Home Explore Help
Sign In
Database
/
manticoresearch
mirror of https://github.com/manticoresoftware/manticoresearch.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
manticoresearch
/
.translation-cache
/
Integration
/
Logstash.md.json

Logstash.md.json 43 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829 
  1. {
    2. 

  2.     "d5b4750b1fedc8b16a7eaf718cf27910ec9ec67a6ec6fd1ab9040bdaf38121a3": {
    3. 

  3.         "original": "# Integration with Logstash\n\n> NOTE: The integration with Logstash requires [Manticore Buddy](../Installation/Manticore_Buddy.md). If it doesn't work, make sure Buddy is installed.\n\n[Logstash](https://www.elastic.co/logstash) is a log management tool that collects data from a variety of sources, transforms it on the fly, and sends it to your desired destination. It is often used as a data pipeline for Elasticsearch, an open-source analytics and search engine.\n\nNow, Manticore supports the use of Logstash as a processing pipeline. This allows the collected and transformed data to be sent to Manticore just like to Elasticsearch. Currently, versions 7.6-9.2 are supported.\n\nLet\u2019s examine a simple example of a Logstash config file used for indexing `dpkg.log`, a standard log file of the Debian package manager. The log itself has a simple structure, as shown below:\n\nCODE_BLOCK_0\n\n## Logstash configuration\n\nHere is an example Logstash configuration:\n\nCODE_BLOCK_1\n\nNote that, before proceeding further, one crucial caveat needs to be addressed: Manticore does not support Log Template Management and the Index Lifecycle Management features of Elasticsearch. As these features are enabled by default in Logstash, they need to be explicitly disabled in the config. Additionally, the hosts option in the output config section must correspond to Manticore\u2019s HTTP listen port (default is localhost:9308).\n\n## Version-specific configuration\n\nConfiguration varies depending on which version of Logstash you're using.\n\n### Configuration for Logstash 7.17\n\nFor Logstash 7.17, the basic configuration is straightforward and doesn't require additional ILM settings:\n\nCODE_BLOCK_2\n\nRun with:\nCODE_BLOCK_3\n\n### Configuration for Logstash 8.0 - 9.1\n\nStarting from version 8.0, ILM (Index Lifecycle Management) and template management are enabled by default and must be explicitly disabled for compatibility with Manticore:\n\nCODE_BLOCK_4\n\nFor versions 9.0 and 9.1, Logstash requires running as a superuser. Set the environment variable before starting:\n\nCODE_BLOCK_5\n\n### Configuration for Logstash 9.2+\n\nFrom version 9.2, the recommended approach is to configure the superuser setting via a configuration file instead of using environment variables. This provides a more permanent and manageable solution.\n\nConfiguration file (e.g., `logstash.conf`):\nCODE_BLOCK_6\n\nCreate `/etc/logstash/logstash.yml`:\nCODE_BLOCK_7\n\nRun with:\nCODE_BLOCK_8\n\n## Logstash results\n\nAfter adjusting the config as described, you can run Logstash, and the data from the dpkg log will be passed to Manticore and properly indexed.\n\nHere is the resulting schema of the created table and an example of the inserted document:\n\nCODE_BLOCK_9\n\nCODE_BLOCK_10\n\n",
    4. 

  4.         "translations": {
    5. 

  5.             "chinese": "# \u4e0e Logstash \u7684\u96c6\u6210\n\n> \u6ce8\u610f\uff1a\u4e0e Logstash \u7684\u96c6\u6210\u9700\u8981 [Manticore Buddy](../Installation/Manticore_Buddy.md)\u3002\u5982\u679c\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\uff0c\u8bf7\u786e\u4fdd\u5df2\u5b89\u88c5 Buddy\u3002\n\n[Logstash](https://www.elastic.co/logstash) \u662f\u4e00\u4e2a\u65e5\u5fd7\u7ba1\u7406\u5de5\u5177\uff0c\u53ef\u4ee5\u6536\u96c6\u6765\u81ea\u591a\u79cd\u6765\u6e90\u7684\u6570\u636e\uff0c\u5b9e\u65f6\u8f6c\u6362\u5e76\u53d1\u9001\u5230\u60a8\u671f\u671b\u7684\u76ee\u6807\u3002\u5b83\u901a\u5e38\u7528\u4f5c Elasticsearch \u7684\u6570\u636e\u7ba1\u9053\uff0cElasticsearch \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5206\u6790\u548c\u641c\u7d22\u5f15\u64ce\u3002\n\n\u73b0\u5728\uff0cManticore \u652f\u6301\u5c06 Logstash \u7528\u4f5c\u5904\u7406\u7ba1\u9053\u3002\u8fd9\u5141\u8bb8\u6536\u96c6\u548c\u8f6c\u6362\u540e\u7684\u6570\u636e\u50cf\u53d1\u9001\u5230 Elasticsearch \u4e00\u6837\u53d1\u9001\u5230 Manticore\u3002\u76ee\u524d\u652f\u6301\u7684\u7248\u672c\u4e3a 7.6-9.2\u3002\n\n\u8ba9\u6211\u4eec\u67e5\u770b\u4e00\u4e2a\u7528\u4e8e\u7d22\u5f15 `dpkg.log` \u7684\u7b80\u5355 Logstash \u914d\u7f6e\u6587\u4ef6\u793a\u4f8b\uff0c`dpkg.log` \u662f Debian \u5305\u7ba1\u7406\u5668\u7684\u6807\u51c6\u65e5\u5fd7\u6587\u4ef6\u3002\u8be5\u65e5\u5fd7\u672c\u8eab\u7ed3\u6784\u7b80\u5355\uff0c\u5982\u4e0b\u6240\u793a\uff1a\n\nCODE_BLOCK_0\n\n## Logstash \u914d\u7f6e\n\n\u4ee5\u4e0b\u662f\u4e00\u4e2a Logstash \u914d\u7f6e\u793a\u4f8b\uff1a\n\nCODE_BLOCK_1\n\n\u8bf7\u6ce8\u610f\uff0c\u5728\u7ee7\u7eed\u4e4b\u524d\uff0c\u9700\u8981\u89e3\u51b3\u4e00\u4e2a\u5173\u952e\u7684\u6ce8\u610f\u4e8b\u9879\uff1aManticore \u4e0d\u652f\u6301 Elasticsearch \u7684\u65e5\u5fd7\u6a21\u677f\u7ba1\u7406\u548c\u7d22\u5f15\u751f\u547d\u5468\u671f\u7ba1\u7406\u529f\u80fd\u3002\u7531\u4e8e\u8fd9\u4e9b\u529f\u80fd\u5728 Logstash \u4e2d\u9ed8\u8ba4\u542f\u7528\uff0c\u56e0\u6b64\u5fc5\u987b\u5728\u914d\u7f6e\u4e2d\u663e\u5f0f\u7981\u7528\u5b83\u4eec\u3002\u6b64\u5916\uff0c\u8f93\u51fa\u914d\u7f6e\u90e8\u5206\u7684 hosts \u9009\u9879\u5fc5\u987b\u5bf9\u5e94 Manticore \u7684 HTTP \u76d1\u542c\u7aef\u53e3\uff08\u9ed8\u8ba4\u662f localhost:9308\uff09\u3002\n\n## \u4e0d\u540c\u7248\u672c\u7684\u914d\u7f6e\n\n\u914d\u7f6e\u56e0\u6240\u4f7f\u7528\u7684 Logstash \u7248\u672c\u800c\u5f02\u3002\n\n### Logstash 7.17 \u7684\u914d\u7f6e\n\n\u5bf9\u4e8e Logstash 7.17\uff0c\u57fa\u672c\u914d\u7f6e\u6bd4\u8f83\u7b80\u5355\uff0c\u4e0d\u9700\u8981\u989d\u5916\u7684 ILM \u8bbe\u7f6e\uff1a\n\nCODE_BLOCK_2\n\n\u8fd0\u884c\u547d\u4ee4\uff1a\nCODE_BLOCK_3\n\n### Logstash 8.0 - 9.1 \u7684\u914d\u7f6e\n\n\u4ece 8.0 \u7248\u672c\u5f00\u59cb\uff0cILM\uff08\u7d22\u5f15\u751f\u547d\u5468\u671f\u7ba1\u7406\uff09\u548c\u6a21\u677f\u7ba1\u7406\u9ed8\u8ba4\u542f\u7528\uff0c\u5fc5\u987b\u663e\u5f0f\u7981\u7528\u4ee5\u517c\u5bb9 Manticore\uff1a\n\nCODE_BLOCK_4\n\n\u5bf9\u4e8e 9.0 \u548c 9.1 \u7248\u672c\uff0cLogstash \u9700\u8981\u4ee5\u8d85\u7ea7\u7528\u6237\u8eab\u4efd\u8fd0\u884c\u3002\u5728\u542f\u52a8\u524d\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\uff1a\n\nCODE_BLOCK_5\n\n### Logstash 9.2 \u53ca\u4ee5\u540e\u7248\u672c\u7684\u914d\u7f6e\n\n\u81ea 9.2 \u7248\u672c\u8d77\uff0c\u5efa\u8bae\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u800c\u975e\u73af\u5883\u53d8\u91cf\u6765\u914d\u7f6e\u8d85\u7ea7\u7528\u6237\u8bbe\u7f6e\uff0c\u8fd9\u63d0\u4f9b\u4e86\u66f4\u6301\u4e45\u4e14\u6613\u4e8e\u7ba1\u7406\u7684\u89e3\u51b3\u65b9\u6848\u3002\n\n\u914d\u7f6e\u6587\u4ef6\uff08\u4f8b\u5982 `logstash.conf`\uff09\uff1a\nCODE_BLOCK_6\n\n\u521b\u5efa `/etc/logstash/logstash.yml`\uff1a\nCODE_BLOCK_7\n\n\u8fd0\u884c\u547d\u4ee4\uff1a\nCODE_BLOCK_8\n\n## Logstash \u7ed3\u679c\n\n\u6309\u4e0a\u8ff0\u65b9\u6cd5\u8c03\u6574\u914d\u7f6e\u540e\uff0c\u60a8\u53ef\u4ee5\u8fd0\u884c Logstash\uff0cdpkg \u65e5\u5fd7\u4e2d\u7684\u6570\u636e\u5c06\u4f20\u9012\u5230 Manticore \u5e76\u88ab\u6b63\u786e\u7d22\u5f15\u3002\n\n\u4ee5\u4e0b\u662f\u521b\u5efa\u7684\u8868\u7684\u6700\u7ec8\u67b6\u6784\u548c\u63d2\u5165\u6587\u6863\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_9\n\nCODE_BLOCK_10",
    6. 

  6.             "russian": "# \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Logstash\n\n> \u041f\u0420\u0418\u041c\u0415\u0427\u0410\u041d\u0418\u0415: \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Logstash \u0442\u0440\u0435\u0431\u0443\u0435\u0442 [Manticore Buddy](../Installation/Manticore_Buddy.md). \u0415\u0441\u043b\u0438 \u044d\u0442\u043e \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e Buddy \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d.\n\n[Logstash](https://www.elastic.co/logstash) \u2014 \u044d\u0442\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432, \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u0438\u0445 \u043d\u0430 \u043b\u0435\u0442\u0443 \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0432 \u043d\u0443\u0436\u043d\u043e\u0435 \u043c\u0435\u0441\u0442\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f. \u041e\u043d \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f Elasticsearch, \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0438 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u043e\u0433\u043e \u0434\u0432\u0438\u0436\u043a\u0430.\n\n\u0422\u0435\u043f\u0435\u0440\u044c Manticore \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Logstash \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 Manticore \u0442\u0430\u043a \u0436\u0435, \u043a\u0430\u043a \u0438 \u0432 Elasticsearch. \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 7.6 \u043f\u043e 9.2.\n\n\u0420\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u0444\u0430\u0439\u043b\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Logstash, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f `dpkg.log`, \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 Debian. \u0421\u0430\u043c \u0436\u0443\u0440\u043d\u0430\u043b \u0438\u043c\u0435\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u0443\u044e \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u043a\u0430\u043a \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u043e \u043d\u0438\u0436\u0435:\n\nCODE_BLOCK_0\n\n## \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Logstash\n\n\u041f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Logstash:\n\nCODE_BLOCK_1\n\n\u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u043f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u0434\u0432\u0438\u0433\u0430\u0442\u044c\u0441\u044f \u0434\u0430\u043b\u044c\u0448\u0435, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0447\u0435\u0441\u0442\u044c \u0432\u0430\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435: Manticore \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0448\u0430\u0431\u043b\u043e\u043d\u0430\u043c\u0438 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 (Log Template Management) \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u043c \u0446\u0438\u043a\u043b\u043e\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432 (Index Lifecycle Management) \u0432 Elasticsearch. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 Logstash, \u0438\u0445 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u044f\u0432\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043e\u043f\u0446\u0438\u044f hosts \u0432 \u0441\u0435\u043a\u0446\u0438\u0438 output \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0434\u043e\u043b\u0436\u043d\u0430 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c HTTP-\u043f\u043e\u0440\u0442\u0443 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u044f Manticore (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e localhost:9308).\n\n## \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0432\u0430\u0440\u044c\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e\u0441\u0442\u0438 \u043e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 Logstash, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u0432\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435.\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Logstash 7.17\n\n\u0414\u043b\u044f Logstash 7.17 \u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043f\u0440\u043e\u0441\u0442\u0430 \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a ILM:\n\nCODE_BLOCK_2\n\n\u0417\u0430\u043f\u0443\u0441\u043a:\nCODE_BLOCK_3\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Logstash 8.0 - 9.1\n\n\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.0, ILM (\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u043c \u0446\u0438\u043a\u043b\u043e\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u0430) \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0448\u0430\u0431\u043b\u043e\u043d\u0430\u043c\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u044f\u0432\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 Manticore:\n\nCODE_BLOCK_4\n\n\u0414\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 9.0 \u0438 9.1 Logstash \u0434\u043e\u043b\u0436\u0435\u043d \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c\u0441\u044f \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0417\u0430\u0434\u0430\u0439\u0442\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0443\u044e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u0434 \u0437\u0430\u043f\u0443\u0441\u043a\u043e\u043c:\n\nCODE_BLOCK_5\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Logstash 9.2+\n\n\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 9.2, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u044b\u0439 \u043f\u043e\u0434\u0445\u043e\u0434 \u2014 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f. \u042d\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0435 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435.\n\n\u0424\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, `logstash.conf`):\nCODE_BLOCK_6\n\n\u0421\u043e\u0437\u0434\u0430\u0439\u0442\u0435 `/etc/logstash/logstash.yml`:\nCODE_BLOCK_7\n\n\u0417\u0430\u043f\u0443\u0441\u043a:\nCODE_BLOCK_8\n\n## \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b Logstash\n\n\u041f\u043e\u0441\u043b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u043a\u0430\u043a \u043e\u043f\u0438\u0441\u0430\u043d\u043e \u0432\u044b\u0448\u0435, \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c Logstash, \u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 dpkg \u0431\u0443\u0434\u0443\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0442\u044c\u0441\u044f \u0432 Manticore \u0438 \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u0442\u044c\u0441\u044f.\n\n\u0412\u043e\u0442 \u0438\u0442\u043e\u0433\u043e\u0432\u0430\u044f \u0441\u0445\u0435\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0442\u0430\u0431\u043b\u0438\u0446\u044b \u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u0432\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430:\n\nCODE_BLOCK_9\n\nCODE_BLOCK_10"
    7. 

  7.         },
    8. 

  8.         "is_code_or_comment": false,
    9. 

  9.         "model": "openai:gpt-4.1-mini",
    10. 

  10.         "updated_at": 1766339800
    11. 

  11.     },
    12. 

  12.     "__meta": {
    13. 

  13.         "source_text": "# Integration with Logstash\n\n> NOTE: The integration with Logstash requires [Manticore Buddy](../Installation/Manticore_Buddy.md). If it doesn't work, make sure Buddy is installed.\n\n[Logstash](https://www.elastic.co/logstash) is a log management tool that collects data from a variety of sources, transforms it on the fly, and sends it to your desired destination. It is often used as a data pipeline for Elasticsearch, an open-source analytics and search engine.\n\nNow, Manticore supports the use of Logstash as a processing pipeline. This allows the collected and transformed data to be sent to Manticore just like to Elasticsearch. Currently, versions 7.6-9.3 are supported.\n\nLet\u2019s examine a simple example of a Logstash config file used for indexing `dpkg.log`, a standard log file of the Debian package manager. The log itself has a simple structure, as shown below:\n\n```\n2023-05-31 10:42:55 status triggers-awaited ca-certificates-java:all 20190405ubuntu1.1\n2023-05-31 10:42:55 trigproc libc-bin:amd64 2.31-0ubuntu9.9 <none>\n2023-05-31 10:42:55 status half-configured libc-bin:amd64 2.31-0ubuntu9.9\n2023-05-31 10:42:55 status installed libc-bin:amd64 2.31-0ubuntu9.9\n2023-05-31 10:42:55 trigproc systemd:amd64 245.4-4ubuntu3.21 <none>\n```\n\n## Logstash configuration\n\nHere is an example Logstash configuration:\n\n```\ninput {\n  file {\n    path => [\"/var/log/dpkg.log\"]\n    start_position => \"beginning\"\n    sincedb_path => \"/dev/null\"\n    mode => \"read\"\n    exit_after_read => \"true\"\n   file_completed_action => \"log\"\n   file_completed_log_path => \"/dev/null\"\n  }\n}\n\noutput {\n  elasticsearch {\n   index => \" dpkg_log\"\n   hosts => [\"http://localhost:9308\"]\n   ilm_enabled => false\n   manage_template => false\n  }\n}\n```\n\nNote that, before proceeding further, one crucial caveat needs to be addressed: Manticore does not support Log Template Management and the Index Lifecycle Management features of Elasticsearch. As these features are enabled by default in Logstash, they need to be explicitly disabled in the config. Additionally, the hosts option in the output config section must correspond to Manticore\u2019s HTTP listen port (default is localhost:9308).\n\n## Version-specific configuration\n\nConfiguration varies depending on which version of Logstash you're using.\n\n### Configuration for Logstash 7.17\n\nFor Logstash 7.17, the basic configuration is straightforward and doesn't require additional ILM settings:\n\n```\ninput {\n  file {\n    path => [\"/var/log/dpkg.log\"]\n    start_position => \"beginning\"\n    sincedb_path => \"/dev/null\"\n    mode => \"read\"\n    exit_after_read => \"true\"\n    file_completed_action => \"log\"\n    file_completed_log_path => \"/dev/null\"\n  }\n}\n\noutput {\n  elasticsearch {\n    index => \"dpkg_log\"\n    hosts => [\"http://localhost:9308\"]\n  }\n}\n```\n\nRun with:\n```bash\nlogstash -f logstash.conf\n```\n\n### Configuration for Logstash 8.0 - 9.1\n\nStarting from version 8.0, ILM (Index Lifecycle Management) and template management are enabled by default and must be explicitly disabled for compatibility with Manticore:\n\n```\ninput {\n  file {\n    path => [\"/var/log/dpkg.log\"]\n    start_position => \"beginning\"\n    sincedb_path => \"/dev/null\"\n    mode => \"read\"\n    exit_after_read => \"true\"\n    file_completed_action => \"log\"\n    file_completed_log_path => \"/dev/null\"\n  }\n}\n\noutput {\n  elasticsearch {\n    index => \"dpkg_log\"\n    hosts => [\"http://localhost:9308\"]\n    ilm_enabled => false\n    manage_template => false\n  }\n}\n```\n\nFor versions 9.0 and 9.1, Logstash requires running as a superuser. Set the environment variable before starting:\n\n```bash\nexport ALLOW_SUPERUSER=1\nlogstash -f logstash.conf\n```\n\n### Configuration for Logstash 9.2+\n\nFrom version 9.2, the recommended approach is to configure the superuser setting via a configuration file instead of using environment variables. This provides a more permanent and manageable solution.\n\nConfiguration file (e.g., `logstash.conf`):\n```\ninput {\n  file {\n    path => [\"/var/log/dpkg.log\"]\n    start_position => \"beginning\"\n    sincedb_path => \"/dev/null\"\n    mode => \"read\"\n    exit_after_read => \"true\"\n    file_completed_action => \"log\"\n    file_completed_log_path => \"/dev/null\"\n  }\n}\n\noutput {\n  elasticsearch {\n    index => \"dpkg_log\"\n    hosts => [\"http://localhost:9308\"]\n    ilm_enabled => false\n    manage_template => false\n  }\n}\n```\n\nCreate `/etc/logstash/logstash.yml`:\n```yaml\nallow_superuser: true\n```\n\nRun with:\n```bash\nlogstash --path.settings=/etc/logstash -f logstash.conf\n```\n\n## Logstash results\n\nAfter adjusting the config as described, you can run Logstash, and the data from the dpkg log will be passed to Manticore and properly indexed.\n\nHere is the resulting schema of the created table and an example of the inserted document:\n\n```\nmysql> DESCRIBE dpkg_log;\n+------------------+--------+---------------------+\n| Field            | Type   | Properties          |\n+------------------+--------+---------------------+\n| id               | bigint |                     |\n| message          | text   | indexed stored      |\n| @version         | text   | indexed stored      |\n| @timestamp       | text   | indexed stored      |\n| path             | text   | indexed stored      |\n| host             | text   | indexed stored      |\n+------------------+--------+---------------------+\n```\n\n```\nmysql> SELECT * FROM dpkg_log LIMIT 1\\G\n\n*************************** 1. row ***************************\nid: 7280000849080746110\nhost: logstash-db848f65f-lnlf9\nmessage: 2023-04-12 02:03:21 status unpacked libc-bin:amd64 2.31-0ubuntu9\npath: /var/log/dpkg.log\n@timestamp: 2023-06-16T09:23:57.405Z\n@version: 1\n```\n\n",
    14. 

