mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2024-12-15 16:30:55 +01:00
.. | ||
docker-compose.yml | ||
Dockerfile | ||
logstash.yml | ||
pipeline.conf | ||
README.md |
Docker compose Logstash integration with VictoriaLogs for syslog
It is required to use OpenSearch plugin for output configuration. Plugin can be installed by using the following command:
bin/logstash-plugin install logstash-output-opensearch
OpenSearch plugin is required because elasticsearch output plugin performs various checks for Elasticsearch version and license which are not applicable for VictoriaLogs.
To spin-up environment run the following command:
docker compose up -d
To shut down the docker-compose environment run the following command:
docker compose down
docker compose rm -f
The docker compose file contains the following components:
- logstash - logstash is configured to accept
syslog
on5140
port, you can find configuration in thepipeline.conf
. It writes data in VictoriaLogs - VictoriaLogs - the log database, it accepts the data from
logstash
by elastic protocol
Querying the data
- vmui - a web UI is accessible by
http://localhost:9428/select/vmui
- for querying the data via command-line please check these docs
Here is an example of logstash configuration(pipeline.conf
):
input {
syslog {
port => 5140
}
}
output {
opensearch {
hosts => ["http://victorialogs:9428/insert/elasticsearch"]
custom_headers => {
"AccountID" => "0"
"ProjectID" => "0"
}
parameters => {
"_stream_fields" => "host.ip,process.name"
"_msg_field" => "message"
"_time_field" => "@timestamp"
}
}
}
Please, note that _stream_fields
parameter must follow recommended best practices to achieve better performance.