elasticsearch.yml
# delete * 사용방법
# need restarting
action.destructive_requires_name: false
#without restarting
PUT _cluster/settings
{
"persistent": {
"action.destructive_requires_name": false
}
}
[링크](https://codezup.com/solved-wildcard-expressions-or-all-indices-are-not-allowed-elasticsearch/)logstash directory: namubuntu ~/sandbox/logstash
logstash 실행방법: bin/logstash -f work.conf (work.conf에 script작성)
work.conf: ~/sandbox/logstash/work.conf
nano /usr/share/logstash/workshop.conf
head -n 1 /home/yknam/weblog-sample.log | nc localhost 9907
echo 'test' | nc localhost 9907
bin/logstash -f workshop.conf
###workshop.conf
input {
tcp {
port => 9907
}
}
filter {
grok {
match => {"message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
}
useragent{
source => "agent"
target => "useragent"
}
mutate {
convert =>{
"bytes" => "integer"
}
}
date {
match =>["timestamp", "dd/MMM/yy:HH:mm:ss Z"]
target => "logdate"
}
}
output {
stdout { }
elasticsearch {
hosts => ["localhost:9200"]
user => "elastic"
password => "changeme"
}
}
50대 개발자 노드, 자바스크립트