  14.         "updated_at": 1770287267,
    15. 

  15.         "source_md5": "76f7f08e6692a2c7ff829dad253a8679",
    16. 

  16.         "source_snapshot": "/tmp/translator-source-gnaOMY",
    17. 

  17.         "target_snapshot": "/tmp/translator-target-N3xdxX"
    18. 

  18.     },
    19. 

  19.     "b3e54ace16e451c74a678777a9e51168ab5ce854f5c43ea386a921d6236ac686": {
    20. 

  20.         "original": "# Integration with Logstash\n\n> NOTE: The integration with Logstash requires [Manticore Buddy](../Installation/Manticore_Buddy.md). If it doesn't work, make sure Buddy is installed.\n\n[Logstash](https://www.elastic.co/logstash) is a log management tool that collects data from a variety of sources, transforms it on the fly, and sends it to your desired destination. It is often used as a data pipeline for Elasticsearch, an open-source analytics and search engine.\n\nNow, Manticore supports the use of Logstash as a processing pipeline. This allows the collected and transformed data to be sent to Manticore just like to Elasticsearch. Currently, versions 7.6-9.3 are supported.\n\nLet\u2019s examine a simple example of a Logstash config file used for indexing `dpkg.log`, a standard log file of the Debian package manager. The log itself has a simple structure, as shown below:\n\nCODE_BLOCK_0\n\n## Logstash configuration\n\nHere is an example Logstash configuration:\n\nCODE_BLOCK_1\n\nNote that, before proceeding further, one crucial caveat needs to be addressed: Manticore does not support Log Template Management and the Index Lifecycle Management features of Elasticsearch. As these features are enabled by default in Logstash, they need to be explicitly disabled in the config. Additionally, the hosts option in the output config section must correspond to Manticore\u2019s HTTP listen port (default is localhost:9308).\n\n## Version-specific configuration\n\nConfiguration varies depending on which version of Logstash you're using.\n\n### Configuration for Logstash 7.17\n\nFor Logstash 7.17, the basic configuration is straightforward and doesn't require additional ILM settings:\n\nCODE_BLOCK_2\n\nRun with:\nCODE_BLOCK_3\n\n### Configuration for Logstash 8.0 - 9.1\n\nStarting from version 8.0, ILM (Index Lifecycle Management) and template management are enabled by default and must be explicitly disabled for compatibility with Manticore:\n\nCODE_BLOCK_4\n\nFor versions 9.0 and 9.1, Logstash requires running as a superuser. Set the environment variable before starting:\n\nCODE_BLOCK_5\n\n### Configuration for Logstash 9.2+\n\nFrom version 9.2, the recommended approach is to configure the superuser setting via a configuration file instead of using environment variables. This provides a more permanent and manageable solution.\n\nConfiguration file (e.g., `logstash.conf`):\nCODE_BLOCK_6\n\nCreate `/etc/logstash/logstash.yml`:\nCODE_BLOCK_7\n\nRun with:\nCODE_BLOCK_8\n\n## Logstash results\n\nAfter adjusting the config as described, you can run Logstash, and the data from the dpkg log will be passed to Manticore and properly indexed.\n\nHere is the resulting schema of the created table and an example of the inserted document:\n\nCODE_BLOCK_9\n\nCODE_BLOCK_10\n\n",
    21. 

  21.         "translations": {
    22. 

  22.             "chinese": "# \u4e0e Logstash \u7684\u96c6\u6210\n\n> \u6ce8\u610f\uff1a\u4e0e Logstash \u7684\u96c6\u6210\u9700\u8981 [Manticore Buddy](../Installation/Manticore_Buddy.md)\u3002\u5982\u679c\u65e0\u6cd5\u6b63\u5e38\u5de5\u4f5c\uff0c\u8bf7\u786e\u4fdd\u5df2\u5b89\u88c5 Buddy\u3002\n\n[Logstash](https://www.elastic.co/logstash) \u662f\u4e00\u4e2a\u65e5\u5fd7\u7ba1\u7406\u5de5\u5177\uff0c\u53ef\u4ee5\u4ece\u5404\u79cd\u6765\u6e90\u6536\u96c6\u6570\u636e\uff0c\u5b9e\u65f6\u8f6c\u6362\u6570\u636e\uff0c\u5e76\u5c06\u5176\u53d1\u9001\u5230\u60a8\u671f\u671b\u7684\u76ee\u7684\u5730\u3002\u5b83\u901a\u5e38\u7528\u4f5c Elasticsearch \u7684\u6570\u636e\u7ba1\u9053\uff0cElasticsearch \u662f\u4e00\u4e2a\u5f00\u6e90\u7684\u5206\u6790\u548c\u641c\u7d22\u5f15\u64ce\u3002\n\n\u73b0\u5728\uff0cManticore \u652f\u6301\u4f7f\u7528 Logstash \u4f5c\u4e3a\u5904\u7406\u7ba1\u9053\u3002\u8fd9\u5141\u8bb8\u6536\u96c6\u548c\u8f6c\u6362\u540e\u7684\u6570\u636e\u50cf\u53d1\u9001\u5230 Elasticsearch \u4e00\u6837\u53d1\u9001\u5230 Manticore\u3002\u76ee\u524d\u652f\u6301\u7684\u7248\u672c\u4e3a 7.6-9.3\u3002\n\n\u8ba9\u6211\u4eec\u770b\u4e00\u4e0b\u7528\u4e8e\u5bf9 `dpkg.log`\uff08Debian \u5305\u7ba1\u7406\u5668\u7684\u6807\u51c6\u65e5\u5fd7\u6587\u4ef6\uff09\u8fdb\u884c\u7d22\u5f15\u7684\u7b80\u5355 Logstash \u914d\u7f6e\u6587\u4ef6\u793a\u4f8b\u3002\u65e5\u5fd7\u672c\u8eab\u5177\u6709\u7b80\u5355\u7684\u7ed3\u6784\uff0c\u5982\u4e0b\u6240\u793a\uff1a\n\nCODE_BLOCK_0\n\n## Logstash \u914d\u7f6e\n\n\u4ee5\u4e0b\u662f\u4e00\u4e2a Logstash \u914d\u7f6e\u793a\u4f8b\uff1a\n\nCODE_BLOCK_1\n\n\u8bf7\u6ce8\u610f\uff0c\u5728\u7ee7\u7eed\u4e4b\u524d\uff0c\u9700\u8981\u89e3\u51b3\u4e00\u4e2a\u5173\u952e\u6ce8\u610f\u4e8b\u9879\uff1aManticore \u4e0d\u652f\u6301 Elasticsearch \u7684\u65e5\u5fd7\u6a21\u677f\u7ba1\u7406\uff08Log Template Management\uff09\u548c\u7d22\u5f15\u751f\u547d\u5468\u671f\u7ba1\u7406\uff08Index Lifecycle Management\uff09\u529f\u80fd\u3002\u7531\u4e8e\u8fd9\u4e9b\u529f\u80fd\u5728 Logstash \u4e2d\u9ed8\u8ba4\u662f\u542f\u7528\u7684\uff0c\u56e0\u6b64\u9700\u8981\u5728\u914d\u7f6e\u4e2d\u663e\u5f0f\u7981\u7528\u5b83\u4eec\u3002\u6b64\u5916\uff0c\u8f93\u51fa\u914d\u7f6e\u90e8\u5206\u4e2d\u7684 hosts \u9009\u9879\u5fc5\u987b\u5bf9\u5e94 Manticore \u7684 HTTP \u76d1\u542c\u7aef\u53e3\uff08\u9ed8\u8ba4\u662f localhost:9308\uff09\u3002\n\n## \u7248\u672c\u7279\u5b9a\u914d\u7f6e\n\n\u914d\u7f6e\u4f1a\u6839\u636e\u60a8\u4f7f\u7528\u7684 Logstash \u7248\u672c\u800c\u6709\u6240\u4e0d\u540c\u3002\n\n### Logstash 7.17 \u7684\u914d\u7f6e\n\n\u5bf9\u4e8e Logstash 7.17\uff0c\u57fa\u672c\u914d\u7f6e\u662f\u76f4\u63a5\u7684\uff0c\u4e0d\u9700\u8981\u989d\u5916\u7684 ILM \u8bbe\u7f6e\uff1a\n\nCODE_BLOCK_2\n\n\u8fd0\u884c\u547d\u4ee4\uff1a\nCODE_BLOCK_3\n\n### Logstash 8.0 - 9.1 \u7684\u914d\u7f6e\n\n\u4ece\u7248\u672c 8.0 \u5f00\u59cb\uff0cILM\uff08\u7d22\u5f15\u751f\u547d\u5468\u671f\u7ba1\u7406\uff09\u548c\u6a21\u677f\u7ba1\u7406\u9ed8\u8ba4\u662f\u542f\u7528\u7684\uff0c\u5fc5\u987b\u663e\u5f0f\u7981\u7528\u4ee5\u517c\u5bb9 Manticore\uff1a\n\nCODE_BLOCK_4\n\n\u5bf9\u4e8e 9.0 \u548c 9.1 \u7248\u672c\uff0cLogstash \u9700\u8981\u4ee5\u8d85\u7ea7\u7528\u6237\u8eab\u4efd\u8fd0\u884c\u3002\u5728\u542f\u52a8\u524d\u8bbe\u7f6e\u73af\u5883\u53d8\u91cf\uff1a\n\nCODE_BLOCK_5\n\n### Logstash 9.2+ \u7684\u914d\u7f6e\n\n\u4ece\u7248\u672c 9.2 \u5f00\u59cb\uff0c\u5efa\u8bae\u901a\u8fc7\u914d\u7f6e\u6587\u4ef6\u800c\u4e0d\u662f\u73af\u5883\u53d8\u91cf\u6765\u914d\u7f6e\u8d85\u7ea7\u7528\u6237\u8bbe\u7f6e\u3002\u8fd9\u63d0\u4f9b\u4e86\u4e00\u4e2a\u66f4\u6301\u4e45\u548c\u6613\u4e8e\u7ba1\u7406\u7684\u89e3\u51b3\u65b9\u6848\u3002\n\n\u914d\u7f6e\u6587\u4ef6\uff08\u4f8b\u5982\uff0c`logstash.conf`\uff09\uff1a\nCODE_BLOCK_6\n\n\u521b\u5efa `/etc/logstash/logstash.yml`\uff1a\nCODE_BLOCK_7\n\n\u8fd0\u884c\u547d\u4ee4\uff1a\nCODE_BLOCK_8\n\n## Logstash \u7ed3\u679c\n\n\u5728\u6309\u7167\u4e0a\u8ff0\u8bf4\u660e\u8c03\u6574\u914d\u7f6e\u540e\uff0c\u60a8\u53ef\u4ee5\u8fd0\u884c Logstash\uff0cdpkg \u65e5\u5fd7\u4e2d\u7684\u6570\u636e\u5c06\u88ab\u4f20\u9012\u5230 Manticore \u5e76\u6b63\u786e\u7d22\u5f15\u3002\n\n\u4ee5\u4e0b\u662f\u521b\u5efa\u7684\u8868\u7684\u7ed3\u6784\u548c\u63d2\u5165\u6587\u6863\u7684\u793a\u4f8b\uff1a\n\nCODE_BLOCK_9\n\nCODE_BLOCK_10\n\n",
    23. 

