1. download the plugin of elasticsearch:
下载 readonlyrest-1.14.0_es5.2.2.zip
2. install readonlyrest plugin:
C:\Users\Administrator\Downloads\elasticsearch-5.2.2\bin\elasticsearch-plugin.bat install file:///d:/readonlyrest-1.14.0_es5.2.2.zip
3. open elasticsearch.yml add blow code:
readonlyrest:
enable: true
response_if_req_forbidden: Sorry, your request is forbidden.
access_control_rules:
- name: Full access with HTTP auth
auth_key: admin:123456 #user: admin, password:123456
type: allow
4. restart elasticsearch service.
5. done;
logstash配置:
input {
file {
path => "D:/logstash-5.2.2/bin/testdata.txt"
start_position => "beginning"
sincedb_path => "D:/logstash-5.2.2/bin/sincedb"
codec => json {
charset => "UTF-8"
}
}
}
filter {
json{
source => "message"
}
mutate
{
remove_field => [ "message","path","@version","@timestamp","host","_id","value"]
}
}
output {
elasticsearch {
action => "index"
hosts => ["http://localhost:9100/"]
user => "admin"
password => ""
index => "testdb"
document_type => "user"
workers =>
}
#stdout {
#codec => rubydebug
#codec => json_lines
#}
}