logstash data input

오락기/ELK

logstash data input

문방구앞오락기 2018. 5. 11. 15:53

Country,1980,1981,1982,1983,1984,1985,1986,1987,1988,1989,1990,1991,1992,1993,1994,1995,1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010

North America,320.27638,324.44694,328.62014,332.72487,336.72143,340.74811,344.89548,349.07829,353.2939,357.68457,362.4468,367.70684,373.29069,378.74233,383.9166,388.97216,393.9428,398.97205,403.85585,408.60296,413.3245,417.83236,422.05268,426.06238,430.26938,434.47232,438.82964,443.3473,447.67394,451.83698,456.59331

이러한 데이터가 있다.

이걸 로그스테이시로 수집해본다

input {

file {

path => "/usr/elk/logstash/p1.csv" <--경로

start_position => "beginning" <--처음부터

sincedb_path => "/dev/null" <-- 조사해봐야함

}

filter {

csv {

separator => "," <--구분자

columns => ["Country","1980","1981","1982","1983","1984","1985","1986","1987","1988","1989","1990","1991","1992","1993","1994","1995","1996","1997","1998","1999","2000","2001","2002","2003","2004","2005","2006","2007","2008","2009","2010"] <--컬럼

}

mutate {convert => ["1980", "float"]} <--데이터 컨버팅

mutate {convert => ["1981", "float"]}

mutate {convert => ["1982", "float"]}

mutate {convert => ["1983", "float"]}

mutate {convert => ["1984", "float"]}

mutate {convert => ["1985", "float"]}

mutate {convert => ["1986", "float"]}

mutate {convert => ["1987", "float"]}

mutate {convert => ["1988", "float"]}

mutate {convert => ["1989", "float"]}

mutate {convert => ["1990", "float"]}

mutate {convert => ["1991", "float"]}

mutate {convert => ["1992", "float"]}

mutate {convert => ["1993", "float"]}

mutate {convert => ["1994", "float"]}

mutate {convert => ["1995", "float"]}

mutate {convert => ["1996", "float"]}

mutate {convert => ["1997", "float"]}

mutate {convert => ["1998", "float"]}

mutate {convert => ["1999", "float"]}

mutate {convert => ["2000", "float"]}

mutate {convert => ["2001", "float"]}

mutate {convert => ["2002", "float"]}

mutate {convert => ["2003", "float"]}

mutate {convert => ["2004", "float"]}

mutate {convert => ["2005", "float"]}

mutate {convert => ["2006", "float"]}

mutate {convert => ["2007", "float"]}

mutate {convert => ["2008", "float"]}

mutate {convert => ["2009", "float"]}

mutate {convert => ["2010", "float"]}

}

output {

elasticsearch {

hosts => "localhost" <--- 엘라스틱서치 호스트

index => "population" <-- 인덱스 이름

}

sudo ./logstash -f /usr/elk/logstash/logstash.conf <-- 관리자로 해야 되더라 권한때문인거같다

하면 데이터가 넣어지게되고

Visualize / New Visualization (unsaved)
Search... (e.g. status:200 AND extension:PHP)
Save
snare
Refresh
C Auto-retresn
Add a filter +
population
Data Options
Metrics
Slice Size
Aggregation
Sum
Field
1980
Custom Label
Buckets
Split Slices
Aggregation
Terms
Field
Country. keyword
Order By
metric: Sum of 1980
O Marcn 6th 2018, 1330:16.493to Mat-cn 6tn 2018, 134516.493
Uses lucene query syntax
O World
Asia & Oceania
Country
China
India
Europe
Africa
North America
Central & South Ar
Eurasia
Adva n ced
Order
Descenc ,
Size
10
Group other values in separate bucket
Show missing values O
Custom Label

이런식으로 시각화 가능함

저작자표시 (새창열림)