{"id":61999,"date":"2025-04-29T15:52:54","date_gmt":"2025-04-29T07:52:54","guid":{"rendered":"https:\/\/fwq.ai\/blog\/61999\/"},"modified":"2025-04-29T15:52:54","modified_gmt":"2025-04-29T07:52:54","slug":"%e5%a6%82%e4%bd%95%e5%9c%a8linux%e7%8e%af%e5%a2%83%e4%b8%ad%e4%bd%bf%e7%94%a8logstash%e8%bf%9b%e8%a1%8c%e6%97%a5%e5%bf%97%e5%88%86%e6%9e%90%ef%bc%9f-2","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/61999\/","title":{"rendered":"\u5982\u4f55\u5728Linux\u73af\u5883\u4e2d\u4f7f\u7528Logstash\u8fdb\u884c\u65e5\u5fd7\u5206\u6790\uff1f"},"content":{"rendered":"

\u5982\u4f55\u5728\u73af\u5883\u4e2d\u4f7f\u7528logstash\u8fdb\u884c\u65e5\u5fd7\u5206\u6790\uff1f<\/p>\n

Logstash\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u88ab\u5e7f\u6cdb\u7528\u4e8e\u5904\u7406\u548c\u5206\u6790\u5404\u79cd\u7c7b\u578b\u7684\u65e5\u5fd7\u6570\u636e\u3002\u5b83\u53ef\u4ee5\u5f88\u7b80\u5355\u5730\u5c06\u65e5\u5fd7\u6570\u636e\u4ece\u4e0d\u540c\u7684\u6765\u6e90\u6536\u96c6\u3001\u8fc7\u6ee4\u3001\u8f6c\u6362\u548c\u53d1\u9001\u5230\u5404\u79cd\u76ee\u7684\u5730\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728Linux\u73af\u5883\u4e2d\u4f7f\u7528Logstash\u8fdb\u884c\u65e5\u5fd7\u5206\u6790\uff0c\u5e76\u63d0\u4f9b\u4e00\u4e9b\u5e38\u89c1\u7684\u4ee3\u7801\u793a\u4f8b\u3002<\/p>\n

1. \u5b89\u88c5\u548c\u914d\u7f6eLogstash<\/h3>\n

\u5728\u5f00\u59cb\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u5df2\u7ecf\u5728Linux\u73af\u5883\u4e2d\u5b89\u88c5\u4e86Java\u8fd0\u884c\u65f6\u73af\u5883\u3002\u7136\u540e\uff0c\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5\u548c\u914d\u7f6eLogstash\u3002<\/p>\n

    \n
  1. \n

    \u4e0b\u8f7dLogstash\u7684\u538b\u7f29\u5305\u5e76\u89e3\u538b\u5230\u76ee\u6807\u6587\u4ef6\u5939\uff1a<\/p>\n

    wget https:\/\/artifacts.elastic.co\/downloads\/logstash\/logstash-7.10.2.tar.gz\ntar -xzf logstash-7.10.2.tar.gz<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/li>\n
  2. \n
    \u8fdb\u5165\u89e3\u538b\u540e\u7684\u6587\u4ef6\u5939\uff1a<\/p>\n
    cd logstash-7.10.2<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/li>\n
  3. \n
    \u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u914d\u7f6e\u6587\u4ef6logstash.conf\u5e76\u5199\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n
    input {\n  # \u914d\u7f6e\u8f93\u5165\u6e90\uff0c\u5982\u6587\u4ef6\u3001\u7f51\u7edc\u7b49\n  file {\n    path =&gt; \"\/path\/to\/your\/logfile.log\"\n    start_position =&gt; \"beginning\"\n  }\n}\n\nfilter {\n  # \u914d\u7f6e\u8fc7\u6ee4\u5668\uff0c\u6839\u636e\u9700\u6c42\u8fdb\u884c\u8fc7\u6ee4\u548c\u8f6c\u6362\n  grok {\n    match =&gt; { \"message\" =&gt; \"%{COMBINEDAPACHELOG}\" }\n  }\n}\n\noutput {\n  # \u914d\u7f6e\u8f93\u51fa\u76ee\u7684\u5730\uff0c\u5982Elasticsearch\u3001\u6587\u4ef6\u7b49\n  elasticsearch {\n    hosts =&gt; [\"localhost:9200\"]\n    index =&gt; \"mylogs-%{+YYYY.MM.dd}\"\n  }\n}<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    \u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u4e0a\u8ff0\u914d\u7f6e\u6587\u4ef6\u53ea\u662f\u4e00\u4e2a\u7b80\u5355\u7684\u793a\u4f8b\uff0c\u4f60\u53ef\u4ee5\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u8fdb\u884c\u76f8\u5e94\u7684\u4fee\u6539\u548c\u6269\u5c55\u3002<\/p>\n<\/li>\n
  4. \n
    \u542f\u52a8Logstash\uff1a<\/p>\n
    bin\/logstash -f logstash.conf<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    \u786e\u4fddLogstash\u6210\u529f\u542f\u52a8\uff0c\u5e76\u68c0\u67e5\u662f\u5426\u5c06\u65e5\u5fd7\u6570\u636e\u53d1\u9001\u5230\u4e86\u6307\u5b9a\u7684\u76ee\u7684\u5730\u3002<\/p>\n<\/li>\n<\/ol>\n
    2. Logstash\u5e38\u7528\u914d\u7f6e\u793a\u4f8b<\/h3>\n
    \u4e0b\u9762\u662f\u4e00\u4e9b\u5e38\u7528\u7684Logstash\u914d\u7f6e\u793a\u4f8b\uff0c\u7528\u4e8e\u5b9e\u73b0\u4e0d\u540c\u7684\u529f\u80fd\u548c\u5904\u7406\u9700\u6c42\u3002<\/p>\n
    a. \u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u63d0\u53d6\u5173\u952e\u4fe1\u606f<\/strong><\/p>\n
    filter {\n  grok {\n    match =&gt; { \"message\" =&gt; \"%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes}\" }\n  }\n}<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    \u4e0a\u8ff0\u914d\u7f6e\u4f7f\u7528\u4e86\u6b63\u5219\u8868\u8fbe\u5f0f\u6765\u63d0\u53d6\u65e5\u5fd7\u4e2d\u7684IP\u5730\u5740\u3001\u8bf7\u6c42\u65b9\u6cd5\u3001\u8bf7\u6c42\u8def\u5f84\u548c\u6570\u636e\u5927\u5c0f\u7b49\u5173\u952e\u4fe1\u606f\u3002<\/p>\n
    b. \u6dfb\u52a0\u989d\u5916\u7684\u5b57\u6bb5<\/strong><\/p>\n
    filter {\n  mutate {\n    add_field =&gt; { \"environment\" =&gt; \"dev\" }\n  }\n}<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    \u4e0a\u8ff0\u914d\u7f6e\u5c06\u4e00\u4e2a\u540d\u4e3aenvironment\u7684\u989d\u5916\u5b57\u6bb5\u6dfb\u52a0\u5230\u6bcf\u6761\u65e5\u5fd7\u8bb0\u5f55\u4e2d\uff0c\u5e76\u5c06\u5176\u503c\u8bbe\u7f6e\u4e3adev\u3002<\/p>\n
    c. \u5220\u9664\u6307\u5b9a\u5b57\u6bb5<\/strong><\/p>\n
    filter {\n  mutate {\n    remove_field =&gt; [ \"fieldname1\", \"fieldname2\" ]\n  }\n}<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    \u4e0a\u8ff0\u914d\u7f6e\u5c06\u540d\u4e3afieldname1\u548cfieldname2\u7684\u5b57\u6bb5\u4ece\u6bcf\u6761\u65e5\u5fd7\u8bb0\u5f55\u4e2d\u5220\u9664\u3002<\/p>\n
    d. \u8f6c\u6362\u65f6\u95f4\u683c\u5f0f<\/strong><\/p>\n
    filter {\n  date {\n    match =&gt; [ \"timestamp\", \"yyyy-MM-dd HH:mm:ss\" ]\n  }\n}<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    \u4e0a\u8ff0\u914d\u7f6e\u5c06\u540d\u4e3atimestamp\u7684\u5b57\u6bb5\u4e2d\u7684\u65f6\u95f4\u5b57\u7b26\u4e32\u8f6c\u6362\u4e3a\u6307\u5b9a\u7684\u65e5\u671f\u683c\u5f0f\u3002<\/p>\n
    3. \u7ed3\u8bed<\/h3>\n
    Logstash\u662f\u4e00\u4e2a\u529f\u80fd\u5f3a\u5927\u7684\u5de5\u5177\uff0c\u80fd\u591f\u5e2e\u52a9\u6211\u4eec\u5728Linux\u73af\u5883\u4e2d\u5bf9\u65e5\u5fd7\u6570\u636e\u8fdb\u884c\u6536\u96c6\u3001\u8fc7\u6ee4\u3001\u8f6c\u6362\u548c\u53d1\u9001\u7b49\u64cd\u4f5c\u3002\u672c\u6587\u4ecb\u7ecd\u4e86Logstash\u7684\u5b89\u88c5\u548c\u914d\u7f6e\u6b65\u9aa4\uff0c\u5e76\u63d0\u4f9b\u4e86\u4e00\u4e9b\u5e38\u89c1\u7684\u914d\u7f6e\u793a\u4f8b\u3002\u5e0c\u671b\u901a\u8fc7\u672c\u6587\u7684\u4ecb\u7ecd\uff0c\u4f60\u80fd\u5bf9\u5982\u4f55\u5728Linux\u73af\u5883\u4e2d\u4f7f\u7528Logstash\u8fdb\u884c\u65e5\u5fd7\u5206\u6790\u6709\u6240\u4e86\u89e3\u548c\u638c\u63e1\u3002<\/p>\n
    \u4ee5\u4e0a\u5c31\u662f\u5982\u4f55\u5728Linux\u73af\u5883\u4e2d\u4f7f\u7528Logstash\u8fdb\u884c\u65e5\u5fd7\u5206\u6790\uff1f\u7684\u8be6\u7ec6\u5185\u5bb9\uff0c\u66f4\u591a\u8bf7\u5173\u6ce8FDCServers\u5176\u5b83\u76f8\u5173\u6587\u7ae0\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u5982\u4f55\u5728\u73af\u5883\u4e2d\u4f7f\u7528logstash\u8fdb\u884c\u65e5\u5fd7\u5206\u6790\uff1f Logstash\u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u88ab\u5e7f\u6cdb\u7528\u4e8e\u5904\u7406\u548c\u5206\u6790\u5404\u79cd\u7c7b\u578b\u7684\u65e5\u5fd7\u6570\u636e\u3002\u5b83\u53ef\u4ee5\u5f88\u7b80\u5355\u5730\u5c06\u65e5\u5fd7\u6570\u636e\u4ece\u4e0d\u540c\u7684\u6765\u6e90\u6536\u96c6\u3001\u8fc7\u6ee4\u3001\u8f6c\u6362\u548c\u53d1\u9001\u5230\u5404\u79cd\u76ee\u7684\u5730\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728Linux\u73af\u5883\u4e2d\u4f7f\u7528Logstash\u8fdb\u884c\u65e5\u5fd7\u5206\u6790\uff0c\u5e76\u63d0\u4f9b\u4e00\u4e9b\u5e38\u89c1\u7684\u4ee3\u7801\u793a\u4f8b\u3002 1. \u5b89\u88c5\u548c\u914d\u7f6eLogstash \u5728\u5f00\u59cb\u4e4b\u524d\uff0c\u8bf7\u786e\u4fdd\u5df2\u7ecf\u5728Linux\u73af\u5883\u4e2d\u5b89\u88c5\u4e86Java\u8fd0\u884c\u65f6\u73af\u5883\u3002\u7136\u540e\uff0c\u6309\u7167\u4ee5\u4e0b\u6b65\u9aa4\u5b89\u88c5\u548c\u914d\u7f6eLogstash\u3002 \u4e0b\u8f7dLogstash\u7684\u538b\u7f29\u5305\u5e76\u89e3\u538b\u5230\u76ee\u6807\u6587\u4ef6\u5939\uff1a wget https:\/\/artifacts.elastic.co\/downloads\/logstash\/logstash-7.10.2.tar.gz tar -xzf logstash-7.10.2.tar.gz \u767b\u5f55\u540e\u590d\u5236 \u8fdb\u5165\u89e3\u538b\u540e\u7684\u6587\u4ef6\u5939\uff1a cd logstash-7.10.2 \u767b\u5f55\u540e\u590d\u5236 \u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u914d\u7f6e\u6587\u4ef6logstash.conf\u5e76\u5199\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a input { # \u914d\u7f6e\u8f93\u5165\u6e90\uff0c\u5982\u6587\u4ef6\u3001\u7f51\u7edc\u7b49 file { path =&gt; “\/path\/to\/your\/logfile.log” start_position =&gt; “beginning” } } filter { # \u914d\u7f6e\u8fc7\u6ee4\u5668\uff0c\u6839\u636e\u9700\u6c42\u8fdb\u884c\u8fc7\u6ee4\u548c\u8f6c\u6362 grok { match =&gt; { “message” =&gt; “%{COMBINEDAPACHELOG}” } } } output { # \u914d\u7f6e\u8f93\u51fa\u76ee\u7684\u5730\uff0c\u5982Elasticsearch\u3001\u6587\u4ef6\u7b49 elasticsearch { hosts =&gt; [“localhost:9200”] […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-61999","post","type-post","status-publish","format-standard","hentry","category-os"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/61999","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=61999"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/61999\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=61999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=61999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=61999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}