mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2024-11-23 20:37:12 +01:00
|
|
||
|---|---|---|
| .. | ||
| docker-compose.yml | ||
| Dockerfile | ||
| logstash.yml | ||
| pipeline.conf | ||
| README.md | ||
Docker compose Logstash integration with VictoriaLogs for syslog
It is required to use OpenSearch plugin for output configuration. Plugin can be installed by using the following command:
bin/logstash-plugin install logstash-output-opensearch
OpenSearch plugin is required because elasticsearch output plugin performs various checks for Elasticsearch version and license which are not applicable for VictoriaLogs.
To spin-up environment run the following command:
docker compose up -d
To shut down the docker-compose environment run the following command:
docker compose down
docker compose rm -f
The docker compose file contains the following components:
- logstash - logstash is configured to accept
syslogon5140port, you can find configuration in thepipeline.conf. It writes data in VictoriaLogs - VictoriaLogs - the log database, it accepts the data from
logstashby elastic protocol
Here is an example of logstash configuration(pipeline.conf):
input {
syslog {
port => 5140
}
}
output {
opensearch {
hosts => ["http://victorialogs:9428/insert/elasticsearch"]
custom_headers => {
"AccountID" => "0"
"ProjectID" => "0"
}
parameters => {
"_stream_fields" => "host.ip,process.name"
"_msg_field" => "message"
"_time_field" => "@timestamp"
}
}
}
Please, note that _stream_fields parameter must follow recommended best practices to achieve better performance.