标签:dock std faq 分享 ocs 内存调整 begin output stash
sysctl -w vm.max_map_count=262144
docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -d --name elk sebp/elk此时会将input的内容,当作日志输出```#shell
docker exec -it e4d3aa4921b6 /bin/bash
/opt/logstash/bin/logstash --path.data /tmp/logstash/data -e ‘input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }‘
此时输入任意文字
在Kibana中进入DIscover,然后Create index pattern,写入他所发现的索引,设置时间字段就可以创建了
检索
docker run -it --name logstash --rm logstash --path.data /tmp/logstash/data -e ‘input { stdin { type=> "doc"} } output { elasticsearch { hosts => ["172.16.40.200"] } }‘
注意:此处一定要填写IP,不能填写localhost或者127.0.0.1,否则错误如下
input {
file {
path => "/data/*.csv"
start_position => beginning
}
}
filter {
csv{
columns =>[ "log_time", "user", "api", "status", "version"]
}
date {
match => ["log_time", "yyyy-MM-dd HH:mm:ss"]
timezone => "Asia/Shanghai"
}
}
output {
elasticsearch {
hosts => ["172.16.40.200:9200"]
index => "logstash-seveniruby-%{+YYYY.MM.dd}"
}
}2018-10-28 11:29:00,chenshanju,topics.json,200,7.4
2018-10-28 11:29:01,chenshanju,topics.json,200,7.4
2018-10-28 11:29:02,chenshanju,topics/3.json,200,7.4
2018-10-28 11:30:01,chenshanju,topics/4.json,200,7.4
2018-10-28 11:30:20,chenshanju,topics/1.json,200,7.4
2018-10-28 11:40:20,chenshanju,topics/5.json,200,7.4docker run -it --name logstash --rm -v $PWD/conf:/conf -v /Users/chenshanju/Desktop/docker/data/:/data logstash -f /conf/csv.confdata和conf在同意目录下,命令也在该目录下执行
另开终端,执行以下脚本
#注意:此脚本不要忘记传入user
while true
do
version=$([ $((RANDOM%5)) -ge 1 ] && echo debug || echo test)
version=${version}_3.$((RANDOM%3))
userList=(chenshanju chenyi csj java python)
user=${userList[$((RANDOM%5))]}
api=api/$((RANDOM%5)).json
status=$((RANDOM%5))00
ip=192.168.0.1$((RANDOM%5))$((RANDOM%5))
echo $(date +"%Y-%m-%d %H:%M:%S"),${user},${ip},${api},${status},${version} | tee -a $(
date +%Y%m%d%H%M).csv
sleep 0.$((RANDOM%5))
done
标签:dock std faq 分享 ocs 内存调整 begin output stash
原文地址:https://www.cnblogs.com/csj2018/p/9866292.html
