18 lines
724 B
Markdown
18 lines
724 B
Markdown
---
|
||
title: "Logstash"
|
||
type: concept
|
||
tags: [Log-Analytics, Data-Processing, ETL]
|
||
date: 2026-04-14
|
||
---
|
||
|
||
## Definition
|
||
Logstash 是 ELK Stack 中的日志处理管道组件,负责接收、转换和 enrichment 日志数据,然后发送到 Elasticsearch 存储。
|
||
|
||
## Description
|
||
Logstash 支持多种输入源(文件、网络、Beats 等),通过过滤器对日志进行解析、转换、添加字段等处理,然后输出到目标存储。可选使用 Redis 作为消息队列缓冲,防止 Logstash 过载。
|
||
|
||
## Connections
|
||
- [[Logstash]] ← receives_from ← [[BEATS]]
|
||
- [[Logstash]] ← sends_to ← [[Elasticsearch]]
|
||
- [[Logstash]] ← uses_buffer ← [[Redis]]
|
||
- [[ELK Stack]] ← depends_on ← [[Logstash]] |