如何实现多个隔离的logstash管道?
- By : Will
- Category : Elastic Stack
Elastic Stack
1 前言
一个问题,一篇文章,一出故事。
笔者想实现一台logstash服务器上同时定义多个不同倾听端口的logstash管道,但是发现只要从任意一个输入(input)模块的端口输入的数据都会从多个输出(output)模块上出来,于是想要实现多个管道的隔离。
2 最佳实践
2.1 环境信息
如果你没有logstash环境,请参阅如下章节搭建,
2.1 定义多个隔离的管道
2.1.1 定义管道1
vim /etc/logstash/conf.d/dg-server.cmdschool.org_5045.conf
加入如下配置,
input { beats { port => 5045 type => "5045" ssl => true ssl_certificate_authorities => ["/etc/pki/tls/certs/ca.crt"] ssl_certificate => "/etc/pki/tls/certs/dg-server.cmdschool.org.crt" ssl_key => "/etc/pki/tls/private/dg-server.cmdschool.org.key" ssl_verify_mode => "force_peer" } } output { if [type] == "5045" { elasticsearch { hosts => ["http://azelasticsearch01:9200", "http://azelasticsearch02:9200", "http://azelasticsearch03:9200", "http://azelasticsearch04:9200", "http://azelasticsearch05:9200"] index => "dg-server-%{+YYYY.MM.dd}" user => "elastic" password => "elasticpwd" } } }
2.1.2 定义管道2
vim /etc/logstash/conf.d/ca-server.cmdschool.org_5046.conf
加入如下配置,
input { beats { port => 5046 type => "5046" ssl => true ssl_certificate_authorities => ["/etc/pki/tls/certs/ca.crt"] ssl_certificate => "/etc/pki/tls/certs/ca-server.cmdschool.org.crt" ssl_key => "/etc/pki/tls/private/ca-server.cmdschool.org.key" ssl_verify_mode => "force_peer" } } output { if [type] == "5046" { elasticsearch { hosts => ["http://azelasticsearch01:9200", "http://azelasticsearch02:9200", "http://azelasticsearch03:9200", "http://azelasticsearch04:9200", "http://azelasticsearch05:9200"] index => "ca-server-%{+YYYY.MM.dd}" user => "elastic" password => "elasticpwd" } } }
2.1.3 测试配置
/usr/share/logstash/bin/logstash --config.test_and_exit --path.settings /etc/logstash -f /etc/logstash/conf.d/dg-server.cmdschool.org_5045.conf
/usr/share/logstash/bin/logstash --config.test_and_exit --path.settings /etc/logstash -f /etc/logstash/conf.d/ca-server.cmdschool.org_5046.conf
2.1.4 重启服务使配置生效
systemctl restart logstash.service
systemctl restart logstash.service
没有评论