如何从 logstash 连接 logstash?
[英]How to connect logstash from logstash?
问题描述
I want to use one logstash send data to multiple logstash services.
我想使用一个 logstash 将数据发送到多个 logstash 服务。
If I use this setting in k8s, it can work.如果我在 k8s 中使用此设置,它可以工作。
service.yml服务.yml
apiVersion: v1
kind: Service
metadata:
labels:
app: logstash
name: logstash
spec:
selector:
app: logstash
ports:
- name: "5044"
port: 5044
targetPort: 5044
filebeat.yml文件beat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/log1.json
tags: ["log1"]
processors:
- decode_json_fields:
fields: ["message"]
process_array: true
max_depth: 1
target: ""
overwrite_keys: true
add_error_key: false
output.logstash:
hosts: ["logstash-log1.default.svc.cluster.local:5044"]
logstash.yml logstash.yml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: configmap-logstash
data:
logstash.yml: |
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
xpack.monitoring.enabled: false
logstash.conf: |
input {
beats {
port => 5044
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
But if I change to another way, set output from another logstash instance as:但是,如果我换成另一种方式,将另一个 logstash 实例中的 output 设置为:
k8s services: k8s服务:
---
apiVersion: v1
kind: Service
metadata:
labels:
app: logstash-log1
name: logstash-log1
spec:
selector:
app: logstash-log1
ports:
- name: "5044"
port: 5044
targetPort: 5044
logstash.yml logstash.yml
output {
if "log1" in [tags] {
stdout { codec => rubydebug }
tcp {
mode => "client"
host => "logstash-log1.default.svc.cluster.local"
port => 5044
codec => "json"
}
}
}
target logstash's logstash.yml目标 logstash 的 logstash.yml
---
apiVersion: v1
kind: ConfigMap
metadata:
name: configmap-logstash
data:
logstash.yml: |
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
xpack.monitoring.enabled: false
logstash.conf: |
input {
tcp {
port => 5044
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
The communication can be confimed, it works.可以确认通信,它有效。 But the data seems didn't send to logstash-log1.default.svc.cluster.local:5044 .但是数据似乎没有发送到logstash-log1.default.svc.cluster.local:5044 。
If use curl to test from origin logstash,如果使用 curl 从原始 logstash 进行测试,
curl logstash-log1.default.svc.cluster.local:5044
Can get log data in the target logstash:可以获取目标logstash中的日志数据:
{
"port" => 37424,
"host" => "10.12.8.213"
}
{
"port" => 37424,
"host" => "10.12.8.213"
}
{
"port" => 37424,
"host" => "10.12.8.213"
}
{
"port" => 37424,
"host" => "10.12.8.213"
}
So the problem may be the configuration between 2 logstash.所以问题可能是2个logstash之间的配置。 Doesn't tcp input/output methods work? tcp 输入/输出方法不起作用吗?
2 个解决方案
解决方案1
1 2021-03-22 23:13:32
Try using the lumberjack output and beats input .尝试使用lumberjack output和beats输入。
This is the recommended approach for Logstash-to-Logstash communication, and is explained in detail here in the logstash docs.这是 Logstash 到 Logstash 通信的推荐方法,并在 logstash 文档中详细 说明。
解决方案2
0 2023-01-02 15:29:21
My solution thus far has been to use gelf between the two logstashes:到目前为止,我的解决方案是在两个 logstashes 之间使用 gelf:
logstash-01: taking input from beats and sending it to logstash-02 logstash-01:从节拍中获取输入并将其发送到 logstash-02
/etc/logstash/conf.d/logstash-01.conf /etc/logstash/conf.d/logstash-01.conf
input {
beats {
port => 5044
}
}
output {
gelf {
id => "%{host}"
host => "logstash-02.example.com"
port => 9899
}
}
logstash-02: receiving from logstash-01 logstash-02:从 logstash-01 接收
/etc/logstash/conf.d/logstash-02.conf /etc/logstash/conf.d/logstash-02.conf
input {
gelf {
host => "0.0.0.0"
use_udp => true
port => 9899
strip_leading_underscore => false
remap => false
}
}
YMMV YMMV
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.