1、下载 logstash-5.2.2.tar.gz
2、解压tar -zxvf logstash-5.2.2.tar.gzcd logstash-5.2.2
3、修改 jvm heap 大小/opt/logstash/logstash-5.2.2/config/jvm.options
4、创建log4j_to_es.conf,内容如下:
# For detail structure of this file # Set: https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html input { # For detail config for log4j as input, # See: https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html log4j { mode => "server" host => "0.0.0.0" port => 4567 type => "log4j" } } filter { #Only matched data are send to output. mutate{ remove_field => "class" remove_field => "path" remove_field => "timestamp" remove_field => "@version" } } output { # For detail config for elasticsearch as output, # See: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html elasticsearch { action => "index" #The operation on ES hosts => "127.0.0.1:9200" #ElasticSearch host, can be array. index => "%{type}-%{+YYYY-MM-dd}" #The index to write data to, can be any string. } stdout{ codec => rubydebug{} } }
5、后台启动运行 nohup ./logstash -f ../config/log4j_to_es.conf &
