elastic logstash

yknam·2022년 10월 24일
0

elasticsearch.yml

# delete * 사용방법

# need restarting
action.destructive_requires_name: false

#without restarting
PUT _cluster/settings
{
    "persistent": {
        "action.destructive_requires_name": false
    }
}

[링크](https://codezup.com/solved-wildcard-expressions-or-all-indices-are-not-allowed-elasticsearch/)

logstash directory: namubuntu ~/sandbox/logstash
logstash 실행방법: bin/logstash -f work.conf (work.conf에 script작성)
work.conf: ~/sandbox/logstash/work.conf

nano /usr/share/logstash/workshop.conf
head -n 1 /home/yknam/weblog-sample.log | nc localhost 9907
echo 'test' | nc localhost 9907
bin/logstash -f workshop.conf

###workshop.conf

input {
tcp {
 port => 9907
}
}
filter {
grok {
 match => {"message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
 source => "clientip"
}
useragent{
 source => "agent"
 target => "useragent"
}
mutate {
 convert =>{
  "bytes" => "integer"
 }
}
date {
 match =>["timestamp", "dd/MMM/yy:HH:mm:ss Z"]
 target => "logdate"
}
}
output {
stdout { }
elasticsearch {
 hosts => ["localhost:9200"]
 user => "elastic"
 password => "changeme"
}

}
profile
50대 개발자 노드, 자바스크립트

0개의 댓글