1、rpm安装Logstash

 wget https://artifacts.elastic.co/downloads/logstash/logstash-6.8.7.rpm
yum install -y logstash-6.8.7.rpm

2、创建syslog配置

input {beats{port=> 5044         }
}output {elasticsearch {hosts => ["http://localhost:9200"]index => "k8s-log-%{+YYYY-MM-dd}"}
}```bash
修改配置文件logstash.yml
vim /etc/logstash/logstash.yml

设置管道配置文件路径为/etc/logstash/conf.d

path.config: /etc/logstash/conf.d

``

3、直接在命令行运行查看效果

cd  /usr/share/logstash/bin
logstash -f /etc/logstash/conf.d/logstash.conf

4、常用指令
systemctl start logstash
systemctl status logstash
systemctl enable logstash

5、采集k8s系统组件日志
k8s-logs.yaml

apiVersion: v1
kind: ConfigMap
metadata:name: k8s-logs-filebeat-confignamespace: kube-system
data:filebeat.yml: |-filebeat.prospectors:- type: logpaths:- /messagesfields:app: k8stype: modulefields_under_root: trueoutput.logstash:hosts: ['192.168.56.104:5044']---apiVersion: apps/v1
kind: DaemonSet
metadata:name: k8s-logsnamespace: kube-system
spec:selector:matchLabels:project: k8sapp: filebeattemplate:metadata:labels:project: k8sapp: filebeatspec:containers:- name: filebeatimage: collenzhao/filebeat:6.5.4args: ["-c", "/etc/filebeat.yml","-e",]resources:requests:cpu: 100mmemory: 100Milimits:cpu: 500mmemory: 500MisecurityContext:runAsUser: 0volumeMounts:- name: filebeat-configmountPath: /etc/filebeat.ymlsubPath: filebeat.yml- name: k8s-logsmountPath: /messagesvolumes:- name: k8s-logshostPath:path: /var/log/messagestype: File- name: filebeat-configconfigMap:name: k8s-logs-filebeat-config

6、效果