Last active
July 26, 2018 18:23
-
-
Save rabidgremlin/9796818 to your computer and use it in GitHub Desktop.
LogStash Demo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Files and commands for Logstash demo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# update apt | |
apt-get update | |
# install java, apache, curl | |
apt-get -y install openjdk-7-jre curl apache2 | |
# install logstash | |
cd /tmp | |
wget https://download.elasticsearch.org/logstash/logstash/logstash-1.4.0.tar.gz | |
tar zxvf logstash-1.4.0.tar.gz | |
cp -R logstash-1.4.0 /opt/ | |
echo "Done !" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
file { | |
path => "/var/log/apache2/*.log" | |
} | |
} | |
filter { | |
if [path] =~ "access" { | |
mutate { replace => { type => "apache_access" } } | |
grok { | |
match => { "message" => "%{COMBINEDAPACHELOG}" } | |
} | |
date { | |
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ] | |
} | |
} else if [path] =~ "error" { | |
mutate { replace => { type => "apache_error" } } | |
} else { | |
mutate { replace => { type => "random_logs" } } | |
} | |
} | |
output { | |
elasticsearch { embedded => true } | |
stdout { codec => json } | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# StdIO | |
/opt/logstash-1.4.0/ | |
bin/logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } }' | |
# embedded elasticsearch | |
1. Start it | |
bin/logstash -e 'input { stdin { } } output { elasticsearch { embedded => true } }' | |
2. Query elastic search | |
curl 'http://localhost:9200/_search?pretty' | |
curl 'http://localhost:9200/_search?pretty&q=is' | |
# Starting kibana | |
bin/logstash-web& | |
# Monitoring apache | |
bin/logstash -f /vagrant/apachemon.conf | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
input { | |
twitter { | |
consumer_key => "" | |
consumer_secret => "" | |
keywords => "bieber" | |
oauth_token => "" | |
oauth_token_secret => "" | |
type => "bieber_tweet" | |
} | |
} | |
filter { | |
} | |
output { | |
elasticsearch { embedded => true } | |
stdout { codec => json } | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vagrant.configure(2) do |config| | |
config.vm.box = "hashicorp/precise32" | |
config.vm.network "forwarded_port", guest: 80, host: 8080 | |
config.vm.network "forwarded_port", guest: 9200, host: 9200 | |
config.vm.network "forwarded_port", guest: 9292, host: 9292 | |
config.vm.provider :virtualbox do |vb| | |
vb.customize ["modifyvm", :id, "--memory", "512"] | |
end | |
config.vm.provision "shell", path: "bootstrap.sh" | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment