github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 14:47:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

bump to new version

Browse source
This commit is contained in:
Kurt Hurtado 2013-12-23 20:17:51 -08:00
parent 1f3f3533c2
commit c07f7b8060
1 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

20
docs/tutorials/getting-started-with-logstash.asciidoc
View file

@ -28,11 +28,11 @@ Once you have verified the existence of Java on your system, we can move on!
.Logstash in two commands
First, we're going to download the pre-built logstash binary and run it with a very simple configuration.
----
curl -O https://download.elasticsearch.org/logstash/logstash/logstash-1.3.1-flatjar.jar
curl -O https://download.elasticsearch.org/logstash/logstash/logstash-1.3.2-flatjar.jar
----
Now you should have the file named 'logstash-1.3.1-flatjar.jar' on your local filesystem. Let's run it:
Now you should have the file named 'logstash-1.3.2-flatjar.jar' on your local filesystem. Let's run it:
----
java -jar logstash-1.3.1-flatjar.jar agent -e 'input { stdin { } } output { stdout {} }'
java -jar logstash-1.3.2-flatjar.jar agent -e 'input { stdin { } } output { stdout {} }'
----
Now type something into your command prompt, and you will see it output by logstash:
@ -45,7 +45,7 @@ OK, that's interesting... We ran logstash with an input called "stdin", and an o
Let's try a slightly fancier example. First, you should exit logstash by issuing a 'CTRL-C' command in the shell in which it is running. Now run logstash again with the following command:
----
java -jar logstash-1.3.1-flatjar.jar agent -e 'input { stdin { } } output { stdout { codec => rubydebug } }'
java -jar logstash-1.3.2-flatjar.jar agent -e 'input { stdin { } } output { stdout { codec => rubydebug } }'
----
And then try another test input, typing the text "goodnight moon":
@ -74,7 +74,7 @@ More detailed information on installing and configuring Elasticsearch can be fou
Now that we have Elasticsearch running on port 9200 (we do, right?), logstash can be simply configured to use Elasticsearch as its backend. The defaults for both logstash and Elasticsearch are fairly sane and well thought out, so we can omit the optional configurations within the elasticsearch output:
----
java -jar logstash-1.3.1-flatjar.jar agent -e 'input { stdin { } } output { elasticsearch { } }'
java -jar logstash-1.3.2-flatjar.jar agent -e 'input { stdin { } } output { elasticsearch { } }'
----
Type something, and logstash will process it as before (this time you won't see any output, since we don't have the stdout output configured)
@ -122,7 +122,7 @@ Now you can browse to localhost:9200/_plugin/head[localhost:9200/_plugin/head] t
.Multiple Outputs
As a quick exercise in configuring multiple Logstash outputs, let's invoke logstash again, using both the 'stdout' as well as the 'elasticsearch' output:
----
java -jar logstash-1.3.1-flatjar.jar agent -e 'input { stdin { } } output { elasticsearch { } stdout { } }'
java -jar logstash-1.3.2-flatjar.jar agent -e 'input { stdin { } } output { elasticsearch { } stdout { } }'
----
Typing a phrase will now echo back to your terminal, as well as save in Elasticsearch! (Feel free to verify this using curl or elasticsearch-head).
@ -187,7 +187,7 @@ output {
Then, run this command:
----
java -jar logstash-1.3.1-flatjar.jar agent -f logstash-simple.conf
java -jar logstash-1.3.2-flatjar.jar agent -f logstash-simple.conf
----
Et voilà! Logstash will read in the configuration file you just created and run as in the example we saw earlier. Note that we used the '-f' to read in the file, rather than the '-e' to read the configuration from the command line. This is a very simple case, of course, so let's move on to some more complex examples.
@ -216,7 +216,7 @@ output {
Run the logstash jar file with this configuration:
----
java -jar logstash-1.3.1-flatjar.jar agent -f logstash-filter.conf
java -jar logstash-1.3.2-flatjar.jar agent -f logstash-filter.conf
----
Now paste this line into the terminal (so it will be processed by the stdin input):
@ -287,7 +287,7 @@ Then, create the file you configured above (in this example, "/Applications/XAMP
Now run it with the -f flag as in the last example:
----
java -jar logstash-1.3.1-flatjar.jar agent -f logstash-apache.conf
java -jar logstash-1.3.2-flatjar.jar agent -f logstash-apache.conf
----
You should be able to see your apache log data in Elasticsearch now! You'll notice that logstash opened the file you configured, and read through it, processing any events it encountered. Any additional lines logged to this file will also be captured, processed by logstash as events and stored in Elasticsearch. As an added bonus, they will be stashed with the field "type" set to "apache_access" (this is done by the type => "apache_access" line in the input configuration).
@ -379,7 +379,7 @@ output {
----
Run it as normal:
----
java -jar logstash-1.3.1-flatjar.jar agent -f logstash-syslog.conf
java -jar logstash-1.3.2-flatjar.jar agent -f logstash-syslog.conf
----
Normally, a client machine would connect to the logstash instance on port 5000 and send its message. In this simplified case, we're simply going to telnet to logstash and enter a log line (similar to how we entered log lines into STDIN earlier). First, open another shell window to interact with the logstash syslog input and type the following command: