Logstash使用

一、简单启动

logstashLinux安装

https://www.jianshu.com/p/9da5cd68a611

1. logstash -f test.conf

test.conf是下面自己写的配置文件

2.启动出现错误：

os::commit_memory(0x00000000c5330000, 986513408, 0) failed; error=‘Cannot allocate memory’ (errno=12)

参考文章：https://www.cnblogs.com/wang-yaz/p/9395005.html

启动成功：

我的test1.conf配置文件放在bin统计目录config下。

启动命令：./bin/logstash -f test1.conf

3. 非正常关闭出现错误：there is already another instance using the configured data

Logstash could not be started because there is already another instance using the configured data directory. If you wish to run multiple instances, you must change the “path.data” setting.

https://www.jianshu.com/p/1028f77ff16e

4. 使用linux设置中文字符

https://blog.csdn.net/hh12211221/article/details/53888856

二、配置详情

过滤：

测试使用

配置文件

将数据发送到es中

修改output

三、log4j日志记录

https://blog.csdn.net/fz13768884254/article/details/81214773