elk工作原理

时间:2024-01-20 11:04:45
这个配置文件,是读取nginx日志写入到redis

zjtest7-redis:/usr/local/logstash-2.3.4/config# cat logstash_agent.conf
input {
file {
type => "nginx_access"
path => ["/usr/local/nginx/logs/test.access.log"]
}
}
output {
redis {
host => "localhost"
data_type => "list"
key => "logstash:redis"
port=>"6379"
password => "1234567"
}
} 这个配置文件是读取本地的redis数据,交给elasticsearch
zjtest7-redis:/usr/local/logstash-2.3.4/config# cat logstash_indexer.conf
input {
redis {
host => "localhost"
data_type => "list"
key => "logstash:redis"
type => "redis-input"
password => "1234567"
port =>"6379"
}
}
output {
elasticsearch {
embedded => false
protocol => "http"
host => "localhost"
port => "9200"
index => "access-%{+YYYY.MM.dd}"
document_type="access"
}
stdout {
codec => rubydebug
}
}