好程式設計師大資料學習路線之Logstach與flume對比，沒有叢集的概念 ,logstach與flume都稱為組

logstash是用JRuby語言開發的

元件的對比 :

　　logstach : input filter output

　　flume : source channel sink

優劣對比 :

logstach :

安裝簡單 ,安裝體積小

有 filter元件,使得該工具具有資料過濾,資料切分的功能

可以與 ES無縫結合

具有資料容錯功能 ,在資料採集的時候,如果發生當機或斷開的情況,會斷點續傳(會記錄讀取的偏移量)

　　綜上 ,該工具主要用途為採集日誌資料

flume:

高可用方面要比 logstach強大

flume一直在強調資料的安全性,flume在資料傳輸過程中是由事務控制的

flume可以應用在多型別資料傳輸領域

資料對接

將 logstach.gz檔案上傳解壓即可

可以在 logstach目錄下建立conf檔案,用來儲存配置檔案

一命令啟動

1.bin/logstash -e 'input { stdin {} } output { stdout{} }'

　　stdin/stdout(標準輸入輸出流)

hello xixi

2018-09-12T21:58:58.649Z hadoop01 hello xixi

hello haha

2018-09-12T21:59:19.487Z hadoop01 hello haha

2.bin/logstash -e 'input { stdin {} } output { stdout{codec => rubydebug} }'

hello xixi

{

"message" => "hello xixi",

"@version" => "1",

"@timestamp" => "2018-09-12T22:00:49.612Z",

"host" => "hadoop01"

}

3.es叢集中 ,需要啟動es叢集

　　bin/logstash -e 'input { stdin {} } output { elasticsearch {hosts => ["192.168.88.81:9200"]} stdout{} }'

輸入命令後 ,es自動生成index,自動mapping.

hello haha

2018-09-12T22:13:05.361Z hadoop01 hehello haha

　　bin/logstash -e 'input { stdin {} } output { elasticsearch {hosts => ["192.168.88.81:9200", "192.168.88.82:9200"]} stdout{} }'

4.kafka叢集中,啟動kafka叢集

　　bin/logstash -e 'input { stdin {} } output { elasticsearch {hosts => ["192.168.88.81:9200", "192.168.88.82:9200"]} stdout{} }'

二配置檔案啟動

需要啟動 zookeeper叢集,kafka叢集,es叢集

1.與kafka資料對接

vi logstash-kafka.conf

　　啟動

　　bin/logstash -f logstash-kafka.conf (-f:指定檔案)

　　在另一節點上啟動 kafka消費命令

input {

file {

path => "/root/data/test.log"

discover_interval => 5

start_position => "beginning"

}

output {

kafka {

topic_id => "test1"

codec => plain {

format => "%{message}"

charset => "UTF-8"

}

bootstrap_servers => "node01:9092,node02:9092,node03:9092"

}

2.與kafka-es資料對接

vi logstash-es.conf

#啟動logstash

bin/logstash -f logstash-es.conf

　　在另一節點上啟動 kafka消費命令

input {

file {

type => "gamelog"

path => "/log/*/*.log"

discover_interval => 10

start_position => "beginning"

}

output {

elasticsearch {

index => "gamelog-%{+YYYY.MM.dd}"

hosts => ["node01:9200", "node02:9200", "node03:9200"]

}

資料對接過程

logstach節點存放: 哪個節點空閒資源多放入哪個節點 (靈活存放)

1.啟動logstach監控logserver目錄,把資料採集到kafka

2.啟動另外一個logstach,監控kafka某個topic資料,把他採集到elasticsearch

資料對接案例

需要啟動兩個 logstach,呼叫各個配置檔案,進行對接

1.採集資料到kafka

　　cd conf

　　建立配置檔案 : vi gs-kafka.conf

input {

file {

codec => plain {

charset => "GB2312"

}

path => "/root/basedir/*/*.txt"

discover_interval => 5

start_position => "beginning"

}

output {

kafka {

topic_id => "gamelogs"

codec => plain {

format => "%{message}"

charset => "GB2312"

}

bootstrap_servers => "node01:9092,node02:9092,node03:9092"

}

　　建立 kafka對應的topic

bin/kafka-topics.sh --create --zookeeper hadoop01:2181 --replication-factor 1 --partitions 1 --topic gamelogs

2.在hadoop01上啟動logstach

　　bin/logstash -f conf/gs-kafka.conf

3.在hadoop02上啟動另外一個logstach

　　cd logstach/conf

　　vi kafka-es.conf

input {

kafka {

type => "accesslogs"

codec => "plain"

auto_offset_reset => "smallest"

group_id => "elas1"

topic_id => "accesslogs"

zk_connect => "node01:2181,node02:2181,node03:2181"

}

kafka {

type => "gamelogs"

auto_offset_reset => "smallest"

codec => "plain"

group_id => "elas2"

topic_id => "gamelogs"

zk_connect => "node01:2181,node02:2181,node03:2181"

}

filter {

if [type] == "accesslogs" {

json {

source => "message"

remove_field => [ "message" ]

target => "access"

}

if [type] == "gamelogs" {

mutate {

split => { "message" => " " }

add_field => {

"event_type" => "%{message[3]}"

"current_map" => "%{message[4]}"

"current_X" => "%{message[5]}"

"current_y" => "%{message[6]}"

"user" => "%{message[7]}"

"item" => "%{message[8]}"

"item_id" => "%{message[9]}"

"current_time" => "%{message[12]}"

}

remove_field => [ "message" ]

}

output {

if [type] == "accesslogs" {

elasticsearch {

index => "accesslogs"

codec => "json"

hosts => ["node01:9200", "node02:9200", "node03:9200"]

}

if [type] == "gamelogs" {

elasticsearch {

index => "gamelogs1"

codec => plain {

charset => "UTF-16BE"

}

hosts => ["node01:9200", "node02:9200", "node03:9200"]

}

　　 bin/logstash -f conf/kafka-es.conf

4.修改basedir檔案中任意資料即可產生es的index檔案

5.網頁資料儲存在設定的/data/esdata中

6.在網頁中查詢指定欄位

　　預設分詞器為 term,只能查詢單個漢字,query_string可以查詢全漢字

好程式設計師大資料學習路線之Logstach與flume對比

相關文章