Running Logstash

Logstash requires configuration to be specified while running it. Configuration can be specified directly as an argument using the -e option by specifying the configuration file (the .conf file) using the -f option/flag. 

Using the terminal/command prompt, navigate to LOGSTASH_HOME/bin. Let's ensure that Logstash works fine after installation by running the following command with a simple configuration (the logstash pipeline) as a parameter:

E:logstash-7.0.0in>logstash -e "input { stdin { } } output { stdout {} }"

You should get the following logs:

E:logstash-7.0.0in>logstash -e "input { stdin {}} output { stdout{}}"
Sending Logstash logs to E:/logstash-7.0.0/logs which is now configured via log4j2.properties
[2019-03-17T15:17:23,771][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"E:/logstash-7.0.0/data/queue"}
[2019-03-17T15:17:23,782][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"E:/logstash-7
.0.0/data/dead_letter_queue"}
[2019-03-17T15:17:23,942][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-03-17T15:17:23,960][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.0.0"}
[2019-03-17T15:17:24,006][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"5e0b1f2a-d1dc-4c0b-9c4f-8efded
6c3260", :path=>"E:/logstash-7.0.0/data/uuid"}
[2019-03-17T15:17:32,701][INFO ][logstash.javapipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125
, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, :thread=>"#<Thread:0x74a9c9ab run>"}
[2019-03-17T15:17:32,807][INFO ][logstash.javapipeline ] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2019-03-17T15:17:32,897][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2019-03-17T15:17:33,437][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

Now, enter any text and press EnterLogstash adds a timestamp and IP address information to the input text message. Exit Logstash by issuing a CTRL + C command in the shell where Logstash is running. We just ran Logstash with some simple configurations (pipeline). In the next section, we will explore the Logstash pipeline in more detail.

 

In some windows machines, after executing the previous mentioned command, you might encounter error like "ERROR: Unknown command '{ stdin { } } output { stdout {} }'". In that case, please remove the spaces in between the command and execute the command as follows C:>logstash -e input"{stdin{}}output{stdout{}}"
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset