elkstack_logstash

Overview

Logstash is generally used to collect information about logs. It can collect the data locally or from beat engine as we can configure it, but firstly let's install it :)

Logstash

Feel free to download the latest (6.3.1, however I don't like 6.3 since a lot of features of x-pack are paid :) ) So let's download 6.2.4

Download

1
2
3
4
5
6
7
8
9
10
11
12
13
root@dokuwiki ~]# wget https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm
--2018-07-17 19:32:32--  https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.rpm
Resolving artifacts.elastic.co... 54.235.82.130, 107.21.237.95, 107.21.253.15, ...
Connecting to artifacts.elastic.co|54.235.82.130|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 148204622 (141M) [binary/octet-stream]
Saving to: “logstash-6.2.4.rpm”
 
100%[============================================================================================================================================================================================================>] 148,204,622 36.2M/s   in 5.0s   
 
2018-07-17 19:32:38 (28.2 MB/s) - “logstash-6.2.4.rpm” saved [148204622/148204622]
 
[root@dokuwiki ~]#

Install

1
2
3
4
5
6
[root@dokuwiki ~]# rpm -Uvh logstash-6.2.4.rpm
Preparing...                ########################################### [100%]
   1:logstash               ########################################### [100%]
Using provided startup.options file: /etc/logstash/startup.options
Successfully created system startup script for Logstash
[root@dokuwiki ~]#

Configuration

1
2
3
4
5
6
http.host: "IP"
xpack.monitoring.elasticsearch.url: ["http://IP:PORT"]
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "password3"
 
path.config: /etc/logstash/pipeline

Install X-PACK

1
2
3
4
5
6
[root@dokuwiki bin]# /usr/share/logstash/bin/logstash-plugin install x-poack
^C[root@dokuwiki bin]# /usr/share/logstash/bin/logstash-plugin install x-pack
Downloading file: https://artifacts.elastic.co/downloads/logstash-plugins/x-pack/x-pack-6.2.4.zip
Downloading [=============================================================] 100%
Installing file: /tmp/studtmp-4e494ad4d8b5384eaf52f4bd3e10fcdf33e38a7f56979511c1701a72cf9b/x-pack-6.2.4.zip
Install successful

Start Logstash

1
2
3
[root@dokuwiki bin]# ./logstash --path.settings /etc/logstash/
Sending Logstash's logs to /usr/share/logstash/logs which is now configured via log4j2.properties
[root@dokuwiki bin]#

  • elkstack_logstash.txt
  • Last modified: 2019/10/18 20:04
  • by 127.0.0.1