Monday, August 1, 2016

Beginning Logstash Configuration


This will be a starting point in understanding logstash configuration, this post will cover about
- how logstash configuration works
- how logstash configuration is written
- and the most basic logstash configuration

Before you start, you can see how to install logstash [here], Since logstash can work without the other two (kibana and elasticsearch), you dont have to worry about installing those for now.

Activating logstash configuration

Logstash can be activated by supplying the configuration file parameter (-f)
logstash -f [configuration filepath]

so lets say you have a logstash configuration file with name sample.conf, you can activate it using
logstash -f sample.conf

Basic logstash configuration

logstash configuration is basically just a text file with the following format
input {
  ...
}

filter {
  ...
}

output {
  ...
}

each part has its own plugins that can be activated by writhing the configuration inside it, the references for the plugins are the following
- https://www.elastic.co/guide/en/logstash/current/output-plugins.html
- https://www.elastic.co/guide/en/logstash/current/input-plugins.html
- https://www.elastic.co/guide/en/logstash/current/filter-plugins.html

Through later post, you can see about how to utilize each plugin to solve cases

Make logstash log your input on Screen


The very basic configuration is to make logstash to log your input on screen which you can achieve by specifying a simple configuration, make a new file called simple.conf and use the following configuration

input {
  stdin {}
}

output {
  stdout{}
}

This configuration will tell logstash to log anything that we type on screen after the configuration is activate, run it with
logstash -f sample.conf

and you get the following result
svision@svision:~/andri$ /opt/logstash/bin/logstash -f sample.conf
Settings: Default pipeline workers: 2
Pipeline main started
test
2016-08-01T09:49:00.223Z svision test
hello world
2016-08-01T09:49:08.313Z svision hello world

I inputted "test" and "hello world" then I press Enter, everytime I press enter, then logstash will echo whatever I enter
Posted by at
Labels:

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )