Skip to content

Instantly share code, notes, and snippets.

@martianyi

martianyi/README.md

Last active May 4, 2020 16:17
Show Gist options
  • Save martianyi/053257426413f0b533f88b3a48ce58e1 to your computer and use it in GitHub Desktop.
Save martianyi/053257426413f0b533f88b3a48ce58e1 to your computer and use it in GitHub Desktop.
Download ZIP
Logstash输出到aws elasticsearch service
Raw
README.md
  1. 在本机安装logstash
  2. 使用rvm安装jruby.
  3. 进入logstash安装目录(如/usr/share/logstash), 运行sudo -E bin/logstash-plugin install --no-verify --version 6.4.0 logstash-output-amazon_es 安装logstash-output-amazon_es插件。如果logstash-plugin安装很慢的话,请安装 haveged 后尝试。见此issue, 此文章
  4. 在aws iam中创建一个用户,赋予编程访问,和AmazonESFullAccess权限,将此用户设为elasticsearch域的主用户,获取access_key和secret(如果已经配置了elasticsearch域的主用户,则用该用户的access_key和secret)
  5. 配置logstash pipeline, 如
input {
  file {
      path => "/var/log/nginx/access.log"
      start_position => "beginning"
  }
}
filter {
  grok {
    patterns_dir => "/etc/logstash/patterns"
    match => { "message" => "%{NGINXACCESS}" }
  }
}
output {
  stdout {}
  amazon_es {
   hosts => ["$ES_host"]
   ssl => true
   region => "$ES_region"
   aws_access_key_id => '$access_key_id'
   aws_secret_access_key => '$secret_access_key'
   index => "nginx-access-logs-%{+YYYY.MM.dd}"
 }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment