logstash安装

 

安装java
yum install java-1.6.0-openjdk* -y

安装elasticsearch
wget https://github.com/downloads/elasticsearch/elasticsearch/elasticsearch-0.19.11.tar.gz 
tar -zxvf elasticsearch-0.19.11.tar.gz
mv elasticsearch-0.19.11 /usr/local/elasticsearch
/usr/local/elasticsearch/bin/elasticsearch -f

curl http://192.168.14.117:9200/_flush

安装插件elasticsearch-head:
yum install git -y
git clone git://github.com/Aconex/elasticsearch-head.git
/usr/local/elasticsearch/bin/plugin -install Aconex/elasticsearch-head
重启es
http://192.168.14.117:9200/_plugin/head/

安装:logstatsh
wget https://logstash.objects.dreamhost.com/release/logstash-1.1.5-monolithic.jar

测试:
wget http://logstash.net/docs/1.1.0/tutorials/10-minute-walkthrough/apache-parse.conf
修改如下:
output {
  stdout {
    debug => true
  }
  elasticsearch { embedded => true }   //开启es支持
}

安装grok:
yum install -y gcc gperf make libevent-devel pcre-devel tokyocabinet-devel
wget --no-check-certificate https://github.com/jordansissel/grok/tarball/master -O grok.tar.gz
tar zxf grok.tar.gz
cd jordansissel-grok-*
make grok
make install
ldconfig
cd ..

运行:

java -jar logstash-*-monolithic.jar agent -f apache-parse.conf  -- web --backend elasticsearch://localhost/

http://192.168.14.117:9292/search

tail -f /var/log/httpd/access_log|nc 127.0.0.1 3333

转自：http://blog.chinaunix.net/uid-405749-id-3414824.html