Logstash - 支持的输入

• 

  简述

  Logstash 支持来自不同来源的大量日志。它正在与著名的来源合作，如下所述。
• 

  从指标收集日志

  系统事件和其他时间活动记录在指标中。Logstash 可以从系统指标访问日志并使用过滤器对其进行处理。这有助于以定制的方式向用户显示事件的实时提要。指标根据flush_interval setting指标过滤器和默认情况下；它设置为 5 秒。

  我们通过收集和分析通过 Logstash 运行的事件并在命令提示符上显示实时提要来跟踪 Logstash 生成的测试指标。

  logstash.conf

  此配置包含一个生成器插件，由 Logstash 提供用于测试指标，并将类型设置设置为“生成”以进行解析。在过滤阶段，我们只使用“if”语句处理具有生成类型的行。然后，指标插件计算仪表设置中指定的字段。指标插件每 5 秒刷新一次计数flush_interval.

  最后，使用codec plugin用于格式化。Codec 插件使用 [ events ][ rate_1m ] 值在 1 分钟滑动窗口中输出每秒事件。

  
  input {
     generator {
        type => "generated"
     }
  }
  filter {
     if [type] == "generated" {
        metrics {
           meter => "events"
           add_tag => "metric"
        }
     }
  }
  output {
     # only emit events with the 'metric' tag
     if "metric" in [tags] {
        stdout {
           codec => line { format => "rate: %{[events][rate_1m]}"
        }
     }
  }
  

  运行 Logstash

  我们可以使用以下命令运行 Logstash。

  
  >logsaths –f logstash.conf
  

  标准输出（命令提示符）

  
  rate: 1308.4
  rate: 1308.4
  rate: 1368.654529135342
  rate: 1416.4796003951449
  rate: 1464.974293984808
  rate: 1523.3119444107458
  rate: 1564.1602979542715
  rate: 1610.6496496890895
  rate: 1645.2184750334154
  rate: 1688.7768007612485
  rate: 1714.652283095914
  rate: 1752.5150680019278
  rate: 1785.9432934744932
  rate: 1806.912181962126
  rate: 1836.0070454626025
  rate: 1849.5669494173826
  rate: 1871.3814756851832
  rate: 1883.3443123790712
  rate: 1906.4879113216743
  rate: 1925.9420717997118
  rate: 1934.166137658981
  rate: 1954.3176526556897
  rate: 1957.0107444542625
  

• 

  从 Web 服务器收集日志

  Web 服务器会生成大量有关用户访问和错误的日志。Logstash 有助于使用输入插件从不同的服务器中提取日志，并将它们存储在一个集中的位置。

  我们正在从stderr logs本地 Apache Tomcat 服务器并将其存储在 output.log 中。

  logstash.conf

  这个 Logstash 配置文件指示 Logstash 读取 apache 错误日志并添加一个名为“apache-error”的标签。我们可以使用文件输出插件简单地将它发送到 output.log。

  
  input {
     file {
        path => "C:/Program Files/Apache Software Foundation/Tomcat 7.0 /logs/*stderr*"
        type => "apache-error"  
     }
  } 
  output {
     file {
        path => "C:/tpwork/logstash/bin/log/output.log"
     }
  }
  

  运行 Logstash

  我们可以使用以下命令运行 Logstash。

  
  >Logstash –f Logstash.conf
  

  输入日志示例

  这是样本stderr log，它在 Apache Tomcat 中发生服务器事件时生成。

  C:\Program Files\Apache Software Foundation\Tomcat 7.0\logs\tomcat7-stderr.2016-12-25.log