  23.             "russian": "# \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Logstash\n\n> \u041f\u0420\u0418\u041c\u0415\u0427\u0410\u041d\u0418\u0415: \u0418\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u044f \u0441 Logstash \u0442\u0440\u0435\u0431\u0443\u0435\u0442 [Manticore Buddy](../Installation/Manticore_Buddy.md). \u0415\u0441\u043b\u0438 \u043e\u043d\u0430 \u043d\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u0441\u044c, \u0447\u0442\u043e Buddy \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d.\n\n[Logstash](https://www.elastic.co/logstash) \u2014 \u044d\u0442\u043e \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0436\u0443\u0440\u043d\u0430\u043b\u0430\u043c\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u0431\u0438\u0440\u0430\u0435\u0442 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432, \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u0443\u0435\u0442 \u0438\u0445 \u043d\u0430 \u043b\u0435\u0442\u0443 \u0438 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u0432 \u043d\u0443\u0436\u043d\u043e\u0435 \u043c\u0435\u0441\u0442\u043e \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f. \u041e\u043d \u0447\u0430\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f Elasticsearch, \u0430\u043d\u0430\u043b\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438 \u043f\u043e\u0438\u0441\u043a\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c.\n\n\u0422\u0435\u043f\u0435\u0440\u044c Manticore \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 Logstash \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043a\u043e\u043d\u0432\u0435\u0439\u0435\u0440\u0430 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0441\u043e\u0431\u0440\u0430\u043d\u043d\u044b\u0435 \u0438 \u043f\u0440\u0435\u043e\u0431\u0440\u0430\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0432 Manticore \u0442\u0430\u043a \u0436\u0435, \u043a\u0430\u043a \u0438 \u0432 Elasticsearch. \u0412 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442\u0441\u044f \u0432\u0435\u0440\u0441\u0438\u0438 7.6\u20139.3.\n\n\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043f\u0440\u043e\u0441\u0442\u043e\u0439 \u043f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 Logstash, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u0438\u043d\u0434\u0435\u043a\u0441\u0430\u0446\u0438\u0438 `dpkg.log`, \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 Debian. \u0421\u0430\u043c \u0436\u0443\u0440\u043d\u0430\u043b \u0438\u043c\u0435\u0435\u0442 \u043f\u0440\u043e\u0441\u0442\u0443\u044e \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443, \u043a\u0430\u043a \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u043e \u043d\u0438\u0436\u0435:\n\nCODE_BLOCK_0\n\n## \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Logstash\n\n\u0412\u043e\u0442 \u043f\u0440\u0438\u043c\u0435\u0440 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 Logstash:\n\nCODE_BLOCK_1\n\n\u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435, \u0447\u0442\u043e \u043f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0447\u0435\u0441\u0442\u044c \u043e\u0434\u043d\u043e \u0432\u0430\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0435\u0440\u0435\u0436\u0435\u043d\u0438\u0435: Manticore \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0448\u0430\u0431\u043b\u043e\u043d\u0430\u043c\u0438 \u0436\u0443\u0440\u043d\u0430\u043b\u043e\u0432 (Log Template Management) \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u043c \u0446\u0438\u043a\u043b\u043e\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432 (Index Lifecycle Management) \u043e\u0442 Elasticsearch. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u0442\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 Logstash, \u0438\u0445 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u044f\u0432\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 hosts \u0432 \u0440\u0430\u0437\u0434\u0435\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432\u044b\u0432\u043e\u0434\u0430 \u0434\u043e\u043b\u0436\u0435\u043d \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c HTTP-\u043f\u043e\u0440\u0442\u0443 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u043d\u0438\u044f Manticore (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e localhost:9308).\n\n## \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439\n\n\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0437\u0430\u0432\u0438\u0441\u0438\u0442 \u043e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Logstash.\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Logstash 7.17\n\n\u0414\u043b\u044f Logstash 7.17 \u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043f\u0440\u043e\u0441\u0442\u0430 \u0438 \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a ILM:\n\nCODE_BLOCK_2\n\n\u0417\u0430\u043f\u0443\u0441\u043a \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e:\nCODE_BLOCK_3\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Logstash 8.0 - 9.1\n\n\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 8.0, ILM (\u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u044b\u043c \u0446\u0438\u043a\u043b\u043e\u043c \u0438\u043d\u0434\u0435\u043a\u0441\u043e\u0432) \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0448\u0430\u0431\u043b\u043e\u043d\u0430\u043c\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0438 \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u044f\u0432\u043d\u043e \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u0434\u043b\u044f \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 Manticore:\n\nCODE_BLOCK_4\n\n\u0414\u043b\u044f \u0432\u0435\u0440\u0441\u0438\u0439 9.0 \u0438 9.1 Logstash \u0442\u0440\u0435\u0431\u0443\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0435 \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u0443\u044e \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u0434 \u0437\u0430\u043f\u0443\u0441\u043a\u043e\u043c:\n\nCODE_BLOCK_5\n\n### \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u0434\u043b\u044f Logstash 9.2+\n\n\u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 9.2, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0447\u0435\u0440\u0435\u0437 \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u044f. \u042d\u0442\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u043e\u0435 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u0435 \u0440\u0435\u0448\u0435\u043d\u0438\u0435.\n\n\u0424\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, `logstash.conf`):\nCODE_BLOCK_6\n\n\u0421\u043e\u0437\u0434\u0430\u0439\u0442\u0435 `/etc/logstash/logstash.yml`:\nCODE_BLOCK_7\n\n\u0417\u0430\u043f\u0443\u0441\u043a \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e:\nCODE_BLOCK_8\n\n## \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u0440\u0430\u0431\u043e\u0442\u044b Logstash\n\n\u041f\u043e\u0441\u043b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u043a\u0430\u043a \u043e\u043f\u0438\u0441\u0430\u043d\u043e \u0432\u044b\u0448\u0435, \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c Logstash, \u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u0436\u0443\u0440\u043d\u0430\u043b\u0430 dpkg \u0431\u0443\u0434\u0443\u0442 \u043f\u0435\u0440\u0435\u0434\u0430\u043d\u044b \u0432 Manticore \u0438 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u043f\u0440\u043e\u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u044b.\n\n\u0412\u043e\u0442 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0438\u0440\u0443\u044e\u0449\u0430\u044f \u0441\u0445\u0435\u043c\u0430 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0442\u0430\u0431\u043b\u0438\u0446\u044b \u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u0432\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430:\n\nCODE_BLOCK_9\n\nCODE_BLOCK_10\n\n"
    24. 

  24.         },
    25. 

  25.         "is_code_or_comment": false,
    26. 

  26.         "model": "deepseek/deepseek-v3.2",
    27. 

  27.         "updated_at": 1770287267
    28. 

  28.     }
    29. 

  29. }
    30.