有了操作logstash的单机经验之后,对其有了大致了解.不满足.
然后.
如何直接用命令行的方式.也是手动输入的方式.将数据写到ES里面去.
将语法稍微变通一下即可。 logstash -e 'inpu
t { stdin{} } output { elasticsearch {} }'
具体如下:
C:\Users\Administrator>D:\es\logstash-5.4.1\logstash-5.4.1\bin\logstash -e 'inpu
t { stdin{} } output { elasticsearch {} }'
Sending Logstash's logs to D:/es/logstash-5.4.1/logstash-5.4.1/logs which is now
configured via log4j2.properties
[2018-02-04T05:17:38,403][INFO ][logstash.outputs.elasticsearch] Elasticsearch p
ool URLs updated {:changes=>{:removed=>[], :added=>[http://127.0.0.1:9200/]}}
[2018-02-04T05:17:38,419][INFO ][logstash.outputs.elasticsearch] Running health
check to see if an Elasticsearch connection is working {:healthcheck_url=>http:/
/127.0.0.1:9200/, :path=>"/"}
[2018-02-04T05:17:38,606][WARN ][logstash.outputs.elasticsearch] Restored connec
tion to ES instance {:url=>#<URI::HTTP:0x3afb9a53 URL:http://127.0.0.1:9200/>}
[2018-02-04T05:17:38,606][INFO ][logstash.outputs.elasticsearch] Using mapping t
emplate from {:path=>nil}
[2018-02-04T05:17:38,669][INFO ][logstash.outputs.elasticsearch] Attempting to i
nstall template {:manage_template=>{"template"=>"logstash-*", "version"=>50001,
"settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=
>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"pa
th_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text"
, "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"str
ing", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=
>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"
=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"d
ynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_po
int"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}
}}}}}
[2018-02-04T05:17:38,684][INFO ][logstash.outputs.elasticsearch] New Elasticsear
ch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic:0
x384fe3aa URL://127.0.0.1>]}
[2018-02-04T05:17:38,700][INFO ][logstash.pipeline ] Starting pipeline {"
id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.
delay"=>5, "pipeline.max_inflight"=>250}
[2018-02-04T05:17:38,747][INFO ][logstash.pipeline ] Pipeline main starte
d
The stdin plugin is now waiting for input:
[2018-02-04T05:17:38,872][INFO ][logstash.agent ] Successfully started
Logstash API endpoint {:port=>9600}
hello.arpenker
KIBANA中.DEV TOOLS的console里直接查询所有。
GET _search
{
"query": {
"match_all": {}
}
}
即可发现终于新增了一条记录。
{
"_index": "logstash-2018.02.03",
"_type": "logs",
"_id": "AWFdiFrCBZpn0eY58si-",
"_score": 1,
"_source": {
"@timestamp": "2018-02-03T21:17:52.331Z",
"@version": "1",
"host": "iZ94hfcf8jiZ",
"message": "hello.arpenker\r"
}
}
]
}
}
致此。标致着logstach写数据到es,从kibana中查询的流程全部打通了。
![Struts入门基础[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)