Logstash 简明教程

Logstash - ELK Stack

ELK 代表 Elasticsearch, Logstash,Kibana 。在 ELK 堆栈中,Logstash 从不同的输入源中提取日志数据或其他事件。它处理事件,然后将其存储在 Elasticsearch 中。Kibana 是一个 Web 界面,它从 Elasticsearch 中访问日志数据形式并对其进行可视化。

ELK stands for Elasticsearch, Logstash, and Kibana. In the ELK stack, Logstash extracts the logging data or other events from different input sources. It processes the events and later stores it in Elasticsearch. Kibana is a web interface, which accesses the logging data form Elasticsearch and visualizes it.

elk

Logstash and Elasticsearch

Logstash 提供输入和输出 Elasticsearch 插件,用于读写日志事件到 Elasticsearch。Elasticsearch 公司也建议将 Elasticsearch 作为输出目标,因为它与 Kibana 兼容。Logstash 通过 HTTP 协议将数据发送到 Elasticsearch。

Logstash provides input and output Elasticsearch plugin to read and write log events to Elasticsearch. Elasticsearch as an output destination is also recommended by Elasticsearch Company because of its compatibility with Kibana. Logstash sends the data to Elasticsearch over the http protocol.

Elasticsearch 提供批量上传功能,它有助于将来自不同源或 Logstash 实例的数据上传到集中式 Elasticsearch 引擎。ELK 在其他 DevOps 解决方案方面具有以下优势−

Elasticsearch provides bulk upload facility, which helps to upload the data from different sources or Logstash instances to a centralized Elasticsearch engine. ELK has the following advantages over other DevOps Solutions −

  1. ELK stack is easier to manage and can be scaled for handling petabytes of events.

  2. ELK stack architecture is very flexible and it provides integration with Hadoop. Hadoop is mainly used for archive purposes. Logstash can be directly connected to Hadoop by using flume and Elasticsearch provides a connector named es-hadoop to connect with Hadoop.

  3. ELK ownership total cost is much lesser than its alternatives.

Logstash and Kibana

Kibana 不直接与 Logstash 交互,而是通过数据源(在 ELK 堆栈中为 Elasticsearch)进行交互。Logstash 从每个源收集数据,Elasticsearch 以非常快的速度对其进行分析,然后 Kibana 对该数据提供可操作的见解。

Kibana does not interact with Logstash directly but through a data source, which is Elasticsearch in the ELK stack. Logstash collects the data from every source and Elasticsearch analyzes it at a very fast speed, then Kibana provides the actionable insights on that data.

Kibana 是一款基于 Web 的可视化工具,它帮助开发人员和其他人员分析 Logstash 在 Elasticsearch 引擎中收集的大量事件中的变化。此可视化功能使其能够轻松预测或查看输入源的错误或其他重要事件趋势的变化。

Kibana is a web based visualization tool, which helps developers and others to analyze the variations in large amounts of events collected by Logstash in Elasticsearch engine. This visualization makes it easy to predict or to see the changes in trends of errors or other significant events of the input source.