọ wa ni akọkọ, lẹhinna INFO/ERROR, lẹhinna ọrọ diẹ laisi awọn alafo.
Ko ṣoro, ṣugbọn o to lati ni oye ilana ti iṣiṣẹ.
Nitorinaa, ni apakan àlẹmọ ti ohun itanna grk, a gbọdọ ṣalaye apẹrẹ kan fun sisọ awọn okun wa.
Yoo dabi eyi:
filter {
grok {
match => { "message" => ["%{INT:message_id} %{LOGLEVEL:message_type} %{WORD:message_text}"] }
}
}
Ni pataki o jẹ ikosile deede. Awọn ilana ti a ti ṣetan ni a lo, gẹgẹbi INT, LOGLEVEL, ỌRỌ. Apejuwe wọn, ati awọn ilana miiran, ni a le rii nibi
Bayi, gbigbe nipasẹ àlẹmọ yii, okun wa yoo yipada si hash ti awọn aaye mẹta: message_id, message_type, message_text.
Won yoo wa ni afihan ni awọn wu apakan.
Awọn ifiranšẹ ipa-ọna si apakan iṣẹjade nipa lilo pipaṣẹ ti o ba jẹ
Ni apakan abajade, bi a ṣe ranti, a yoo pin awọn ifiranṣẹ si awọn ṣiṣan meji. Diẹ ninu - eyiti o jẹ iNFO, yoo jade si console, ati pẹlu awọn aṣiṣe, a yoo jade si faili kan.
Bawo ni a ṣe le ya awọn ifiranṣẹ wọnyi sọtọ? Awọn majemu ti awọn isoro tẹlẹ ni imọran a ojutu - lẹhin ti gbogbo, a tẹlẹ ni a ifiṣootọ message_type aaye, eyi ti o le nikan gba meji iye: INFO ati aṣiṣe. O jẹ lori ipilẹ yii pe a yoo ṣe yiyan nipa lilo alaye ti o ba jẹ.
if [message_type] == "ERROR" {
# Здесь выводим в файл
} else
{
# Здесь выводим в stdout
}
Apejuwe ti ṣiṣẹ pẹlu awọn aaye ati awọn oniṣẹ le ṣee ri ni yi apakan .
Bayi, nipa ipari gangan funrararẹ.
Ijade console, ohun gbogbo han gbangba nibi - stdout {}
Ṣugbọn abajade si faili kan - ranti pe a nṣiṣẹ gbogbo eyi lati inu eiyan kan ati pe ki faili ninu eyiti a kọ abajade lati wa lati ita, a nilo lati ṣii itọsọna yii ni docker-compose.yml.
Lapapọ:
Abala iṣẹjade ti faili wa dabi eyi:
output {
if [message_type] == "ERROR" {
file {
path => "/usr/share/logstash/output/test.log"
codec => line { format => "custom format: %{message}"}
}
} else
{stdout {
}
}
}
Ni docker-compose.yml a ṣafikun iwọn didun miiran fun iṣelọpọ:
version: '3'
networks:
elk:
volumes:
elasticsearch:
driver: local
services:
logstash:
container_name: logstash_one_channel
image: docker.elastic.co/logstash/logstash:6.3.2
networks:
- elk
environment:
XPACK_MONITORING_ENABLED: "false"
ports:
- 5046:5046
volumes:
- ./config/pipelines.yml:/usr/share/logstash/config/pipelines.yml:ro
- ./config/pipelines:/usr/share/logstash/config/pipelines:ro
- ./logs:/usr/share/logstash/input
- ./output:/usr/share/logstash/output
A ṣe ifilọlẹ, gbiyanju rẹ, ati rii pipin si awọn ṣiṣan meji.
orisun: www.habr.com