logstash 6 configuration with images in centos 7

logstash 6 configuration with images in centos 7




OS     -    CentOS 7
IP    -    172.17.20.100
Host    -    linuxtopic.com
Logstash default port    -    5000

Step 1:

Update system
yum update

Install Java & curl
yum install java
   
Check Java Version
java -version
               
Step 2:

Downloading and Installing Logstash

Method 1 : Download & Install RPM Manually
cd /opt

wget https://artifacts.elastic.co/downloads/logstash/logstash-6.1.1.rpm

logstash 6 installation and configuration with images in centos 7, logstash 6, logstash.yml, logstash filter, logstash, elasticsearch 6, logging system, centralise logging, kibana 6, linuxtopic, linux topic, logstash configuration, logstash download, logstash installaction, logstash notes
rpm -ivh logstash-6.1.1.rpm

Method 2 : Install using YUM Repo
       
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

echo "[logstash-6.x]
name=Elastic repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md" > /etc/yum.repos.d/logstash6.repo
yum install logstash
logstash 6 installation and configuration with images in centos 7, logstash 6, logstash.yml, logstash filter, logstash, elasticsearch 6, logging system, centralise logging, kibana 6, linuxtopic, linux topic, logstash configuration, logstash download, logstash installaction, logstash notes


Directory Layout of Debian and RPM Packages

The Debian package and the RPM package each place config files, logs, and the settings files in the appropriate locations for the system:
logstash 6 installation and configuration with images in centos 7, logstash 6, logstash.yml, logstash filter, logstash, elasticsearch 6, logging system, centralise logging, kibana 6, linuxtopic, linux topic, logstash configuration, logstash download, logstash installaction, logstash notes

Setting Files :

logstash.yml     - Contains logstash Configuration flags
jvm.options       - Contains JVM configuration flags
Startup.options - Contains options used by system-install script in
                             /usr/share/logstash/bin

Step 3:

Configure Logstash:  Creating a simple config file and using it to run Logstash
echo "input {
beats {
port => 5044
#ssl => true
#ssl_certificate => \"/etc/pki/tls/certs/logstash-forwarder.crt\"
#ssl_key => \"/etc/pki/tls/private/logstash-forwarder.key\"
}
}" > /etc/logstash/conf.d/logstash-input.conf

Here we can define port and certificate and key
echo "output {
elasticsearch {
hosts => [\"172.17.20.100:9200\"]
sniffing => true
index => \"%{[@metadata][beat]}-%{+YYYY.MM.dd}\"
}
}" > /etc/logstash/conf.d/logstash-output.conf

Here we define  elasticsearch with port  

Create logstash filter file
echo "filter {
if [type] == \"syslog\" {
grok {
match => { \"message\" => \"%{SYSLOGLINE}\" }
}
date {
match => [ \"timestamp\", \"MMM d HH:mm:ss\", \"MMM dd HH:mm:ss\" ]
}
}
}" > /etc/logstash/conf.d/logstash-filter.conf
logstash 6 installation and configuration with images in centos 7, logstash 6, logstash.yml, logstash filter, logstash, elasticsearch 6, logging system, centralise logging, kibana 6, linuxtopic, linux topic, logstash configuration, logstash download, logstash installaction, logstash notes
chmod +x /etc/logstash/conf.d/logstash-*
Start Logstash & enable  at  boot
systemctl start logstash

systemctl enable logstash
To stop logstash
systemctl stop logstash

Previous
Next Post »