  
  Dec 25, 2016 7:05:14 PM org.apache.coyote.AbstractProtocol start
  INFO: Starting ProtocolHandler ["http-bio-9999"]
  Dec 25, 2016 7:05:14 PM org.apache.coyote.AbstractProtocol start
  INFO: Starting ProtocolHandler ["ajp-bio-8009"]
  Dec 25, 2016 7:05:14 PM org.apache.catalina.startup.Catalina start
  INFO: Server startup in 823 ms
  

  output.log

  
  {
     "path":"C:/Program Files/Apache Software Foundation/Tomcat 7.0/logs/
     tomcat7-stderr.2016-12-25.log","@timestamp":"2016-12-25T11:05:27.045Z",
     "@version":"1","host":"Dell-PC",
     "message":"Dec 25, 2016 7:05:14 PM org.apache.coyote.AbstractProtocol start\r",
     "type":"apache-error","tags":[]
  }
  {
     "path":"C:/Program Files/Apache Software Foundation/Tomcat 7.0/logs/
     tomcat7-stderr.2016-12-25.log","@timestamp":"2016-12-25T11:05:27.045Z",
     "@version":"1","host":"Dell-PC",
     "message":"INFO: Starting ProtocolHandler [
        \"ajp-bio-8009\"]\r","type":"apache-error","tags":[]
  }
  {
     "path":"C:/Program Files/Apache Software Foundation/Tomcat 7.0/logs/
     tomcat7-stderr.2016-12-25.log","@timestamp":"2016-12-25T11:05:27.045Z",
     "@version":"1","host":"Dell-PC",
     "message":"Dec 25, 2016 7:05:14 PM org.apache.catalina.startup.Catalina start\r",
     "type":"apache-error","tags":[]
  }
  {
     "path":"C:/Program Files/Apache Software Foundation/Tomcat 7.0/logs/
     tomcat7-stderr.2016-12-25.log","@timestamp":"2016-12-25T11:05:27.045Z",
     "@version":"1","host":"Dell-PC",
     "message":"INFO: Server startup in 823 ms\r","type":"apache-error","tags":[]
  }
  

• 

  从数据源收集日志

  首先，让我们了解如何配置 MySQL 进行日志记录。在中添加以下行my.ini file[mysqld] 下的 MySQL 数据库服务器。

  在 Windows 中，它位于 MySQL 的安装目录中，位于 -

  
  C:\wamp\bin\mysql\mysql5.7.11
  

  在 UNIX 中，您可以在 - /etc/mysql/my.cnf 中找到它

  
  general_log_file   = "C:/wamp/logs/queries.log"
  general_log = 1
  

  logstash.conf

  在此配置文件中，文件插件用于读取 MySQL 日志并将其写入 ouput.log。

  
  input {
     file {
        path => "C:/wamp/logs/queries.log"
     }
  }
  output {
     file {
        path => "C:/tpwork/logstash/bin/log/output.log"
     }
  }
  

  queries.log

  这是在 MySQL 数据库中执行的查询生成的日志。

  
  2016-12-25T13:05:36.854619Z   2 Query     select * from test1_users
  2016-12-25T13:05:51.822475Z    2 Query select count(*) from users
  2016-12-25T13:05:59.998942Z    2 Query         select count(*) from test1_users
  

  output.log

  
  {
     "path":"C:/wamp/logs/queries.log","@timestamp":"2016-12-25T13:05:37.905Z",
     "@version":"1","host":"Dell-PC",
     "message":"2016-12-25T13:05:36.854619Z    2 Query\tselect * from test1_users",
     "tags":[]
  }
  {
     "path":"C:/wamp/logs/queries.log","@timestamp":"2016-12-25T13:05:51.938Z",
     "@version":"1","host":"Dell-PC",
     "message":"2016-12-25T13:05:51.822475Z    2 Query\tselect count(*) from users",
     "tags":[]
  }
  {
     "path":"C:/wamp/logs/queries.log","@timestamp":"2016-12-25T13:06:00.950Z",
     "@version":"1","host":"Dell-PC",
     "message":"2016-12-25T13:05:59.998942Z    2 Query\tselect count(*) from test1_users",
     "tags":[]
  }