(1)部署redis
1丶安裝redis
yum install epel-release -y
yum install redis -y
2丶修改配置檔案
#vim /etc/redis.conf
bind 0.0.0.0
daemonize yes
save ""
requirepass 123456
3.啟動redis
systemctl enable redis
systemctl restart redis
(2)配置logstash将日志寫入到redis中
1丶修改配置檔案
input {
file {
path => "/var/log/messages"
type => "systemlog"
start_position => "beginning"
stat_interval => "2"
}
}
output {
if [type] == "systemlog" {
redis {
data_type => "list"
host => "192.168.1.31"
db => "6"
port => "6379"
password => "123456"
key => "systemlog"
}
}
}
2丶啟動
logstash -f /etc/logstash/conf.d/redis.conf -t
logstash -f /etc/logstash/conf.d/redis.conf
3丶寫入日志到messages日志中
cat /etc/hosts >>/var/log/messages
4丶登入redis檢視
# redis-cli -h 192.168.1.31
192.168.1.31:6379> auth 123456
OK
192.168.1.31:6379> select 6
OK
192.168.1.31:6379[6]> keys *
1) "systemlog"
192.168.1.31:6379[6]> llen systemlog
(integer) 11292
192.168.1.31:6379[6]> lpop systemlog
(3)配置logstash從redis中取出資料到elasticsearch
1丶修改配置檔案
input {
redis {
type => "systemlog"
host => "192.168.1.31"
password => '123456'
port => "6379"
db => "6"
data_type => "list"
key => "systemlog"
}
}
output {
if [type] == "systemlog" {
elasticsearch {
hosts => ["192.168.1.31:9200"]
index => "redis-systemlog-%{+YYYY.MM.dd}"
}
}
}
2丶啟動
logstash -f /etc/logstash/conf.d/redis.conf -t
logstash -f /etc/logstash/conf.d/redis.conf
3丶啟動head插件檢視索引
參考連結:
logstash通過redis收集日志 : https://www.cnblogs.com/lovelinux199075/p/9112182.html
![安裝Kibana報錯[warning][admin][elasticsearch] Unable to revive connection: http://localhost:9200/[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)